Hunk®(Legacy)

Hunk Tutorial

Download manual as PDF

Download topic as PDF

Step 8: Search using a sourcetype

1. Add this sourcetypes to $SPLUNK_HOME/apps/search/local/props.conf.

[source::.../access_combined.log]
sourcetype=access_combined
priority=100

2. Go back to your Search window in the Hunk user interface and try a search using the new sourcetype you just created:

- index=ponyindex sourcetype=access_combined status!=200 | eval my_hour=strftime(_time,"%H") | stats count by status my_hour | xyseries my_hour status count

PREVIOUS
Step 7: Try a simple data search
  NEXT
Step 9: Save a report

This documentation applies to the following versions of Hunk®(Legacy): 6.0, 6.0.1, 6.0.2, 6.0.3, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.2, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters