{
"5.0.2": {
"results-empty_preview": {
"fields": [],
"results": [],
"is_preview": true
},
"results-empty": {
"fields": [],
"results": [],
"is_preview": false
},
"results": {
"fields": [
"_bkt",
"_cd",
"_indextime",
"_kv",
"_raw",
"_serial",
"_si",
"_sourcetype",
"_subsecond",
"_time",
"abandoned_channels",
"active_hist_searches",
"active_realtime_searches",
"average_kbps",
"avg_age",
"bytes",
"chillOrFreeze",
"clientip",
"component",
"cookie",
"current_size",
"current_size_kb",
"date_hour",
"date_mday",
"date_minute",
"date_month",
"date_second",
"date_wday",
"date_year",
"date_zone",
"drop_count",
"eps",
"ev",
"eventtype",
"file",
"flushBlockSig",
"fork_recovermetadata",
"group",
"host",
"ident",
"inactive_channels",
"index",
"instantaneous_eps",
"instantaneous_kbps",
"kb",
"kbps",
"largest_size",
"linecount",
"load_average",
"log_level",
"max_age",
"max_size_kb",
"message",
"method",
"name",
"namespace",
"new_channels",
"numMsgs",
"other",
"punct",
"qsize",
"qwork_units",
"rebuild_metadata",
"reclaimed_channels",
"referer",
"referer_domain",
"removed_channels",
"replicate_semislice",
"req_time",
"retryMove_1hotBkt",
"roll_hotBkt",
"root",
"series",
"service_externProc",
"service_maxSizes",
"service_volumes",
"sid",
"size_hotBkt",
"smallest_size",
"source",
"sourcetype",
"spent",
"splunk_server",
"status",
"sync_hotBkt",
"task",
"throttle_optimize",
"timedout_channels",
"timeendpos",
"timestartpos",
"total_k_processed",
"update_bktManifest",
"update_checksums",
"uri",
"uri_domain",
"uri_path",
"uri_query",
"user",
"useragent",
"version",
"workers"
],
"results": [
{
"RAW_XML": "127.0.0.1 - admin [19/Dec/2012:11:46:15.549 -0800] \"GET /services/messages HTTP/1.1\" 200 1984 - - - 1ms",
"fields": {
"date_hour": "11",
"_subsecond": ".549",
"uri": "/services/messages",
"date_zone": "-480",
"date_mday": "19",
"date_minute": "46",
"file": "messages",
"clientip": "127.0.0.1",
"index": "_internal",
"sourcetype": "splunkd_access",
"eventtype": "splunkd-access",
"linecount": "1",
"splunk_server": "fross-mbp15.local",
"source": "/Users/fross/splunks/splunk-5.0.2/var/log/splunk/splunkd_access.log",
"_bkt": "_internal~21~D8F318D9-5D7F-43B5-911F-9821FBAEEA9B",
"version": "HTTP/1.1",
"date_year": "2012",
"method": "GET",
"status": "200",
"_serial": "0",
"date_second": "15",
"date_wday": "wednesday",
"punct": "..._-__[//:::._-]_\"_//_/.\"___-_-_-_",
"host": "fross-mbp15.local",
"_sourcetype": "splunkd_access",
"_indextime": "1355946377",
"user": "admin",
"_kv": "1",
"_cd": "21:59296",
"_si": [
"fross-mbp15.local",
"_internal"
],
"uri_path": "/services/messages",
"ident": "-",
"timestartpos": "19",
"date_month": "december",
"bytes": "1984",
"spent": "1",
"_time": "2012-12-19T11:46:15.549-08:00",
"timeendpos": "49",
"_raw": "127.0.0.1 - admin [19/Dec/2012:11:46:15.549 -0800] \"GET /services/messages HTTP/1.1\" 200 1984 - - - 1ms",
"req_time": "19/Dec/2012:11:46:15.549 -0800",
"root": "services",
"other": "- - - 1ms"
}
},
{
"RAW_XML": "127.0.0.1 - admin [19/Dec/2012:11:46:15.544 -0800] \"GET /en-US/api/messages/index HTTP/1.1\" 200 341 \"http://localhost:8000/en-US/search/inspector?sid=1355946305.42&namespace=search\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20100101 Firefox/17.0\" - 50d219878b6ae2790 7ms",
"fields": {
"date_hour": "11",
"referer": "http://localhost:8000/en-US/search/inspector?sid=1355946305.42&namespace=search",
"_subsecond": ".544",
"uri": "/en-US/api/messages/index",
"date_zone": "-480",
"date_mday": "19",
"date_minute": "46",
"file": "index",
"_raw": "127.0.0.1 - admin [19/Dec/2012:11:46:15.544 -0800] \"GET /en-US/api/messages/index HTTP/1.1\" 200 341 \"http://localhost:8000/en-US/search/inspector?sid=1355946305.42&namespace=search\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20100101 Firefox/17.0\" - 50d219878b6ae2790 7ms",
"clientip": "127.0.0.1",
"index": "_internal",
"sourcetype": "splunk_web_access",
"namespace": "search",
"linecount": "1",
"splunk_server": "fross-mbp15.local",
"source": "/Users/fross/splunks/splunk-5.0.2/var/log/splunk/web_access.log",
"_bkt": "_internal~21~D8F318D9-5D7F-43B5-911F-9821FBAEEA9B",
"version": "HTTP/1.1",
"date_year": "2012",
"method": "GET",
"status": "200",
"_serial": "1",
"date_second": "15",
"date_wday": "wednesday",
"sid": "1355946305.42",
"punct": "..._-__[//:::._-]_\"_/-///_/.\"___\"://:/-//?=.&=\"_\"/",
"host": "fross-mbp15.local",
"_sourcetype": "splunk_web_access",
"req_time": "19/Dec/2012:11:46:15.544 -0800",
"user": "admin",
"_kv": "1",
"_cd": "21:59301",
"_si": [
"fross-mbp15.local",
"_internal"
],
"uri_path": "/en-US/api/messages/index",
"ident": "-",
"_indextime": "1355946377",
"timestartpos": "19",
"root": "en-US",
"bytes": "341",
"spent": "7",
"_time": "2012-12-19T11:46:15.544-08:00",
"timeendpos": "49",
"date_month": "december",
"useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20100101 Firefox/17.0",
"referer_domain": "http://localhost:8000",
"other": "- 50d219878b6ae2790 7ms"
}
},
{
"RAW_XML": "127.0.0.1 - admin [19/Dec/2012:11:46:14.260 -0800] \"GET /services/messages HTTP/1.1\" 200 1984 - - - 1ms",
"fields": {
"date_hour": "11",
"_subsecond": ".260",
"uri": "/services/messages",
"date_zone": "-480",
"date_mday": "19",
"date_minute": "46",
"file": "messages",
"clientip": "127.0.0.1",
"index": "_internal",
"sourcetype": "splunkd_access",
"eventtype": "splunkd-access",
"linecount": "1",
"splunk_server": "fross-mbp15.local",
"source": "/Users/fross/splunks/splunk-5.0.2/var/log/splunk/splunkd_access.log",
"_bkt": "_internal~21~D8F318D9-5D7F-43B5-911F-9821FBAEEA9B",
"version": "HTTP/1.1",
"date_year": "2012",
"method": "GET",
"status": "200",
"_serial": "2",
"date_second": "14",
"date_wday": "wednesday",
"punct": "..._-__[//:::._-]_\"_//_/.\"___-_-_-_",
"host": "fross-mbp15.local",
"_sourcetype": "splunkd_access",
"_indextime": "1355946374",
"user": "admin",
"_kv": "1",
"_cd": "21:59281",
"_si": [
"fross-mbp15.local",
"_internal"
],
"uri_path": "/services/messages",
"ident": "-",
"timestartpos": "19",
"date_month": "december",
"bytes": "1984",
"spent": "1",
"_time": "2012-12-19T11:46:14.260-08:00",
"timeendpos": "49",
"_raw": "127.0.0.1 - admin [19/Dec/2012:11:46:14.260 -0800] \"GET /services/messages HTTP/1.1\" 200 1984 - - - 1ms",
"req_time": "19/Dec/2012:11:46:14.260 -0800",
"root": "services",
"other": "- - - 1ms"
}
}
],
"is_preview": false
},
"results-preview": {
"fields": [
"_bkt",
"_cd",
"_confstr",
"_indextime",
"_kv",
"_raw",
"_serial",
"_si",
"_sourcetype",
"_subsecond",
"_time",
"abandoned_channels",
"active_hist_searches",
"active_realtime_searches",
"app",
"appCodeName",
"appName",
"appVersion",
"average_kbps",
"avg_age",
"browser",
"bytes",
"chillOrFreeze",
"class",
"client_app",
"clientip",
"component",
"count",
"current_size",
"current_size_kb",
"date_hour",
"date_mday",
"date_minute",
"date_month",
"date_second",
"date_wday",
"date_year",
"date_zone",
"delimiter",
"digest",
"dispatched",
"display_row_numbers",
"drop_count",
"earliest",
"enable_event_actions",
"enable_field_actions",
"entity_name",
"eps",
"ev",
"eventtype",
"field_list",
"fields",
"file",
"fillcontents",
"flushBlockSig",
"fork_recovermetadata",
"group",
"host",
"ident",
"inactive_channels",
"index",
"instantaneous_eps",
"instantaneous_kbps",
"jobStatus",
"kb",
"kbps",
"largest_size",
"latest",
"line",
"linecount",
"load_average",
"log_level",
"max_age",
"max_lines",
"max_lines_constraint",
"max_size_kb",
"message",
"message_level",
"method",
"min_freq",
"min_lines",
"name",
"namespace",
"new_channels",
"numMsgs",
"offset",
"other",
"output_mode",
"output_time_format",
"platform",
"punct",
"q",
"qsize",
"qwork_units",
"rebuild_metadata",
"reclaimed_channels",
"referer",
"referer_domain",
"refresh",
"removed_channels",
"replicate_semislice",
"req_time",
"requestid",
"retryMove_1hotBkt",
"reverse_order",
"roll_hotBkt",
"root",
"s",
"search",
"segmentation",
"series",
"service_externProc",
"service_maxSizes",
"service_volumes",
"show_empty_fields",
"sid",
"size_hotBkt",
"skipped",
"smallest_size",
"sortDir",
"sortKey",
"sort_dir",
"sort_key",
"source",
"sourcetype",
"spent",
"splunk_server",
"staticFields",
"status",
"sync_hotBkt",
"task",
"templateTime",
"throttle_optimize",
"time_format",
"timedout_channels",
"timeendpos",
"timestamp",
"timestartpos",
"total_k_processed",
"truncation_mode",
"update_bktManifest",
"update_checksums",
"uri",
"uri_path",
"uri_query",
"user",
"userAgent",
"useragent",
"version",
"viewTime",
"wait",
"with_new",
"workers"
],
"results": [
{
"fields": {
"date_zone": "-480",
"date_mday": "19",
"date_minute": "47",
"message": "group=mpool, max_used_interval=11760, max_used=106926, avg_rsv=256, capacity=536870912, used=0, rep_used=0",
"index": "_internal",
"group": "mpool",
"sourcetype": "splunkd",
"linecount": "1",
"splunk_server": "fross-mbp15.local",
"source": "/Users/fross/splunks/splunk-5.0.2/var/log/splunk/metrics.log",
"_bkt": "_internal~20~D8F318D9-5D7F-43B5-911F-9821FBAEEA9B",
"date_wday": "wednesday",
"date_hour": "10",
"date_second": "39",
"date_year": "2012",
"component": "Metrics",
"punct": "--_::._-____-_=,_=,_=,_=,_=,_=,_=",
"host": "fross-mbp15.local",
"_sourcetype": "splunkd",
"_indextime": "1355942859",
"_kv": "1",
"log_level": "INFO",
"_cd": "20:6362329",
"_si": [
"fross-mbp15.local",
"_internal"
],
"timestartpos": "0",
"date_month": "december",
"_subsecond": ".098",
"_time": "2012-12-19T10:47:39.098-08:00",
"timeendpos": "29",
"_raw": "12-19-2012 10:47:39.098 -0800 INFO Metrics - group=mpool, max_used_interval=11760, max_used=106926, avg_rsv=256, capacity=536870912, used=0, rep_used=0",
"_serial": "20446"
},
"RAW_XML": "12-19-2012 10:47:39.098 -0800 INFO Metrics - group=mpool, max_used_interval=11760, max_used=106926, avg_rsv=256, capacity=536870912, used=0, rep_used=0"
},
{
"fields": {
"date_zone": "-480",
"date_mday": "19",
"date_minute": "47",
"message": "group=pipeline, name=merging, processor=sendout, cpu_seconds=0.000000, executes=48, cumulative_hits=927340",
"index": "_internal",
"group": "pipeline",
"sourcetype": "splunkd",
"linecount": "1",
"splunk_server": "fross-mbp15.local",
"source": "/Users/fross/splunks/splunk-5.0.2/var/log/splunk/metrics.log",
"_bkt": "_internal~20~D8F318D9-5D7F-43B5-911F-9821FBAEEA9B",
"date_wday": "wednesday",
"date_hour": "10",
"date_second": "39",
"date_year": "2012",
"component": "Metrics",
"punct": "--_::._-____-_=,_=,_=,_=.,_=,_=",
"host": "fross-mbp15.local",
"_sourcetype": "splunkd",
"_indextime": "1355942859",
"_kv": "1",
"log_level": "INFO",
"_cd": "20:6362402",
"name": "merging",
"_si": [
"fross-mbp15.local",
"_internal"
],
"timestartpos": "0",
"date_month": "december",
"_subsecond": ".099",
"_time": "2012-12-19T10:47:39.099-08:00",
"timeendpos": "29",
"_raw": "12-19-2012 10:47:39.099 -0800 INFO Metrics - group=pipeline, name=merging, processor=sendout, cpu_seconds=0.000000, executes=48, cumulative_hits=927340",
"_serial": "20436"
},
"RAW_XML": "12-19-2012 10:47:39.099 -0800 INFO Metrics - group=pipeline, name=merging, processor=sendout, cpu_seconds=0.000000, executes=48, cumulative_hits=927340"
},
{
"fields": {
"date_zone": "-480",
"date_mday": "19",
"date_minute": "47",
"message": "group=pipeline, name=merging, processor=readerin, cpu_seconds=0.000000, executes=48, cumulative_hits=927707",
"index": "_internal",
"group": "pipeline",
"sourcetype": "splunkd",
"linecount": "1",
"splunk_server": "fross-mbp15.local",
"source": "/Users/fross/splunks/splunk-5.0.2/var/log/splunk/metrics.log",
"_bkt": "_internal~20~D8F318D9-5D7F-43B5-911F-9821FBAEEA9B",
"date_wday": "wednesday",
"date_hour": "10",
"date_second": "39",
"date_year": "2012",
"component": "Metrics",
"punct": "--_::._-____-_=,_=,_=,_=.,_=,_=",
"host": "fross-mbp15.local",
"_sourcetype": "splunkd",
"_indextime": "1355942859",
"_kv": "1",
"log_level": "INFO",
"_cd": "20:6362395",
"name": "merging",
"_si": [
"fross-mbp15.local",
"_internal"
],
"timestartpos": "0",
"date_month": "december",
"_subsecond": ".099",
"_time": "2012-12-19T10:47:39.099-08:00",
"timeendpos": "29",
"_raw": "12-19-2012 10:47:39.099 -0800 INFO Metrics - group=pipeline, name=merging, processor=readerin, cpu_seconds=0.000000, executes=48, cumulative_hits=927707",
"_serial": "20437"
},
"RAW_XML": "12-19-2012 10:47:39.099 -0800 INFO Metrics - group=pipeline, name=merging, processor=readerin, cpu_seconds=0.000000, executes=48, cumulative_hits=927707"
}
],
"is_preview": true
}
},
"4.3.5": {
"results-empty": {
"fields": [],
"results": [],
"is_preview": null
},
"results": {
"fields": [
"_cd",
"_indextime",
"_kv",
"_raw",
"_serial",
"_si",
"_sourcetype",
"_subsecond",
"_time",
"bytes",
"client_app",
"clientip",
"cookie",
"count",
"date_hour",
"date_mday",
"date_minute",
"date_month",
"date_second",
"date_wday",
"date_year",
"date_zone",
"display_row_numbers",
"earliest",
"enable_event_actions",
"enable_field_actions",
"entity_name",
"eventtype",
"field_list",
"file",
"fillcontents",
"host",
"ident",
"index",
"latest",
"linecount",
"max_lines",
"max_lines_constraint",
"method",
"min_freq",
"min_lines",
"offset",
"other",
"output_mode",
"output_time_format",
"punct",
"q",
"referer",
"referer_domain",
"req_time",
"reverse_order",
"root",
"s",
