Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
107 results
Sorted by:
04-17-2013
12:11 AM
1 Karma
multikv.conf
[testmultikv]
pre.linecount = 1
header.linecount = 1
header.tokens = _tokenize_, -1, "1"
body.tokens = _tokenize_, 0, "1"
Sample data file:
School|Month|S...
- Tags:
- multikv
- multikv.conf
Show results in replies (4)
-
...my inputs.conf [monitor:///opt/testdata/multikv] disabled = false followTail = 0 host = d...
-
multikv.conf: [testmultikv] header.linecount = 1 header.tokens = _tokenize_, -1, "|" b...
-
...ine(s) before? How does your inputs.conf look like? (Did you use sourcetype=datav1?) What is t...
-
A working configuration for multikv.conf is: [testmultikv] header.linecount = 1 header.tokens...
10-14-2013
01:32 PM
4 Karma
Hello!
I'm trying to create a custom multikv.conf stanza for the first time, and am having trouble getting it working. Here is an example of the events I'm working with:
Object ID V...
- Tags:
- multikv
- multikv.conf
10-27-2013
10:33 AM
...onfig is as follows:
inputs.conf
[script://./bin/customscript.sh]
interval = 600
source = customscript.sh
index = customindex
sourcetype = custominput
disabled = 0
multikv.conf...
- Tags:
- multikv
- multikv.conf
08-03-2011
01:04 AM
Hi Splunkers,
So I'm getting started with multikv extractions, and I've come across this issue. I'm attempting to generate a report (based on the output of Solarwinds) that will graph the a...
01-26-2017
07:12 AM
We have events coming in from stdout, such as the top command, where a single event captures a multi-line structured data output, e.g., this is a single Splunk event:
PID USER PR NI VIRT...
07-06-2015
08:39 AM
Hi,
I'm trying to successfully parse out some fields from unstructured log file.
Below is a snippet:
Tue Jun 16 00:15:27 EDT 2015
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND ...
02-16-2023
11:23 PM
Dears,
I have installed Splunk app for linux & add on in my Splunk enterprise paid license version. Installed splunk forwarder in all hosts & added cpu, vmstat & df in input.conf...
Labels
- Labels:
-
dashboard
05-22-2014
02:46 AM
13 Karma
....conf,limits.conf,
\literals.conf,macros.conf,multikv.conf,outputs.conf,pdf_server.conf,
\procmon-filters.conf,props.conf,pubsub.conf,regmon-filters.conf,restmap.conf,
\savedsearches.conf,s...
05-20-2016
12:19 PM
...Is there something different about the way that multikv keynames are extracted that doesn't work with a subsequent eval? How can I display the value in KB?
Search:
sourcetype="P...
04-15-2015
11:01 AM
2 Karma
If I click through the Data Summary box and select sourcetype = cloudwatch, I receive the following error message from my indexers:
Failed to find a valid configuration for multikv stanza = 'tsv_cloudwatch'
