The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Previous Topic: splunk-search.exe process taking a lot of CPU when using SplunkLightForwarder | Next Topic: re-labeling host information
Posts 1–3 of 3
Good afternoon
Logging events from a syslog server. Would like to filter out all syslog events below 3 and only see error,critical,alerts & emergency but i'm not sure what the field is.
my questions are:
How would filter look
How can you find out the fields displayed (in the case the syslog level)
How to save this search and put in sort of a dashboard view..
Any help much appreciated.
Thank you
We'd probably like to see an example of your events, but the simple way is if there is a keyword that you can filter on, you can just use
NOT info
for example, assuming "info" is in the event data. this will exclude messages where "info" happens to be in a different place, so you'd have to tell splunk to identify fields to be more specific.