Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: How do I add an eventtype to my search
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How do I add an eventtype to my search
vrmandadi
Builder
08-24-2015
08:56 AM
How do I add an eventtype to a search?
index=rgs_windows sourcetype=process_details instance != "Idle" instance !="_Total" NOT instance="svchost*" NOT Username = "NT_AUTHORITY*" Username != "SYSTEM" | rex field=instance "(?<instance>[^#]+e)" | rex field=instance "(?<t;instance>[^~]+)" | lookup host_info.csv host OUTPUTNEW ip |stats latest(ElapsedHours) AS "ElapsedHours", avg(AdjustedPercentCPU) AS "Average CPU %" ,latest(instance) AS Process by ip,host |rename ip as IP |table host, IP ,Process, ElapsedHours, "Average CPU %",
I want to add the eventtype below to the search above:
eventtype="windows_performance" ip="*" site_description="*" object="NVIDIA GPU" counter="% GPU Usage"| stats sparkline(avg(Value)) as Trend avg(Value) as Average, max(Value) as Peak, latest(Value) as Current, latest(_time) as "Last Updated" by ip
can anyone please help me? thank you
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jensonthottian
Contributor
08-24-2015
10:06 AM
eventtype="windows_performance" with your query.
Add this eventtype in the app you are using.
Go to settings ->Eventypes->new
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
marees123
Path Finder
09-16-2015
05:09 AM
worked for me... actually was searching how to add field "event type".. got an answer from your reply.
Thanks again.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vrmandadi
Builder
08-24-2015
10:49 AM
no the above event type is already a saved event type but i want to use that in the search query
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jensonthottian
Contributor
08-24-2015
11:50 AM
can you confirm what eventtype="windows_performance" corresponds to ? the search query for the eventtype please.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vrmandadi
Builder
08-24-2015
12:47 PM
the event type displays the "gpu usage" field ..I want this field to be displayed along with other fields in search query
Get Updates on the Splunk Community!
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
The Transformative Power of AI and ML in Enhancing Observability
In the realm of IT operations, the ...
.conf24 | Registration Open!
Hello, hello! I come bearing good news: Registration for .conf24 is now open!
conf is Splunk’s rad annual ...
ICYMI - Check out the latest releases of Splunk Edge Processor
Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.
HEC Receiver authorization ...
