Solved: sed cmd and indexing volume count

cafissimo · ‎09-23-2010

Hello, I would like to know something about SEDCMD command. If I eliminate a portion of my record, what does it count for license? The original event or only the portion of the event that I am keeping?

Here is an example of my sedcmd command

[source::.../accounts.log]
SEDCMD-foobar = s/foobar//g

Thanks in advance and kind regards.

Luca Caldiero

gkanapathy · ‎09-23-2010

Only the indexed portion will count for license, i.e., any content that you delete using SEDCMD will not be counted.

View solution in original post

gkanapathy · ‎09-23-2010

Only the indexed portion will count for license, i.e., any content that you delete using SEDCMD will not be counted.

View solution in original post

sed cmd and indexing volume count

Best of Community @.conf20 Humans That Splunk: Meet Abhishek... Humans That Splunk: Meet Guiseppe... Visit our Community Blog >

Best of Community @.conf20
Humans That Splunk: Meet Abhishek...
Humans That Splunk: Meet Guiseppe...

Visit our Community Blog >