Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
169 results
Sorted by:
08-25-2016
02:07 PM
1 Karma
I've been using tstats for most of the use cases that metasearch covers, and so I'm interested in what metasearch can do that tstats can't. From my reading of the documentation, it seems that metasearch...
01-07-2019
09:39 AM
I can run |metasearch ((index=IN1 sourcetype=S1) OR (index=IN2 sourcetype=S2)) and it works — no issues.
I can create a macro, say mysrc with definition (index=IN1 sourcetype=S1) OR (index=I...
12-25-2019
06:20 AM
Hi,
I' cant end my search using metasearch when I need to find in index something with space betwen like "Microsoft Update". There is no problem to find there one word aplikaction like b...
- Tags:
- metasearch
- rawdata
Show results in replies (4)
-
@kryzew Have you tried these? |metasearch index=my_index "Microsoft" OR |metasearch...
-
...icrosoft" I can't find field named "Microsoft Update" im metasearch. I use "*Update" don't work too....
-
Hi @kryzew, as I said using metasearch you have only few fields and you cannot use rawdata for t...
-
Hi @kryzew, with | metasearch you can use only few fields (index, sourcetype, source, host), a...
05-16-2018
10:47 AM
I was wondering whether Splunk supports earliest and latest date in Metadata, metasearch, and tstats command?
I tried to check all the sites but couldn't find it.
How to use multiple metadata O...
01-23-2021
05:45 AM
1 Karma
I am monitoring a CSV file and creating a dashboard based on it, the file is modified many times a day, or not for many days at all. The file has not just rows added to it but also removed, plus the...
09-12-2016
09:30 AM
...cannot figure it out. Please help me. This is how far i have come:
| metasearch sourcetype=* host=* | dedup sourcetype, host | "here I would like a tabular output of hosts missing this sourcetype"
05-11-2016
10:56 AM
I'm looking for a way to find out which splunk_server contains data for my index for older versions of Splunk. tstats doesn't work and metadata is lacking for splunk_server.
Any suggestions?
09-15-2020
06:33 AM
im trying to set up an alert that will mail me when one of my indexes hasn't passed any data for the last 3 hours, and make it part of a dashboard does anyone have a search string that will do this ...
01-30-2017
08:06 AM
I need only fields that are extracted during index_time which are added to _meta. How to search for them so that search is faster
02-08-2013
12:24 AM
1 Karma
I'm able to make a metasearch on sources for example, but is it also possible to make one on tags, so I could populate a dropdown with the tags I've defined ?
