index=_internal sourcetype=splunkd "TailReader - File descriptor cache is full" "trimming" | stats count by host
0 comments
[0]
[0]
[0]
[0]
index=_internal sourcetype=splunkd "truncating line"
| rex field=_raw "line length\s+>=\s+(?<length>\d+)"
| search length=*
| stats max(length) as length, count by data_sourcetype
0 comments
[0]
[0]
[0]
[0]
index=_internal source=*license_usage.log type="Usage"
| eval indexname = if(len(idx)=0 OR isnull(idx),"(UNKNOWN)",idx)
```| search st=<insert sourcetype here>```
| timechart span=1d sum(eval(b/pow(1024,3))) by st
0 comments
[0]
[0]
[0]
[0]
index=_internal sourcetype=splunkd group=search_concurrency name=search_queue_metrics | timechart avg(current_queue_size)
0 comments
[0]
[0]
[0]
[0]
index=_audit action=search search=* user!=splunk-system-user provenance!=scheduler | table _time user search host total_run_time result_count | sort - _time
0 comments
[0]
[0]
[0]
[0]
index=_internal earliest=-5m latest=now sourcetype=splunk_web_access user!="internal_monitoring" user!="-" | stats count by user | fields - count
0 comments
[0]
[0]
[0]
[0]