Activity Feed
- Karma Re: No regex could be learned. Try providing different examples or restriction. for kristian_kolb. 06-05-2020 12:46 AM
- Karma Re: Unable to initialize modular input for Damien_Dallimor. 06-05-2020 12:46 AM
- Karma Re: Limiting precision/decimal for sdaniels. 06-05-2020 12:46 AM
- Karma Re: Date and Time Extraction from XML for Stephen_Sorkin. 06-05-2020 12:46 AM
- Got Karma for Unable to initialize modular input. 06-05-2020 12:46 AM
- Got Karma for Unable to initialize modular input. 06-05-2020 12:46 AM
- Got Karma for Unable to initialize modular input. 06-05-2020 12:46 AM
- Posted Re: Need help on time prefix on Dashboards & Visualizations. 05-16-2013 01:51 AM
- Posted Re: Need help on time prefix on Dashboards & Visualizations. 05-16-2013 01:51 AM
- Posted Need help on time prefix on Dashboards & Visualizations. 05-16-2013 12:15 AM
- Tagged Need help on time prefix on Dashboards & Visualizations. 05-16-2013 12:15 AM
- Tagged Need help on time prefix on Dashboards & Visualizations. 05-16-2013 12:15 AM
- Tagged Need help on time prefix on Dashboards & Visualizations. 05-16-2013 12:15 AM
- Posted Plot graph using timechart on Splunk Search. 05-14-2013 08:56 AM
- Tagged Plot graph using timechart on Splunk Search. 05-14-2013 08:56 AM
- Tagged Plot graph using timechart on Splunk Search. 05-14-2013 08:56 AM
- Tagged Plot graph using timechart on Splunk Search. 05-14-2013 08:56 AM
- Tagged Plot graph using timechart on Splunk Search. 05-14-2013 08:56 AM
- Posted Re: No regex could be learned. Try providing different examples or restriction. on Splunk Search. 05-02-2013 12:12 AM
- Posted No regex could be learned. Try providing different examples or restriction. on Splunk Search. 05-01-2013 08:47 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 3 |
05-16-2013
07:44 AM
Post a full event. Mask any sensitive data as needed - but please post a full event.
Highlight the timestamp you want/need splunk to understand.
Obviously it does not parse the time properly. There will most likely be DateParserVerbose error messages in the splunkd.log file. Don't know if they will tell you why it didn't work to parse your timestamp, though.
... View more
05-14-2013
10:52 AM
If you could include some metrics you would like, it might be easier to show you specifics. But the general format is:
sourcetype="Traffic" | timechart count by Message span=5m
This will show the count by Message over time.
http://docs.splunk.com/Documentation/Splunk/5.0.2/SearchReference/Timechart
... View more
05-02-2013
07:58 AM
2 Karma
1.4004771683629058/d:latitude
103.8579338813216/d:longitude
Given the data format above, I would choose to do like so;
props.conf
[your_sourcetype]
EXTRACT-lat = >(?<latitude>[^<]+)</d:latitude
EXTRACT-long = >(?<longitude>[^<]+)</d:longitude
/K
... View more
11-10-2013
04:00 AM
3 Karma
I am facing the same issue
" Unable to initialize modular input "testfile" defined inside the app "test1": Introspecting scheme=testfile: script running failed (exited with code 1)."
The modular input is developed using java . any hints on coming out of this problem is greatly appreciated .
... View more
