https://community.splunk.com/t5/Splunk-Search/Raw-Logs/m-p/521673#M147012 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/225168">@ITWhisperer</a>&nbsp;,</P><P>The sourcetype=wms_oracle_sessions take the inputs from two oracle servers Ind1ora01 &amp; Indora02.</P><P>Can we some how find , which logs it is taking as a Input.</P><P>Regards,</P><P>Rahul</P> Mon, 28 Sep 2020 03:40:06 GMT rahul2gupta 2020-09-28T03:40:06Z https://community.splunk.com/t5/Splunk-Search/Raw-Logs/m-p/521185#M146839 <P>Hi ,</P><P>How do I fetch the raw logs for the source type :wms_oracle_sessions?</P><P><STRONG>Query:</STRONG></P><P>index=main <STRONG>sourcetype=wms_oracle_sessions</STRONG> | bucket span=5m _time | stats count AS sessions by _time,warehouse,machine,program | search warehouse=ew | stats sum(sessions) AS psessions by _time,program | timechart avg(psessions) by program</P><P>Thank you very much.</P><P>Regards,</P><P>Rahul</P> Thu, 24 Sep 2020 03:43:58 GMT https://community.splunk.com/t5/Splunk-Search/Raw-Logs/m-p/521185#M146839 rahul2gupta 2020-09-24T03:43:58Z https://community.splunk.com/t5/Splunk-Search/Raw-Logs/m-p/521210#M146847 <LI-CODE lang="markup">index=main sourcetype=wms_oracle_sessions</LI-CODE><P>gives you the raw logs.</P><P>If you want to see the raw logs from the stats in your query, run it in verbose mode and look at the events<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture.PNG" style="width: 212px;"><img src="https://community.splunk.com/t5/image/serverpage/image-id/10961i6AA45E686403AC7E/image-size/large?v=v2&amp;px=999" role="button" title="Capture.PNG" alt="Capture.PNG" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture.PNG" style="width: 236px;"><img src="https://community.splunk.com/t5/image/serverpage/image-id/10962i7B19DDC23294B6C3/image-size/large?v=v2&amp;px=999" role="button" title="Capture.PNG" alt="Capture.PNG" /></span></P> Thu, 24 Sep 2020 07:10:36 GMT https://community.splunk.com/t5/Splunk-Search/Raw-Logs/m-p/521210#M146847 ITWhisperer 2020-09-24T07:10:36Z https://community.splunk.com/t5/Splunk-Search/Raw-Logs/m-p/521214#M146850 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/225168">@ITWhisperer</a>&nbsp;,</P><P>When I run the query,I see No Results found .</P><P>Does that mean there is no raw logs?</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="rahul2gupta_0-1600932126959.png" style="width: 400px;"><img src="https://community.splunk.com/t5/image/serverpage/image-id/10963iF8FACE86CA21D969/image-size/medium?v=v2&amp;px=400" role="button" title="rahul2gupta_0-1600932126959.png" alt="rahul2gupta_0-1600932126959.png" /></span></P><P>Regards,</P><P>Rahul</P><P>&nbsp;</P> Thu, 24 Sep 2020 07:23:19 GMT https://community.splunk.com/t5/Splunk-Search/Raw-Logs/m-p/521214#M146850 rahul2gupta 2020-09-24T07:23:19Z https://community.splunk.com/t5/Splunk-Search/Raw-Logs/m-p/521216#M146852 <P>Correct - as it suggests, try a different time period</P> Thu, 24 Sep 2020 07:26:32 GMT https://community.splunk.com/t5/Splunk-Search/Raw-Logs/m-p/521216#M146852 ITWhisperer 2020-09-24T07:26:32Z https://community.splunk.com/t5/Splunk-Search/Raw-Logs/m-p/521673#M147012 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/225168">@ITWhisperer</a>&nbsp;,</P><P>The sourcetype=wms_oracle_sessions take the inputs from two oracle servers Ind1ora01 &amp; Indora02.</P><P>Can we some how find , which logs it is taking as a Input.</P><P>Regards,</P><P>Rahul</P> Mon, 28 Sep 2020 03:40:06 GMT https://community.splunk.com/t5/Splunk-Search/Raw-Logs/m-p/521673#M147012 rahul2gupta 2020-09-28T03:40:06Z https://community.splunk.com/t5/Splunk-Search/Raw-Logs/m-p/521692#M147015 <P>I assume you have forwarders on the oracle servers which as configured to harvest logs and send them to the indexers in splunk. You need to look at the configuration of those to find out which paths they are using to find logs to send.</P> Mon, 28 Sep 2020 06:31:33 GMT https://community.splunk.com/t5/Splunk-Search/Raw-Logs/m-p/521692#M147015 ITWhisperer 2020-09-28T06:31:33Z