I've tried a number of ways, and I don't seem to be able to use tscollect effectively while maintaining a _time component.
Here is my tscollect:
... | bucket _time span=1d | stats [many d...
We have a dashboard that I would like to use tstats to generate the data, and run a search ever 2 minutes using tscollect.
The problem I have discovered is that since each search head in the p...
Hi at all,
I'm using the BlueCoat App: this App uses tscollect to accelerate searches.
My problem is that I haven't a continuous stream of logs from BlueCoat, but the logs are loaded into a d...
Is it possible to restrict the results of a tscollect to specific roles? like how indexes can be restricted to certain roles?
I have tried using "Restrict search terms" in the roles setting but i...
Hello all,
I'm trying to migrate from tscollect to data model acceleration, and running into a challenge. I'm looking at Splunk search logs, and want to find the sum(total_run_time) groupby s...
Hi at all,
I have an Indexer Cluster where each Indexer is accessed by users as a stand alone server, in other words there aren't Search Heads.
Now I accelerated some data using txidx file (tscollect...
What's the difference between tscollect and collect? Is there any benefit to using tstats/tscollect or summary indexing over accelerated reporting? Also, what scenario is summary indexing better s...
I can't seem to find information in the documentation as to where I can locate the generated tsidx files from my tscollect run are written to when I specify a namespace.
...ew files, then append resulting search data to file.
• Run tscollect daily on data that is already not indexed in a .tsidx to collect a relevant subset of data from raw, then process it in a b...
I’m having an issue with the tstats command not producing any results when calling a namespace post tscollect.
For example, I have a search where I pipe the results to a namespace
… | tscollect...