Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- | inputlookup searches
- | map maxsearches=10 search="search
- [ stats count
- | eval search=\"$search_string$\"
- | table search ]
- | eventstats first(sapnumber) as sapnumber by source
- | eval _raw=\"***SPLUNK*** index=\\\"$destination_index$\\\" host=\\\"\" + host + \"\\\" source=\\\"\" +
- source + \"\\\" sourcetype=\\\"\" + sourcetype + \"\\\"
- \" + sapnumber + \"|\" + _raw
- | collect file=\"../../../etc/apps/appname/data/stash/$destination_index$\" spool=f
- | stats count
- | eval message=count+\" events written to the $destination_index$ index.\"
- | table message"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement