Solved: What is the search query to get the events which a...

lksridhar · ‎02-16-2018

Hi Folks,

What is the search query to get the events details which are having line breaking, data parsing and timestamp configuration issue?

adonio · ‎02-16-2018

Hello there,

try the following search:

index=_internal sourcetype=splunkd source=*splunkd.log (component=AggregatorMiningProcessor OR component=LineBreakingProcessor) (log_level=WARN OR log_level=ERROR)

hope it helps

View solution in original post

gjanders · ‎02-17-2018

I wrote an application to determine this issue and a variety of other scenarios, it's called Alerts For Splunk Admins .
I have an update or two coming in the next two week but your scenario is likely covered the savedsearches.conf is in github

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud

adonio · ‎02-16-2018

Hello there,

try the following search:

index=_internal sourcetype=splunkd source=*splunkd.log (component=AggregatorMiningProcessor OR component=LineBreakingProcessor) (log_level=WARN OR log_level=ERROR)

hope it helps

What is the search query to get the events which are having linebreaking , data parsing, timestamp configuration issue?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor