Hello,
I'm really a newbie with Splunk and just started to use it.
First, can someone recommend me good tutorials about Splunk?
And second, we have Splunk logging our whole infrastructure (jobs failing, crons, daemons, API calls etc...). I already set up a dashboard to monitor everything. But now I would like to be able to get the whole output of a "pod".
For example:
I would like to get the same output as when I click on `Event Actions > Show Source` but only for the pod:
`cron-prod-campaignactivator-1612980360-49zss`.
How would look like my query?
Thank you in advance,
Jeremy
your query would be
index=eks sourcetype=fluent pod=cron-prod-campaignactivator-1612980360-49zss
| table _raw
Is that what you want to see?
As far as Splunk tutorials go, have a look at Splunk fundamentals 1 free course
https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html
Hi Bowesmana!
when I try to run this query, I sadly don't get any results, should I run it in a different place?
Your original post, and my reply show the index value as eks. Looks like you have a typo, as you have put
index=ek