Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
186 results
Sorted by:
07-18-2019
11:16 AM
Does anyone know of a good way to pull one event of a specific eventcode/type when searching for multiple eventcodes?
It doesn't appear that event sampling can do something like that.
I was h...
a month ago
...nd most importantly a column with a sample event from each sourcetype.
I want it to be something like the attached table:
Can someone please help me with the search that provides me with s...
Show results in replies (5)
-
Hi @muradgh , please try this: index=* | stats count first(_row) AS sample_event BY h...
-
...otal last(_row) AS sample_event BY host sourcetype | appendpipe [ | stats sum(count) AS total BY h...
-
Hi @gcusello Unfortunately, this search did not provide me with what I wanted, check ...
-
Just with a small correction index=* |stats count first(_raw) ….. rest is same. I think auto...
-
Hi @gcusello Thank you for your help. 👍 👍
02-25-2016
07:15 AM
8 Karma
I've been studying and creating several pieces of code to take advantage of the wonders of the HTTP Event Collector and noticed noone published a PowerShell sample, then since I created one I d...
03-20-2017
11:52 AM
I've been through this thread: https://answers.splunk.com/answers/295142/line-breaker-in-single-line-printed-json-doc.html
without any success.
I have JSON data coming in as 1 event, and I n...
03-18-2020
07:17 PM
If telephone number is present in both Index 1 and Index 2 display the associated device name from the event in index 2 and then display resolution code from index 2. If anyone could point me in t...
Labels
- Labels:
-
table
Friday
I am using a HEC and configured a custom source type that sets _time based on a field in the JSON data and when using the "add data" sample data, it works great. _time gets updated, however, w...
Labels
- Labels:
-
HTTP Event Collector
-
JSON
Show results in replies (6)
-
While I am confident you are right, I do not know what " You can simply supply it with your event...
-
...t's easier for the inder/HF to not have to parse the timestamp out of the raw event. You can simply s...
-
...lso try another tool like nc to send the test event just to rule out that it's not curl related. Hope t...
-
If you do a REST API request to HEC /collector (or /collector/event) endpoint, you're providing a...
-
...oming in, ya? So does that mean if we alter our JSON: "event":{ "resourceId": "enum:172.17...
-
So the dual flags issue wasn't the issue, but I did find (from the article you linked!) that I need...
03-12-2015
09:07 AM
Hi all,
I'm searching for a way to treat different events as one. Example: If I'm getting events like this where every field-value pair is in one event, it's easy to deal with it:
event...
08-09-2016
06:12 AM
From my understanding, the event sampling works on a ratio basis, so we can have a 1:10 chance of selecting an event. I'd like to integrate this into some dashboards since it takes so long for them t...
05-13-2022
01:16 PM
Hello all,
Is there a way to sample resulting events from a transaction?
Thanks!
Labels
- Labels:
-
transaction
06-15-2016
06:59 AM
1 Karma
The documentation describes how to set the sampling ratio in the Search app and dashboards, but not when using the REST API.
Is sampling possible using the REST API?
