I managed to solve it by, renaming the first element of the .json file. it was "comments": ""
that seems to have broken the parser for some reason. The first element was a "". Not sure why.
... View more
I have short json files that I am uploading via Splunk Forwarder, but when they go into my index, they are always 2 events. This breaks my searching. Attaching image so you can see what I mean. Any way to make sure that I get one event per json file?
I shortened the JSON file by 3 lines and now it uploads as a single event. Not sure why this is the case.
... View more
We are trying to do some charting that requires counts of distinct values per build.
input would be
build|result
121 fail
121 pass
121 fail
77 pass
77 fail
in my chart I basically want
build 121 2 fails/1 pass and build 77 1 fail/1 pass
I thought it was a streamstats command followed by an accum command but I can't get it to work. I can get it to count the values per build, but not once I need to separate all the results out.
... View more