"segmentation",
"show_empty_fields",
"sid",
"source",
"sourcetype",
"spent",
"splunk_server",
"status",
"time_format",
"timeendpos",
"timestartpos",
"truncation_mode",
"uri",
"uri_domain",
"uri_path",
"uri_query",
"user",
"useragent",
"version"
],
"results": [
{
"RAW_XML": "127.0.0.1 - admin [19/Dec/2012:11:55:39.296 -0800] \"POST /en-US/api/shelper HTTP/1.1\" 200 1398 \"http://localhost:8000/en-US/app/search/flashtimeline?q=search%20search%20index%3D_internal%20%7C%20head%2010&earliest=rt-1h&latest=rt\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20100101 Firefox/17.0\" - 50d21bbb4b5224c10 3ms",
"fields": {
"date_hour": "11",
"referer": "http://localhost:8000/en-US/app/search/flashtimeline?q=search%20search%20index%3D_internal%20%7C%20head%2010&earliest=rt-1h&latest=rt",
"_subsecond": ".296",
"uri": "/en-US/api/shelper",
"date_zone": "-480",
"date_mday": "19",
"date_minute": "55",
"file": "shelper",
"clientip": "127.0.0.1",
"index": "_internal",
"sourcetype": "splunk_web_access",
"splunk_server": "fross-mbp15.local",
"source": "/Users/fross/splunks/splunk-4.3.5/var/log/splunk/web_access.log",
"linecount": "1",
"version": "HTTP/1.1",
"date_year": "2012",
"method": "POST",
"status": "200",
"_serial": "0",
"date_second": "39",
"date_wday": "wednesday",
"_raw": "127.0.0.1 - admin [19/Dec/2012:11:55:39.296 -0800] \"POST /en-US/api/shelper HTTP/1.1\" 200 1398 \"http://localhost:8000/en-US/app/search/flashtimeline?q=search%20search%20index%3D_internal%20%7C%20head%2010&earliest=rt-1h&latest=rt\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20100101 Firefox/17.0\" - 50d21bbb4b5224c10 3ms",
"punct": "..._-__[//:::._-]_\"_/-//_/.\"___\"://:/-///?=%%%%%%%",
"host": "fross-mbp15.local",
"_sourcetype": "splunk_web_access",
"req_time": "19/Dec/2012:11:55:39.296 -0800",
"user": "admin",
"_kv": "1",
"earliest": "rt-1h",
"_cd": "54:23786",
"_si": [
"fross-mbp15.local",
"_internal"
],
"uri_path": "/en-US/api/shelper",
"ident": "-",
"_indextime": "1355946940",
"timestartpos": "19",
"root": "en-US",
"bytes": "1398",
"spent": "3",
"q": "search%20search%20index%3D_internal%20%7C%20head%2010",
"_time": "2012-12-19T11:55:39.296-08:00",
"timeendpos": "49",
"date_month": "december",
"useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20100101 Firefox/17.0",
"referer_domain": "http://localhost:8000",
"other": "- 50d21bbb4b5224c10 3ms",
"latest": "rt"
}
},
{
"RAW_XML": "127.0.0.1 - admin [19/Dec/2012:11:55:39.265 -0800] \"GET /services/search/jobs/rt_1355946914.13 HTTP/1.1\" 200 10957 - - - 4ms",
"fields": {
"date_hour": "11",
"_subsecond": ".265",
"uri": "/services/search/jobs/rt_1355946914.13",
"date_zone": "-480",
"date_mday": "19",
"date_minute": "55",
"file": "rt_1355946914.13",
"clientip": "127.0.0.1",
"index": "_internal",
"sourcetype": "splunkd_access",
"eventtype": "splunkd-access",
"splunk_server": "fross-mbp15.local",
"source": "/Users/fross/splunks/splunk-4.3.5/var/log/splunk/splunkd_access.log",
"linecount": "1",
"version": "HTTP/1.1",
"date_wday": "wednesday",
"method": "GET",
"status": "200",
"_serial": "1",
"date_second": "39",
"date_year": "2012",
"punct": "..._-__[//:::._-]_\"_////._/.\"___-_-_-_",
"host": "fross-mbp15.local",
"_sourcetype": "splunkd_access",
"_indextime": "1355946940",
"user": "admin",
"_kv": "1",
