SHARE
TWEET

Untitled

a guest Jan 10th, 2017 104 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. | inputlookup searches
  2. | map maxsearches=10 search="search
  3.   [ stats count
  4.     | eval search=\"$search_string$\"
  5.     | table search ]
  6.   | eventstats first(sapnumber) as sapnumber by source
  7.   | eval _raw=\"***SPLUNK*** index=\\\"$destination_index$\\\" host=\\\"\" + host + \"\\\" source=\\\"\" +
  8.     source + \"\\\" sourcetype=\\\"\" + sourcetype + \"\\\"
  9. \" + sapnumber + \"|\" + _raw
  10.   | collect file=\"../../../etc/apps/appname/data/stash/$destination_index$\" spool=f
  11.   | stats count
  12.   | eval message=count+\" events written to the $destination_index$ index.\"
  13.   | table message"
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top