Getting Data In

What is the search query to get the events which are having linebreaking , data parsing, timestamp configuration issue?

Explorer

Hi Folks,

What is the search query to get the events details which are having line breaking, data parsing and timestamp configuration issue?

0 Karma
1 Solution

SplunkTrust
SplunkTrust

Hello there,

try the following search:

index=_internal sourcetype=splunkd source=*splunkd.log (component=AggregatorMiningProcessor OR component=LineBreakingProcessor) (log_level=WARN OR log_level=ERROR)

hope it helps

View solution in original post

0 Karma

SplunkTrust
SplunkTrust

I wrote an application to determine this issue and a variety of other scenarios, it's called Alerts For Splunk Admins .
I have an update or two coming in the next two week but your scenario is likely covered the savedsearches.conf is in github

0 Karma

SplunkTrust
SplunkTrust

Hello there,

try the following search:

index=_internal sourcetype=splunkd source=*splunkd.log (component=AggregatorMiningProcessor OR component=LineBreakingProcessor) (log_level=WARN OR log_level=ERROR)

hope it helps

View solution in original post

0 Karma