"_cd": "54:23689",
"_si": [
"fross-mbp15.local",
"_internal"
],
"uri_path": "/services/search/jobs/rt_1355946914.13",
"ident": "-",
"timestartpos": "19",
"date_month": "december",
"bytes": "10957",
"spent": "4",
"_time": "2012-12-19T11:55:39.265-08:00",
"timeendpos": "49",
"_raw": "127.0.0.1 - admin [19/Dec/2012:11:55:39.265 -0800] \"GET /services/search/jobs/rt_1355946914.13 HTTP/1.1\" 200 10957 - - - 4ms",
"req_time": "19/Dec/2012:11:55:39.265 -0800",
"root": "services",
"other": "- - - 4ms"
}
},
{
"RAW_XML": "127.0.0.1 - admin [19/Dec/2012:11:55:39.258 -0800] \"GET /servicesNS/admin/search/properties/event_renderers?fillcontents=1 HTTP/1.1\" 200 3657 - - - 1ms",
"fields": {
"date_hour": "11",
"_subsecond": ".258",
"uri": "/servicesNS/admin/search/properties/event_renderers?fillcontents=1",
"date_zone": "-480",
"date_mday": "19",
"date_minute": "55",
"file": "event_renderers",
"clientip": "127.0.0.1",
"index": "_internal",
"sourcetype": "splunkd_access",
"eventtype": "splunkd-access",
"splunk_server": "fross-mbp15.local",
"source": "/Users/fross/splunks/splunk-4.3.5/var/log/splunk/splunkd_access.log",
"linecount": "1",
"version": "HTTP/1.1",
"date_year": "2012",
"method": "GET",
"fillcontents": "1",
"status": "200",
"_serial": "2",
"date_second": "39",
"date_wday": "wednesday",
"punct": "..._-__[//:::._-]_\"_/////?=_/.\"___-_-_-_",
"host": "fross-mbp15.local",
"_sourcetype": "splunkd_access",
"req_time": "19/Dec/2012:11:55:39.258 -0800",
"user": "admin",
"_kv": "1",
"_cd": "54:23682",
"_si": [
"fross-mbp15.local",
"_internal"
],
"uri_path": "/servicesNS/admin/search/properties/event_renderers",
"ident": "-",
"timestartpos": "19",
"date_month": "december",
"bytes": "3657",
"spent": "1",
"_time": "2012-12-19T11:55:39.258-08:00",
"timeendpos": "49",
"_raw": "127.0.0.1 - admin [19/Dec/2012:11:55:39.258 -0800] \"GET /servicesNS/admin/search/properties/event_renderers?fillcontents=1 HTTP/1.1\" 200 3657 - - - 1ms",
"_indextime": "1355946940",
"root": "servicesNS",
"other": "- - - 1ms",
"uri_query": "fillcontents=1"
}
},
{
"RAW_XML": "127.0.0.1 - admin [19/Dec/2012:11:55:39.231 -0800] \"GET /services/search/jobs/rt_1355946914.13/events?count=0&segmentation=full&output_mode=xml&time_format=%25s.%25Q&max_lines=10&show_empty_fields=True&offset=-10&output_time_format=%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25z&field_list=&truncation_mode=abstract HTTP/1.1\" 200 32837 - - - 6ms",
"fields": {
"date_hour": "11",
"max_lines": "10",
"_kv": "1",
"spent": "6",
"date_zone": "-480",
"date_mday": "19",
"date_minute": "55",
"file": "events",
"clientip": "127.0.0.1",
"index": "_internal",
"_serial": "3",
"sourcetype": "splunkd_access",
"eventtype": "splunkd-access",
"req_time": "19/Dec/2012:11:55:39.231 -0800",
"splunk_server": "fross-mbp15.local",
"source": "/Users/fross/splunks/splunk-4.3.5/var/log/splunk/splunkd_access.log",
"linecount": "1",
"version": "HTTP/1.1",
"date_year": "2012",
"method": "GET",
"status": "200",
"_si": [
"fross-mbp15.local",
"_internal"
],
"segmentation": "full",
"output_mode": "xml",
"date_second": "39",
"date_wday": "wednesday",
"time_format": "%25s.%25Q",
"punct": "..._-__[//:::._-]_\"_////./?=&=&=&=%.%&=&=&=-&=%-%-",
"host": "fross-mbp15.local",
"_sourcetype": "splunkd_access",
"_indextime": "1355946940",
