...ere, in the context of Splunk timestamprecognition.)
Questions
Are there performance benefits to placing the timestamp at the start of input event data?
(As opposed to placing "time" later in e...
I've heard that using Splunk's default source type detection is flexible, but can be hard on performance. What is the best way to define source types that keeps performance speedy?
I need someone to translate this from the admin manual
attribute: maxHotBuckets
what it configures: The maximum number of hot buckets.
default: 1, for new, custom indexes. However, i...
I'm trying to parse the following json input. I'm getting the data correctly indexed but I am also getting a warning.
WARN DateParserVerbose - Failed to parse timestamp. Defaulting to timestamp o...
If I have a custom sourcetype with fields delimited by , , the first field in the data is what I want to extract as the event time. What should be in the transforms.conf file for the F...
...uggestions).
Data is:
from multiple sources/hosts
produced on a regular basis (anywhere between weekly to hourly)
A sample of the data:
Timestamp: 2019-01-01T01:01:01Z
12.345
30.314
5...