Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why can't I see the group tcpin_connections?

albinortiz
Engager
‎07-31-2018 08:09 AM

I am trying to leverage the information on the metrics.log file.
I am using this: index=_internal source=metrics.log group=tcpin_connections
This was working before and for some reason unknown it is not any more (nobody knows what happened).
I created a | table groups so I could see all the groups in the file and I could not see tcpin*.
I go to the log file and I actually see tcpin*
Any ideas on what's going on?

Tags (1)
0 Karma
Reply

nikhilteja
New Member
‎10-08-2024 10:18 PM

index=_internal source=metrics.log* group=tcpin_connections hostname=<the UF or the server you're checking> should work

0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...