Hi, I am trying to install "SplunkMetricsWorkspace" for Splunk Cloud following docs.splunk.com/Documentation/SMW/1.0.1/Use/Install#Install_the_Splunk_Metrics_Workspace_on_Splunk_Cloud. However I c...
...0000 | stats count by host
This returns statistics results, but does not trigger an alert.
I've found the alert creation functionality intheMetricsWorkspace to be somewhat limiting, and w...
How do we move towards themetrics usage? Will it replace the conventional log file ingestion? How does it work for an existing standard implementation? Will it replace the existing log file collection?
Hi all, I'm using the (excellent) TrackMe app which uses a MetricsIndex. Theindex has been created on a Indexer Cluster and I've verified that it is actually there ( /opt/splunk/bin/splunk list in...
We have a cloud foundry set up and wants to forward the logs to splunk as syslog drain. The TCP/UDP input method is not ideal since the restart of theindex will cause loss of data.
Moreover, the...
...lause cannot filter by metric_name. metric_name filtering is performed based on themetric_name fields specified by the <stats-metric-term> argument.
but theMetrics documentation does the o...
Hello all, How to add another column from the same index with stats function? | makeresults count=1 | addinfo | eval days=mvrange(info_min_time, info_max_time, "1d") | mvexpand days | eval _...
Not working SEDCMD in my props.conf /opt/splunk/etc/system/local/props.conf [ActiveDirectory] SEDCMD-mask_ms_pwd = s/(ms-Mcs-AdmPwd\s*=)\s*.*/ms-Mcs-AdmPwd=*******/ &n...
...onfession: I dip in and out of Splunk every so often. I've read about metrics and theMetricsWorkspace, but not yet used them. So far, I've only used events with SPL and Simple XML to develop dashboards.