Hi,
My access logs are showing as single event,it should show as different events.
I need each line as single event.
Example:
8/8/12
8:42:31.000 AM
10.127.77.58 - - [08/Aug/2012:04:42:31 -0400] "GET / HTTP/1.1" 500 538 "-" "OpenNMS HttpMonitor"
10.127.77.58 - - [08/Aug/2012:04:42:31 -0400] "GET / HTTP/1.1" 500 538 "-" "OpenNMS HttpMonitor"
... View more
i have 2 splunk servers .
On A splunk server search app i can search host=abc*
But on B splunk server search app when i search host=abc* it shows 0 results but when i add index=xyz it shows data.
Where should i configure in splunk conf files that it should not check for index?
... View more
My saved search is just doing sourcetype=acccess_combined for example
No "si" commands used.I am just filtering the data so i can generate report on small set of data on request basis.
... View more