Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

iostat data into splunk and searching

Bryan_Rye
New Member
‎08-26-2013 09:51 AM

Hello. I have my indexers indexing the results of iostat every few minutes. 

       rrqm/s   wrqm/s     r/s     w/s    rMB/s    wMB/s avgrq-sz avgqu-sz   await  svctm

splunk_cold 0.00 0.00 10.16 173.12 0.32 0.68 11.17 0.15 0.77 0.19 splunk_hot 0.00 0.00 0.00 0.01 0.00 0.00 8.00 0.00 4.39 0.09

Is there a way I could run a search-report to display the stats for either Splunk_cold and or Splunk_hot with the data? How do you tell Splunk to recognize this table that comes from a log file?

Thanks

Tags (3)
0 Karma
Reply

landen99
Motivator
‎09-16-2015 08:28 AM

props.conf

[iostat]
KV_MODE = multi
0 Karma
Reply

FritzWittwer_ol
Contributor
‎08-26-2013 10:27 AM

I guess mulitkv is your friend, see http://docs.splunk.com/Documentation/Splunk/5.0.4/SearchReference/Multikv

You could also try to install the *NIX app, it has lots of such searches implemented.

Reply
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...