"How are these transactions linked together... by a field called "ID"? If so.. just build them with the field ID, and then use one of the MV commands to extract a field with success or failure in it. Paste some samples and…"
The dojo of Splunk. Learn, share, teach, mentor.
Videos
Latest Activity
Nikita posted a discussionCount failures and success via transaction
Hi,I'm a new in Splunk so sorry for the stupid questions.I want to calculate failures in logs.For example we have request log and response log."request" OR ("fail" OR "response") |transaction startsWith=("request") endsWith=("fail" OR "response") maxpause=5s keepevicted=false maxspan=25s id |eval Failure=if(searchmatch("fail"),1,0)| eval Success=if(searchmatch("response"),1,0) | stats count(Failure) as FailureCount, count(Success) as SuccessCount | table FailureCount SuccessCountThat query…See More
my forwarded data doesn't appear on the receiver server
Hey everybody,
I've got an issue that is taking time to solve it.
I just can't figure out why the forwarded data is not showing up on the summary panel, but the data still being forwarded because I checked the index out on the receiver and it is increasing.
Well,
Thanks in advance.
Tags: forwarder
Views: 58
Replies to This Discussion
-
Permalink Reply by Michael Wilde on -
did you specify a particular index that your forwarded data is going to. By default, the Admin role in Splunk only searches the "main" index by default, so the stats on the "Search Summary" page will only reflect that index. If you set your data to go in a separate index, just go in to Manager --> Access Controls - Roles.. change the "default indexes" in your "admin" role to add your specific index and it will show up on the home page.
© 2012 Created by Michael Wilde.
