...m basing my analysis on the following topic: Getmetricsinfromothersources. I've managed to create a search that converts my event data into the format that is required by the metrics_csv sourc...
I am taking events from three source types (same index; two common fields present across all three) and creating a table with the results. The events are indexed using a "timestamps" field that is p...
...ome of the dimenstions from the source field.
According to the docs something like that is possible for nearly all other methods of importing metrics, but not for CSV files.
Is there any way I c...
...bove situation only with UFs internal logs, we simple cannot query for the source and check its earliest coz we dont have access to indexers containing actual logs. I checked with metrics.log but it w...
...econd part of some other record beginning from some arbitrary location and then concatenates them together. Splunk then indexes this new record but it is throwing our metrics off.
We first came a...
...Running aggregate metricsources (like my example above - total power consumed in an hour) become very challenging with current, duplicate metric logic
Clustered environments raise the risk of get...
Looking to measure heavy sources and track how much is getting indexed per day by source. the main problem is our Splunk admin team cannot give us access to the _internal index, so i cannot run t...
...crease in logs that came in the day of and after that the logging levels dropped to almost none with only the UF metricsgetting indexed but no other logs.
• Host OS: Red Hat Linux 7.3
• Syslog s...
...hem) or from IT security "how can I see all the sources of data that we are monitoring and where they are being monitored for the whole environment, so we can make sure we are covered".
I have n...
I have my inputs.conf setup like so:
[monitor:///var/log/java]
disabled = 0
index = myindex
sourcetype = metrics_csv
whitelist = metrics.*.csv
CRCSALT = <SOURCE>
But even though each f...