Solved: Re: Question about Auto incremented values field i...

sieutruc · ‎12-07-2012

Hello,

I have a small question about incremented values field that is used to keep track new events in table.
in my table there is field ID_temp that increases 1 when new event comes, but it'll get back to 0 when it reaches 100. And after that there might be 2 events with the same ID_temp, so does the new one like to be a new event when Splunk sees it ?

Another thing is if i have incremented values field that also inscreases when there is new imcoming event , but sometimes that field keeps not change its value, for ex: 2 events arrive at the same time so the arriving time is the same for both. Are they indexed all by Splunk ?

ziegfried · ‎12-10-2012

Column that are auto-increment and reset the way you described are probably not a viable candidate for the rising column in a database tail input.

View solution in original post

ziegfried · ‎12-10-2012

Column that are auto-increment and reset the way you described are probably not a viable candidate for the rising column in a database tail input.

Question about Auto incremented values field in DB connect app ?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation