Search

greg · ‎08-07-2014

...o you have to expand the dropdown box manually and check it out there. It is not very convenient to observe a list of similar hosts, sources and sourcetypes instead of actual events, where you see the a...

bohanlon_splunk · ‎09-12-2016

...un a search (e.g. index=hunkexample) 2 = Select a timeslice from the timeline. 3 = Observe that no events are returned (bottom right panel is blank).

electronicsplun · ‎11-20-2018

...eed but I still don't get the live update of the events view (Similar to using the builtin search command). I can't post the original code (for copyright reasons) but I can't make it work even w...

xwill13 · ‎03-31-2023

Hello, I am trying to figure out how to edit props.conf so that it splits my events properly. The events are added to a log file, which looks like this: &n...

kastnern · ‎11-14-2013

...uite a bit of data per event, but we went ahead and made changes with the TRUNCATE = 0 and MAX_EVENTS = 10000 to account for this. With these in place, the preview window still cuts off data in the events...

EmEdwards · ‎06-13-2017

I have a SQL View as my Source, The Preview displays the records correctly. However when saving the New Input there are no results. Are their specific settings in the "Set Parameters" or "M...

Armando · ‎06-24-2020

...onger captures any events. I even tried replacing the original constraint of "(`cim_Network_Traffic_indexes`) tag=network tag=communicate" with "index=*" and I still don't get any events during the preview....

Skins · ‎05-07-2017

...sed the manual file upload method to create a new sourcetype and used the preview window to separate and timestamp my events how i want. Now i'm unclear best practice to deploy these to the i...

splunkLPN · ‎07-17-2018

...on't appear in a search or in a raw export. in a json export : {"preview":false,"result":{"_raw":"{\"tim\":\"2018-07-12 15:23:46\",\"pre\":\"ayisha.adam\",\"fir\":\"Ayisha\",\"las\":\"UDAM\" ......

R15 · ‎05-16-2023

...dentical line 2 which is the column names. After adding HEADER_FIELD_LINE_NUMBER =2 (in props.conf on the forwarder), I'm still getting events with the column names, but now I'm ALSO getting events with j...

Search

Search the Community

How to get back event raw data to the search resul...

Time range picker preview doesn't work on Hunk

Preview generating custom command result

Issue filtering events with regex and props.conf

Data input limit on preview window

DB Connect Input Preview displays data but after s...

Data Model Does Not Show Any Events

where to add my props.conf for new sourcetype - cr...

Why are the JSON event lines missing?

How to get events for .csv headers?