I do see these errors in the internal logs, if they're helpful: I've also removed the Webtools app, and re-installed it, which didn't work. I deleted all inputs, and tried again, and still wasn't successful. I cloned this input, changing the domain in the URI, and the additional input didn't function. Initially, the first scheduled CURL input worked, with a simple URI of the following: I've installed this on a Splunk box running 7.3.1. What is necessary for the metadata command to return successfully? Is there a file I need next to the data to dictate the sourcetype info? Can I remove this index from the metadata results without having to manually specify all indexes I want in the command?Ġ1-15-2020 20:57:40.884 ERROR metadata - No 'sourcetype' key found in results. Searching the virtual index however returns correct sourcetype details. Adding a virtual index that uses a hadoop provider, this command now fails due to the fact that it can't find sourcetype details. Without a virtual index enabled, running `| metadata type=sourcetypes index=*` will return correctly.Ģ.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |