Events were being split improperly when indexed:
One event:
2014-04-14T11:34:59-07:00 Database="<Database>" Active="Active" MasterType="Server" Status="Mounted" PublicFolderDatabase="&l...
How often do scripted inputs execute? I want to implement some of these for exchange, but concerned that they will continually execute and cause performance impact. Scripted inputs [s...
Imagine, if you will, table view lookup that has been setup to pull the Host name, the environment (Dev/Test/Prod) and the Server type (Database, Web App, SSO, etc...) and the application the s...
...vents{}.tags.A" | inputcsv append=t Map.csv | stats D as D by C | table "events{}.tags.A" "events{}.tags.B" "events{}.tags.C" "events{}.tags.D" _time | collect index=_xyz_summary marker="s...
...ecure | cron | messages
Hope this makes sense there are multiple subdirectories, the end goal is to monitor secure, cron, and messages
I wrote this stanza within inputs.conf and the configuration d...
Hi, My dashboard has 2 inputs, i.e dropdown , time picker. I have a requirement where I need to provide both inputs then only my panels should appear. I tried the same ( below dashboard c...
Hey all, I'm building new dashboard that contains 2 multiselect values: Site: USA, Romania, Turkey.... (only countries) Campus: USA1,USA2,Romania1,Romania2.... (contains the country's name and num...
Hi, I just installed a index cluster and i already know that i shoud place Apps to $SPLUNK_HOME/etc/master-apps/ directoty at my manager node to distribute it accross all indexers but i have 2 q...
Hello, Need an urgent help. I am using REST API Modular input and the problem is i am not able to set the parameter for event breaking, below is the sample log. { "User" : [ { "record_id" : "2...