...pload_data_new
sourcetype = mysource_new
when I am going to search for my data :
index="upload_data_new" , I am seeing 0 events ..please suggest me how to resolve this problem.
Please help !!
T...
Dears, Need assistance with a Splunk query to retrieve data from two sources: source X and source Y. I want to match records where child_file_id in source Y matches file_id in source X and retrieve...
...he base transaction I'm looking for.
The first index also has a field called ip. What I want to do is use this field to retrieve the eventsfrom the third index into the first transaction (u...
...1/05/2017 EE Epsilon Edition
Now, we see that the value for the key EE changes twice.
For events coming from an index, I have _time and a field called 'Name'.
Like this.
index=event...
...irst step would be to get data from both indexes in the final list of events (or at least from the back_index as this is from there that I will get the details I want).
And I can't figure why I c...
...onfig.splunkconfig.get("user"),
password=config.splunkconfig.get("password"))
# Get the collection of indexesindexes = service.indexes
# List the indexes and their event counts
for index in indexes...
...hat, I can retrieve data if I specify index=*, though this is not exactly what I want. If I change the search to specify (index=winevents OR index=perfmon) in place of the eventtypes parameters, it p...
Hi,
I'm using summary index, but I am not sure if I'm doing it right.
I have several searches that save data into my summary index. Some of them are saving statistical data, ie. how many events f...