9/9/2023 0 Comments Splunk stats limit 10000The type field is the specified type of metadata to display.The totalcount field is the total number of events seen from this host.In other words, this is the time of the last update. The recentTime field is the indextime for the most recent time that the index saw an event from this host.The lastTime field is the timestamp for the last time that the indexer saw an event from this host.The firstTime field is the timestamp for the first time that the indexer saw an event from this host.Your results should look something like this: The command shows the first, last, and most recent events that were seen for each value of the specified metadata type. Generating commands use a leading pipe character and should be the first command in a search.Īlthough the metadata command fetches data from all peers, any command run after it runs only on the search head. The metadata command is a report-generating command. You can specify a wildcard character in the string to indicate multiple server groups. If you are using Splunk Cloud, omit this parameter. Description: Limits the results to one or more server groups. Default: All configured search peers return information splunk_server_group Syntax: splunk_server_group=. For example, you can specify splunk_server=peer01 or splunk_server=peer*. However, you can use a wildcard when you specify the server name to indicate multiple servers. If you are using Splunk Enterprise, you can specify only one splunk_server argument. If you are using Splunk Cloud Platform, omit this parameter. splunk_server Syntax: splunk_server= Description: Specifies the distributed search peer from which to return results. Example: | metadata type=hosts index=cs* index=na* index=ap* index=eu* Default: The default index, which is usually the main index. To match non-internal indexes, use index=*. Optional arguments index-specifier Syntax: index= Description: Specifies the index from which to return results. This must be one of the three literal strings: hosts, sources, or sourcetypes. Required arguments type Syntax: type= hosts | sources | sourcetypes Description: The type of metadata to return. You can view a snapshot of an index over a specific timeframe, such as the last 7 days, by using the time range picker. The metadata command returns information accumulated over time. The metadata command returns a list of sources, sourcetypes, or hosts from a specified index or distributed search peer.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |