...hat a single source type hasn't been updated in over a week.
When I check the source type, I do see logs being ingested, updates happening as expected, etc..
Any ideas why the metadata isn't s...
The manual entry for the metadata command says "...in environments with large numbers of values per category, the data might not be complete. This is intentional and allows the metadata command to o...
Is it possible to set Splunk's timezone for each user based on their metadata in their SSO profile they use to log into Splunk? I'm pretty sure I can automate this information on the SSO side in a...
...elong to their country using roles. I would like each user to see on the default dashboard the hosts which they have access to the last reported date and the tag.
I use the following query "| metadata...
We've got over 50 sourcetypes, however, when I run the command below, I only see syslog under the sourcetype column.
| metadata type=sourcetypes | sort - totalCount
Does anyone have an explanation?
When running | metadata index=myindex type=sources , I see 301785788 for my totalCount for one of my sources (let's call it source1 ).
When running index=myindex source=source1 | stats c...
I am trying to create a utility using the metadata command that will allow me to see what sourcetypes exist by index. I have started with a command that returns all the sourcetypes for an index i e...
Dear all, I'm trying to retrieve some log metadata and associate them to all my events. Exemple: When my application starts, I'll get a few lines with what I'm calling metadata here (v...