Activity Feed
- Posted Is it possible to merge 6 logfiles into splunk? on Splunk Search. 04-02-2015 09:16 PM
- Tagged Is it possible to merge 6 logfiles into splunk? on Splunk Search. 04-02-2015 09:16 PM
- Posted Re: How to create a chart to show successful or failed installations for components in my sample data? on Splunk Search. 04-02-2015 01:55 AM
- Posted How to create a chart to show successful or failed installations for components in my sample data? on Splunk Search. 04-01-2015 11:56 PM
- Tagged How to create a chart to show successful or failed installations for components in my sample data? on Splunk Search. 04-01-2015 11:56 PM
- Posted Re: how to create chart for time on X axis and filed on Y axis... pls help am new to splunk and it is very important pls on Splunk Search. 03-29-2015 08:44 PM
- Posted Re: how to create chart for time on X axis and filed on Y axis... pls help am new to splunk and it is very important pls on Splunk Search. 03-29-2015 08:01 PM
- Posted Re: how to create chart for time on X axis and filed on Y axis... pls help am new to splunk and it is very important pls on Splunk Search. 03-28-2015 11:12 PM
- Posted how to create chart for time on X axis and filed on Y axis... pls help am new to splunk and it is very important pls on Splunk Search. 03-28-2015 07:45 PM
- Tagged how to create chart for time on X axis and filed on Y axis... pls help am new to splunk and it is very important pls on Splunk Search. 03-28-2015 07:45 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
04-03-2015
12:07 AM
I'm not sure how to club the actual log files since they will be picked from separate source paths and be considered as individual files, but if you want to query on all the log files, try OR
index=idx1 source="yourpath1\source1" OR source="yourpath2\source2" OR source="yourpath3\source3"
and if they are different files under same root folder, you can use wildcard too:
source= "yourpath\source*"
Let me know if this helps
... View more
04-02-2015
02:25 AM
The search I posted should be good to go with a pie chart. When you click on the pieces of that pie chart, it shows you which components were successful (and which weren't).
... View more
03-29-2015
08:44 PM
pls consider the following search
source="all_option_to_tmp" | rex field=_raw "cmd_name=(?[^]+))" | transaction cmd_name startswith="Start_time" endswith="end_time" |timechart count by duration
... View more