"user": "admin",
"show_empty_fields": "True",
"offset": "-10",
"_cd": "54:23670",
"truncation_mode": "abstract",
"count": "0",
"uri_path": "/services/search/jobs/rt_1355946914.13/events",
"ident": "-",
"timestartpos": "19",
"date_month": "december",
"bytes": "32837",
"uri": "/services/search/jobs/rt_1355946914.13/events?count=0&segmentation=full&output_mode=xml&time_format=%25s.%25Q&max_lines=10&show_empty_fields=True&offset=-10&output_time_format=%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25z&field_list=&truncation_mode=abstract",
"_time": "2012-12-19T11:55:39.231-08:00",
"output_time_format": "%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25z",
"timeendpos": "49",
"_raw": "127.0.0.1 - admin [19/Dec/2012:11:55:39.231 -0800] \"GET /services/search/jobs/rt_1355946914.13/events?count=0&segmentation=full&output_mode=xml&time_format=%25s.%25Q&max_lines=10&show_empty_fields=True&offset=-10&output_time_format=%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25z&field_list=&truncation_mode=abstract HTTP/1.1\" 200 32837 - - - 6ms",
"_subsecond": ".231",
"root": "services",
"other": "- - - 6ms",
"uri_query": "count=0&segmentation=full&output_mode=xml&time_format=%25s.%25Q&max_lines=10&show_empty_fields=True&offset=-10&output_time_format=%25Y-%25m-%25dT%25H%3A%25M%3A%25S.%25Q%25z&field_list=&truncation_mode=abstract"
}
}
],
"is_preview": false
},
"results-preview": {
"fields": [
"_cd",
"_indextime",
"_kv",
"_raw",
"_serial",
"_si",
"_sourcetype",
"_subsecond",
"_time",
"active_hist_searches",
"active_realtime_searches",
"app",
"appCodeName",
"appName",
"browser",
"bytes",
"class",
"client_app",
"clientip",
"component",
"count",
"date_hour",
"date_mday",
"date_minute",
"date_month",
"date_second",
"date_wday",
"date_year",
"date_zone",
"delimiter",
"display_row_numbers",
"drop_count",
"earliest",
"enable_event_actions",
"enable_field_actions",
"entity_name",
"eventtype",
"field_list",
"fields",
"file",
"fillcontents",
"group",
"host",
"ident",
"index",
"jobStatus",
"latest",
"line",
"linecount",
"log_level",
"max_lines",
"max_lines_constraint",
"max_time",
"mean_preview_period",
"message",
"message_level",
"method",
"min_freq",
"min_lines",
"name",
"namespace",
"offset",
"other",
"output_mode",
"output_time_format",
"platform",
"prefix",
"punct",
"q",
"referer",
"referer_domain",
"req_time",
"requestid",
"reverse_order",
"root",
"s",
"search",
"segmentation",
"show_empty_fields",
"sid",
"sortDir",
"sortKey",
"sort_dir",
"sort_key",
"source",
"sourcetype",
"spent",
"splunk_server",
"staticFields",
"status",
"time_format",
"timeendpos",
"timestartpos",
"truncation_mode",
"uri",
"uri_path",
"uri_query",
"user",
"userAgent",
"useragent",
"version"
],
"results": [
{
"fields": {
"date_zone": "local",
"date_mday": "19",
"date_minute": "48",
"message": "CONFIG: mrsparkle_path (str): /Users/fross/splunks/splunk-4.3.5/share/search/mrsparkle",
"index": "_internal",
"log_level": "INFO",
"sourcetype": "splunk_web_service",
"splunk_server": "fross-mbp15.local",
"source": "/Users/fross/splunks/splunk-4.3.5/var/log/splunk/web_service.log",
"linecount": "1",
"date_wday": "wednesday",
"date_hour": "11",
"date_second": "55",
"date_year": "2012",
"component": "root",
"punct": "--_::,_t[]_:_-_:__():_////-..///",
"host": "fross-mbp15.local",
