I am looking for a good way to show the number of host that are sending log files to splunk over time
I can use timechart but how do I count uniq host names and from what index. I tried _...
Hi Team,
My search query return 100+ events out of which 60 events belong to host1 and remaining 40 events belong to host2 . Now i want to list only unique events based on Config_Name column....
...tem4,item5 |uniq |sort item3
In the CLI, I've tried it a couple of different ways, and the closest I've gotten to a working search is:
index=name searchterm NOT otherterm |erex message e...
I have two log line with the same information. How can I do search so that it displays just one log??
For e.g.
2011-11-04 10:20:48,476 [WARN ] RemoteIpAddress: X.X.X.X; SessionId: XXX; exceptio...
Apologies, I am quite new to Splunk so not sure if this is possible, I have the following simple query: | inputlookup appJobLogs
| where match(MessageText, "(?i)general error")
|...
...ake sure I am doing things correctly I copied the uniq.py and called it test.py and modified the commands.conf all in the $SPLUNK_HOME/etc/apps/search folder.
After restarting splunk I can see the s...
I have a splunk log entry that contains XML. I need to extract all the unique values for Customer City, and show them, such as what I would do in Unix with sort|uniq.
Is this possible in s...
I am setting up a specific forwarder to monitor a log file that generates logs for multiple cases, but I only care about one, so I decided to filter the logs when they reach the server by utilizing t...