Hi
I know that splunk automatically creates default fields like host,sourcetype,indexatindextime.And also the splunk provides a option to create any new fields also during indextime.
My r...
...)while DNS logs are only maintained for 1 year ( retention = 1 ).
Everything I have read regarding creating customfieldsatindextime go back to using regex and extracting an existing field i...
Hi at all, I have to create a customfieldatindextime, I did it following the documentation but there's something wrong. The field to read is a parte of the source field 8as you can read in t...
...his being said, other documentation at http://www.splunk.com/base/Splexicon:Transform says:
Transforms are always involved in the
setup of customindex-timefield
extractions.
Can s...
It seems that it is best to createfieldsat search time as opposed to indextime.!?!? I need to make a field named src be copied/renamed to source_ip. We need to do this to simplify our searches a...
...ata and the .tsidx files is made. How are the .tsidx files formed from the event data? When I look at the data models object hierarchy in settings I see the fields that it e...
Hi All,
I want chart to be created in the below way. The x-axis needs to have date and time like that.
the chart i am able to create is .
i tried to do eval strftime to _time but n...
...xtraction imply that new fields will be parsed atindextime on them, because they will be not pre parsed by HFs. Plus, we know that we should create a copy of those file on local folder, to avoid e...
...ickets in a remote system with fields from the alert results. Therefore, in the case of a failure to create a ticket in the remote system, it would be really helpful to know details of the a...