Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

iostat data into splunk and searching

Bryan_Rye
New Member
‎08-26-2013 09:51 AM

Hello. I have my indexers indexing the results of iostat every few minutes. 

       rrqm/s   wrqm/s     r/s     w/s    rMB/s    wMB/s avgrq-sz avgqu-sz   await  svctm

splunk_cold 0.00 0.00 10.16 173.12 0.32 0.68 11.17 0.15 0.77 0.19 splunk_hot 0.00 0.00 0.00 0.01 0.00 0.00 8.00 0.00 4.39 0.09

Is there a way I could run a search-report to display the stats for either Splunk_cold and or Splunk_hot with the data? How do you tell Splunk to recognize this table that comes from a log file?

Thanks

Tags (3)
0 Karma
Reply

landen99
Motivator
‎09-16-2015 08:28 AM

props.conf

[iostat]
KV_MODE = multi
0 Karma
Reply

FritzWittwer_ol
Contributor
‎08-26-2013 10:27 AM

I guess mulitkv is your friend, see http://docs.splunk.com/Documentation/Splunk/5.0.4/SearchReference/Multikv

You could also try to install the *NIX app, it has lots of such searches implemented.

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...