Splunk search for Events sent to the null queue

Copy
index=_internal component=metrics processor=nullqueue group=pipeline sourcetype=splunkd | table _time log_level name processor cpu_seconds executes cumulative_hits | rename log_level as "Log Level", name as "Name", processor as Processor, cpu_seconds as "CPU seconds" executes as Executes cumulative_hits as "Cumulative Hits"
This Splunk search will identify any events that were sent to the null queue. It is possible to filter out certain data before it is indexed into Splunk, this search will provide information on the events that have been filtered in this way.
0 comments

Category:

General Splunk


Tags:

Admin general internal

Search Commands:

Sign in or Register to submit a comment