cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
asdfasdf12321
Explorer
Member since: ‎03-11-2015
‎06-05-2020
Community Statistics
Posts 8
Solutions 0
Karma Given 2
Karma Received 1
Member Since ‎03-11-2015
Activity Feed
View All

Re: Setting tag values through REST API

by in Getting Data In
‎03-19-2015 10:17 AM
‎03-19-2015 10:17 AM
It's also possible to remove tags more globally with something like: curl -u admin:changeme -k https://localhost:8089/servicesNS/admin/<app>/search/tags/<tag-name>; -d "delete" Or the curl equivient of the above answer is: curl -u admin:changeme -k https://localhost:8089/servicesNS/admin/<app>/search/fields/<field-name>/tags -d"value=ValueToTagHere&add=tag1&add=tag2&delete=tag3&delete=tag4" ... View more

Re: Why am I getting "No Results Found" when searc...

by in Splunk Search
‎03-18-2015 11:11 AM
‎03-18-2015 11:11 AM
For the field extraction case, I tried placing the field extractions in a props.conf file for the app and I can now search for tags based on those extracted fields, but I still can't seem to get search with inline extractions. ... View more

Re: Why am I getting "No Results Found" when searc...

by in Splunk Search
‎03-18-2015 09:27 AM
‎03-18-2015 09:27 AM
Also, if your theory were correct, it doesn't explain why field extraction based tagging isn't working as expected either. ... View more

Re: Why am I getting "No Results Found" when searc...

by in Splunk Search
‎03-18-2015 09:08 AM
‎03-18-2015 09:08 AM
Thanks for your answer NOUMSSI, but I don't believe your statement to be true. If I put index=testIndex1 | eval newField=userName+age I get results. The eval is a new field that is the concatenation of the 2 other string fields. For example, "bob57" I could have also used the "." operator for concat(in place of the "+"), but the result is the same. See http://docs.splunk.com/Documentation/Splunk/6.2.2/Search/Usetheevalcommandandfunctions Example #2 is similar to this. ... View more

Re: sourcetype is not listing

by in Getting Data In
‎03-17-2015 01:09 PM
‎03-17-2015 01:09 PM
This is an old one, but worth noting that the WHY for this has been discovered and is covered on another question https://answers.splunk.com/answers/79922/not-all-sourcetypes-showing-on-the-web-drop-down-menu-for-sourcetype.html ... View more

Why am I getting "No Results Found" when searching...

by in Splunk Search
‎03-17-2015 09:51 AM
1 Karma
‎03-17-2015 09:51 AM
1 Karma
So I have the search: index=testIndex1 | eval newField=userName+age I look through the results, set the newField as a selected field so that it can be tagged, and then create a few tags. I then want to search for a tag I just made, tag1. So I try these searches: index=testIndex1 | eval newField=userName+age | search 'tag::newField'=tag1 index=testIndex1 | eval newField=userName+age | search tag=tag1 But I get "No Results Found" in both cases, what gives? I know the tag exists, because when I go back to the original search, I can see it. Similarly, when I try to do inline named field extraction and tag based on those fields, I get the same results: index=testIndex1| rex field=source "/var/log/(?<extractedField1>.*)/(?<extractedField2>.*)/(?<user>.*)/output.log" | search 'tag::user'=fred I'm thinking there is some order issue with eval/extractions and tags? ... View more

Re: Setting tag values through REST API

by in Getting Data In
‎03-17-2015 09:38 AM
‎03-17-2015 09:38 AM
The tagger app appears to use this undocumented API. ... View more

Re: Is it possible to group results by their tag?

by in Knowledge Management
‎03-17-2015 09:35 AM
‎03-17-2015 09:35 AM
Yes, it would be counted twice in this case. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All
Karma given to