Hunk®(Legacy)

Hunk Tutorial

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Step 9: Search using a sourcetype

1. Add this sourcetypes to $SPLUNK_HOME/apps/search/local/props.conf. 

[source::.../access_combined.log]
sourcetype=access_combined
priority=100

2. Go back to your Search window in the Hunk user interface and try a search using the new sourcetype you just created:

- index=ponyindex sourcetype=access_combined status!=200 | eval my_hour=strftime(_time,"%H") | stats count by status my_hour | xyseries my_hour status count

Last modified on 28 January, 2014
PREVIOUS
Step 8: Try a simple data search 		  NEXT
Step 10: Save a report

This documentation applies to the following versions of Hunk®(Legacy): 6.0, 6.0.1, 6.0.2, 6.0.3, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.2, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters