Given this search: | walklex index=web prefix=host what is the value contained in 'source'? source = web~22~F3E2588C-834C-4B2A-B12B-3845A69B5304 I thought this might be a bucket id but it d...
Hello splunkers,
I'm trying to visualize one of my .tsidx file with the splunk "walklex" command, in order to see my segmentation improvements. Here is my code (Windows command line)
set S...
When I use walklex on my indexes, it doesn't appear to be following the time specifications very well. Does anybody know what is/might be happening here? Command: | walklex index=indexName type=f...
Why does Walklex return spaces before some of the field names, but fieldsummary does not? When I see this without field extractions causing spaces in the field names, it usually looks l...
Hello Team, Everyone has probably seen this error. Error in 'TsidxStats': _time aggregations are not yet supported except for count/min/max/range/earliest/latest I try to understand stats co...
any ideas on TERM and PREFIX limitations with double dashes? cat /tmp/test.txt
abc//xyz
abc::xyz
abc==xyz
abc@@xyz
abc..xyz
abc--xyz
abc$$xyz
abc##xyz
abc%%xyz
abc\\xyz
abc__xyz sea...
I've added an index time field extraction which overlaps with a delimiter based search time extraction. i think i've got the settings right, but i can't use the fact that the field is available from...
Greetings, I have a search that list every index and what sourcetypes are contained within it. |tstats values(sourcetype) where index=* by index What I like about it is that I can see each ind...
I have a Storm project and I want to clean all and reindex only the last days, and some specific files.
I have Splunk Universal forwarders monitoring my files for now.
I suppose that this is sim...
Hi all,
I have few queries to be modified using tstats: I am new to splunk, please let me know whether these queries can be converted into tstats. Query1: index=abc "NEW" "/resourc...