Re: source selection

splunkpoornima · ‎12-06-2012

Hi all,

i have an doubt please clarify me ..

in the search panel ..is it possible to give two source and get the output

thanks

DaveSavage · ‎12-06-2012

Yes you can splunkpoornima e.g. sourcetype="HiqLogEndPoints" OR sourcetype="HiqLogAlert"
It may be more elegant to create an eventtype
Br
D

DaveSavage · ‎12-06-2012

I don't see why this isn't possible...as in all things some are a little more difficult 😉
If you try a search using both sources | eval something-you-want-to-trend-optionally | timechart min(field) or whatever your criteria is...then I figure all that remains is to identify the difference...similar to using a tag between the field from choice A (Dec-4-2012) and choice B (DEC-5-2012). Is that what you are trying to achieve?

splunkpoornima · ‎12-06-2012

THANKS..

but i created two dropdown in which ..in first dropdown i seleted the one taskmanager file of the day Dec-4-2012..in anothere dropdown i selected the another Taskmanager file of the day DEC-5-2012..

so i need is after i selected the two file i want timechart shows the trend for two log files..in one timechart

is it possible ????

source selection

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!

Join the Conversation