Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How do I add an eventtype to my search
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How do I add an eventtype to my search
vrmandadi
Builder
08-24-2015
08:56 AM
How do I add an eventtype to a search?
index=rgs_windows sourcetype=process_details instance != "Idle" instance !="_Total" NOT instance="svchost*" NOT Username = "NT_AUTHORITY*" Username != "SYSTEM" | rex field=instance "(?<instance>[^#]+e)" | rex field=instance "(?<t;instance>[^~]+)" | lookup host_info.csv host OUTPUTNEW ip |stats latest(ElapsedHours) AS "ElapsedHours", avg(AdjustedPercentCPU) AS "Average CPU %" ,latest(instance) AS Process by ip,host |rename ip as IP |table host, IP ,Process, ElapsedHours, "Average CPU %",
I want to add the eventtype below to the search above:
eventtype="windows_performance" ip="*" site_description="*" object="NVIDIA GPU" counter="% GPU Usage"| stats sparkline(avg(Value)) as Trend avg(Value) as Average, max(Value) as Peak, latest(Value) as Current, latest(_time) as "Last Updated" by ip
can anyone please help me? thank you
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jensonthottian
Contributor
08-24-2015
10:06 AM
eventtype="windows_performance" with your query.
Add this eventtype in the app you are using.
Go to settings ->Eventypes->new
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
marees123
Path Finder
09-16-2015
05:09 AM
worked for me... actually was searching how to add field "event type".. got an answer from your reply.
Thanks again.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vrmandadi
Builder
08-24-2015
10:49 AM
no the above event type is already a saved event type but i want to use that in the search query
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jensonthottian
Contributor
08-24-2015
11:50 AM
can you confirm what eventtype="windows_performance" corresponds to ? the search query for the eventtype please.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vrmandadi
Builder
08-24-2015
12:47 PM
the event type displays the "gpu usage" field ..I want this field to be displayed along with other fields in search query
Get Updates on the Splunk Community!
Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA
Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...
.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...
If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...
A Season of Skills: New Splunk Courses to Light Up Your Learning Journey
There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...
