Does the length of metadata fields and its value such as time, host, source and sourcetype count against license consumption? For example, the following HEC JSON has a length of 212 characters b...
Hi
need to generate current date like this "20201123" and use as a search filter on metadata.
AFAIK there is no "_time" in metadata so need to generate current date for search filter.
&n...
...he actual server was i.e. web server, DB server etc.).
So my question is:
- Can the hosts in Splunk be tagged with metadata to describe their function?
...earch head, it's all ok, in the second search head the sourcetype oracle lost the metadata host.
This problem has occurred since I updated to version 7.0.2.
I'm trying to restrict the metadata that is available to users of a particular role. The main reason I'm doing this is because I don't want users to be able to see tons of information about d...
Hi,
I have two indizes: dbtrace and dbmsg. The 1st "dbtrace" has trace recs of bags, the 2nd "dbmsg" stores the error msgs with PRIO flag.
A timechart (one line per index) should count the recs f...
Hello, I'm using metadata on hosts to get their first event time etc, are they accurate even on oldest records? | metadata type=hosts By the way where are they stored? Thanks 🙂
I'm trying to join hosts from a .csv file to the results of this metadata search:
|metadata type=hosts | eval time_diff = now() - lastTime
The .csv file will have some hosts that don't exist i...
My question is simple: which characters are allowed for the values of the metadata fields source and sourcetype ?
I could not find any documentation on this.