I am looking to alias several field names from multiple sources/hosts with an alias of 'Username'.
When looking in thefield alias section of splunk manager, there is the option to alias by S...
I have a number of hosts that have a certain tag on them (let's say "sensitive"). I want to look for account lockout events involving these hosts. Normally this would be simple, just using a query l...
...pp_dev]
REPORT-app_dev = app_dev
I am able to use actual tags to accomplish this, but was hoping to "tag" logs with a field extraction so that my field could be called "environment" and the v...
...elps me lists out my requirements nicely in the following image. (Note that in the image, the log is set to output every 5 minutes only, hence the null values in the image below)
index=* host...
...I don't know which of these practices cause tagging scalability problems:
a large amount of distinct tags themselves
a large amount of different field values being tagged
or tagging fields t...
...onfiguration I've put in doesn't appear to be working, though no errors are returned. Setup (made generic): A tag is configured on 'host' to be one of the following: app_prod_njw, app_prod_bel, a...
I'd like to setup a tag that is restrictive (AND) in its query rather than inclusive (OR). For example, if you specify a tag with many field value pairs like this:
index=foobar
host=10.17.41.1
host...
Hi Splunkers,
I have this search host=slc-p-cv01 sourcetype=csv that returns what I expect.
I am trying to make a tag called cv that contains this search.
So I create a tag, in the "Field...
...est_ip_db_name AS "Database Host \ Database Name" count AS "Number Of Events" This works. When I move it to the dashboard I get the "Unexpected close tag". This is the query in the dashboard....
...rom working? (This does not work even when I take our the rename and thefield also reports as blank in the search results)
index="os" tag::host=*Jets* | rename tag::host as environment | multikv field...