Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Raw Logs

rahul2gupta
Path Finder
‎09-23-2020 08:43 PM

Hi ,

How do I fetch the raw logs for the source type :wms_oracle_sessions?

Query:

index=main sourcetype=wms_oracle_sessions | bucket span=5m _time | stats count AS sessions by _time,warehouse,machine,program | search warehouse=ew | stats sum(sessions) AS psessions by _time,program | timechart avg(psessions) by program

Thank you very much.

Regards,

Rahul

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎09-24-2020 12:10 AM 
index=main sourcetype=wms_oracle_sessions

gives you the raw logs.

If you want to see the raw logs from the stats in your query, run it in verbose mode and look at the eventsCapture.PNGCapture.PNG

0 Karma
Reply

rahul2gupta
Path Finder
‎09-24-2020 12:23 AM

Hi @ITWhisperer ,

When I run the query,I see No Results found .

Does that mean there is no raw logs?

rahul2gupta_0-1600932126959.png

Regards,

Rahul

 

Tags (1)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎09-24-2020 12:26 AM

Correct - as it suggests, try a different time period

0 Karma
Reply

rahul2gupta
Path Finder
‎09-27-2020 08:40 PM

Hi @ITWhisperer ,

The sourcetype=wms_oracle_sessions take the inputs from two oracle servers Ind1ora01 & Indora02.

Can we some how find , which logs it is taking as a Input.

Regards,

Rahul

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎09-27-2020 11:31 PM

I assume you have forwarders on the oracle servers which as configured to harvest logs and send them to the indexers in splunk. You need to look at the configuration of those to find out which paths they are using to find logs to send.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...