Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
105 results
Sorted by:
04-17-2013
12:11 AM
1 Karma
multikv.conf
[testmultikv]
pre.linecount = 1
header.linecount = 1
header.tokens = _tokenize_, -1, "1"
body.tokens = _tokenize_, 0, "1"
Sample data file:
School|Month|S...
- Tags:
- multikv
- multikv.conf
Show results in replies (4)
-
...my inputs.conf [monitor:///opt/testdata/multikv] disabled = false followTail = 0 host = d...
-
multikv.conf: [testmultikv] header.linecount = 1 header.tokens = _tokenize_, -1, "|" b...
-
...ine(s) before? How does your inputs.conf look like? (Did you use sourcetype=datav1?) What is t...
-
A working configuration for multikv.conf is: [testmultikv] header.linecount = 1 header.tokens...
10-14-2013
01:32 PM
4 Karma
Hello!
I'm trying to create a custom multikv.conf stanza for the first time, and am having trouble getting it working. Here is an example of the events I'm working with:
Object ID V...
- Tags:
- multikv
- multikv.conf
10-27-2013
10:33 AM
...onfig is as follows:
inputs.conf
[script://./bin/customscript.sh]
interval = 600
source = customscript.sh
index = customindex
sourcetype = custominput
disabled = 0
multikv.conf...
- Tags:
- multikv
- multikv.conf
01-26-2017
07:12 AM
We have events coming in from stdout, such as the top command, where a single event captures a multi-line structured data output, e.g., this is a single Splunk event:
PID USER PR NI VIRT...
08-03-2011
01:04 AM
Hi Splunkers,
So I'm getting started with multikv extractions, and I've come across this issue. I'm attempting to generate a report (based on the output of Solarwinds) that will graph the a...
03-24-2022
08:44 AM
Hello! I have a dataset that I'd like to add a new field to where I can arbitrarily define the values with manual input without downloading and reuploading the data. I've tried editing the table but...
Labels
- Labels:
-
Other
07-06-2015
08:39 AM
Hi,
I'm trying to successfully parse out some fields from unstructured log file.
Below is a snippet:
Tue Jun 16 00:15:27 EDT 2015
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND ...
05-22-2014
02:46 AM
13 Karma
....conf,limits.conf,
\literals.conf,macros.conf,multikv.conf,outputs.conf,pdf_server.conf,
\procmon-filters.conf,props.conf,pubsub.conf,regmon-filters.conf,restmap.conf,
\savedsearches.conf,s...
05-20-2016
12:19 PM
...Is there something different about the way that multikv keynames are extracted that doesn't work with a subsequent eval? How can I display the value in KB?
Search:
sourcetype="P...
10-01-2021
12:48 AM
I have recently created a field extraction on one search head that I have assigned all apps and users to read and write and was wondering how long is would take for a change done in one search head t...
Labels
- Labels:
-
field extraction
-
kvstore
-
Other
-
permissions
