...o you have to expand the dropdown box manually and check it out there. It is not very convenient to observe a list of similar hosts, sources and sourcetypes instead of actual events, where you see the a...
...un a search (e.g. index=hunkexample)
2 = Select a timeslice from the timeline.
3 = Observe that no events are returned (bottom right panel is blank).
...eed but I still don't get the live update of the events view (Similar to using the builtin search command).
I can't post the original code (for copyright reasons) but I can't make it work even w...
Hello, I am trying to figure out how to edit props.conf so that it splits my events properly. The events are added to a log file, which looks like this: &n...
...uite a bit of data per event, but we went ahead and made changes with the TRUNCATE = 0 and MAX_EVENTS = 10000 to account for this. With these in place, the preview window still cuts off data in the events...
...onger captures any events. I even tried replacing the original constraint of "(`cim_Network_Traffic_indexes`) tag=network tag=communicate" with "index=*" and I still don't get any events during the preview....
...on't appear in a search or in a raw export.
in a json export :
{"preview":false,"result":{"_raw":"{\"tim\":\"2018-07-12 15:23:46\",\"pre\":\"ayisha.adam\",\"fir\":\"Ayisha\",\"las\":\"UDAM\" ......
...sed the manual file upload method to create a new sourcetype and used the preview window to separate and timestamp my events how i want.
Now i'm unclear best practice to deploy these to the i...