...his the best way to do this so that effectively a dashboard like this uses 1 search but then post-processing it takes the existing data based on the query in each relevant panel? Can I optimize this a...
...he individual search is very important.
We've already decided to create a summary index that extracts the auth information from the main LDAP and Active Directory logs and creates a new, reduced d...
Hello,
I am getting these messages , what is the action upon this? The disk space is not even near half,that shouldn't be the cause. Any guidance will be greatly appreciated.
Thanks
Hello,
I know it's easy and straightforward to get ingestion metrics (how much data was ingested) based on sourcetype or index, searching with index=_internal source=*metrics.log
U...
I am utilizing a correlation search to schedule the delivery of application performance metrics against running processes on remote hosts. Whether the host has reported using the winhostmon:process s...
Hi All,
I need to upgrade a searchandindex cluster. Please advise if anything is missing and my understanding is correct.
Process:
Upgrade the master node.
Upgrade the search head tier.(R...
...not present in search2
By joining search 2 type=outer [search 1 ] gives me missing reports which are present in search2 and not present in search1
Is there any way to optimize them i...
I'm looking for current documentation/process for adding additional indexers and moving to dedicated search head.
Our current setup is a search head + indexer and 2 dedicated indexers.
We w...