Splunk Search

Community Activity

suppressing adjacent events with duplicate field values I have a log which often has redundant events, where "redundant" is defined as 2+ events, on subsequent lines, where ... by Justin_Grant Contributor in Splunk Search 01-22-2010 0 2	0	2
Will having lots of extracted fields increase my index size? I need to understand how adding fields to raw data will increase our index size growth. We are in the process of addi... by Mick Splunk Employee in Splunk Search 01-21-2010 2 1	2	1
How do I share all of the field extractions defined in a given app with all other apps? I need to share all of the field extractions in my app with all of the other apps on the system. What is the most ef... by matt Splunk Employee in Splunk Search 01-21-2010 2 5	2	5
What is the format of the Sources.data file? $SPLUNK_HOME/var/lib/splunk/defaultdb/db/Sources.data On a fresh install I see this file has something like this: ... by matt Splunk Employee in Splunk Search 01-21-2010 1 2	1	2
Feature Request: troubleshooting/debugging for field extraction config files [UPDATE: from the answer below, it sounds like what I'm looking for is not supported in the product today. I'm tackin... by Justin_Grant Contributor in Splunk Search 01-20-2010 18 2	18	2
Finalize action for searchscript? I wrote a search operator that takes actions external to splunk. It has to take an action to 'complete' its operatio... by jrodman Splunk Employee in Splunk Search 01-15-2010 2 2	2	2
how to tell if I have multiline events? Because wc -l of the input doesn't match my event count, and I'm trying to troubleshoot. by V_at_Splunk Splunk Employee in Splunk Search 01-14-2010 1 2	1	2