Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to combine all the source types in single search result?

saibal6
Path Finder
‎06-26-2018 06:50 AM

I have almost 19 different indexes, which was already mentioned in my inputs.conf file. But today I got to know that the source type are not same for the same log files which are indexing daily on the real time format. But I had perform the search result always with a single source type and created a email alert notification with it. Due to different source types are available in my log files, so lot of errors are not coming in my search result and i missed those errors.

Can anyone help me out from this problem that how can I combine all source types in a single search result and extract my important fields which will be present in all source types and create a complete search result?
Please mentioned the link also if you have.

Labels (1)
Labels
0 Karma
Reply

renjith_nair
Legend
‎06-26-2018 08:03 AM

Hi @saibal6,

What about 

index=your index  (sourcetype="sourcetypeA" OR sourcetype="sourcetypeB" OR sourcetype="sourcetypeC" OR .....)|fields <your important fields>
Happy Splunking!
Reply

saibal6
Path Finder
‎06-27-2018 02:23 AM

Hi @renjith.nair,

I have already tried with your mentioned search and it's working properly.

But in my case I want to write a dynamic search result only for source types, so that I can easily monitor every source types very easily.

Can you help me on this matter?

0 Karma
Reply

tokio13
Path Finder
‎09-14-2022 07:19 AM

How did you solve this?

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎09-15-2022 06:38 AM

Hi @tokio13 

You're responding to an old thread. Some of the original contributors might not even be using community forums anymore. You'd gain more visibility if you posted a new thread with a description of your problem.

If the partial solutions presented here are relevant to your case you might include a link to this thread for reference.

 

0 Karma
Reply

renjith_nair
Legend
‎06-27-2018 02:34 AM

Hi @saibal6,

You shall try with sourcetype=* as well and also add one of the common fields into the search as your_field=* so that it gets only those events which has this field. Hope this helps and please feel free to vote and accept the answer

Happy Splunking!
0 Karma
Reply

saibal6
Path Finder
‎06-26-2018 11:57 PM

Hi @renjith.nair,

I have already tried with this search result. It's working but my concern is my source types are not static. Data indexing in any source type randomly, so i need a dynamic search result for source type which will get the all source types.

Could you please give me any dynamic search result for different source types?

0 Karma
Reply

jplumsdaine22
Influencer
‎06-26-2018 07:39 AM

Can you post two of your searches?

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...