"_sourcetype": "splunk_web_service",
"_indextime": "1355946537",
"requestid": "50d21a262616082d0",
"_kv": "1",
"line": "535",
"_cd": "54:8568",
"_si": [
"fross-mbp15.local",
"_internal"
],
"timestartpos": "0",
"date_month": "december",
"_subsecond": ".424",
"_time": "2012-12-19T11:48:55.424-08:00",
"timeendpos": "24",
"_raw": "2012-12-19 11:48:55,424 INFO\t[50d21a262616082d0] root:535 - CONFIG: mrsparkle_path (str): /Users/fross/splunks/splunk-4.3.5/share/search/mrsparkle",
"_serial": "731"
},
"RAW_XML": "2012-12-19 11:48:55,424 INFO\t[50d21a262616082d0] root:535 - CONFIG: mrsparkle_path (str): /Users/fross/splunks/splunk-4.3.5/share/search/mrsparkle"
},
{
"fields": {
"date_zone": "local",
"date_mday": "19",
"date_minute": "48",
"message": "CONFIG: module_dir (str): share/splunk/search_mrsparkle/modules",
"index": "_internal",
"log_level": "INFO",
"sourcetype": "splunk_web_service",
"splunk_server": "fross-mbp15.local",
"source": "/Users/fross/splunks/splunk-4.3.5/var/log/splunk/web_service.log",
"linecount": "1",
"date_wday": "wednesday",
"date_hour": "11",
"date_second": "55",
"date_year": "2012",
"component": "root",
"punct": "--_::,_t[]_:_-_:__():_///",
"host": "fross-mbp15.local",
"_sourcetype": "splunk_web_service",
"_indextime": "1355946537",
"requestid": "50d21a262616082d0",
"_kv": "1",
"line": "535",
"_cd": "54:8562",
"_si": [
"fross-mbp15.local",
"_internal"
],
"timestartpos": "0",
"date_month": "december",
"_subsecond": ".424",
"_time": "2012-12-19T11:48:55.424-08:00",
"timeendpos": "24",
"_raw": "2012-12-19 11:48:55,424 INFO\t[50d21a262616082d0] root:535 - CONFIG: module_dir (str): share/splunk/search_mrsparkle/modules",
"_serial": "732"
},
"RAW_XML": "2012-12-19 11:48:55,424 INFO\t[50d21a262616082d0] root:535 - CONFIG: module_dir (str): share/splunk/search_mrsparkle/modules"
},
{
"fields": {
"date_zone": "local",
"date_mday": "19",
"date_minute": "48",
"message": "CONFIG: template_dir (str): share/splunk/search_mrsparkle/templates",
"index": "_internal",
"log_level": "INFO",
"sourcetype": "splunk_web_service",
"splunk_server": "fross-mbp15.local",
"source": "/Users/fross/splunks/splunk-4.3.5/var/log/splunk/web_service.log",
"linecount": "1",
"date_wday": "wednesday",
"date_hour": "11",
"date_second": "55",
"date_year": "2012",
"component": "root",
"punct": "--_::,_t[]_:_-_:__():_///",
"host": "fross-mbp15.local",
"_sourcetype": "splunk_web_service",
"_indextime": "1355946537",
"requestid": "50d21a262616082d0",
"_kv": "1",
"line": "535",
"_cd": "54:8674",
"_si": [
"fross-mbp15.local",
"_internal"
],
"timestartpos": "0",
"date_month": "december",
"_subsecond": ".425",
"_time": "2012-12-19T11:48:55.425-08:00",
"timeendpos": "24",
"_raw": "2012-12-19 11:48:55,425 INFO\t[50d21a262616082d0] root:535 - CONFIG: template_dir (str): share/splunk/search_mrsparkle/templates",
"_serial": "728"
},
"RAW_XML": "2012-12-19 11:48:55,425 INFO\t[50d21a262616082d0] root:535 - CONFIG: template_dir (str): share/splunk/search_mrsparkle/templates"
},
{
"fields": {
"date_zone": "local",
"date_mday": "19",
"date_minute": "48",
"message": "CONFIG: staticdir (str): /Users/fross/splunks/splunk-4.3.5/share/splunk/search_mrsparkle/exposed",
"index": "_internal",
"log_level": "INFO",
"sourcetype": "splunk_web_service",
"splunk_server": "fross-mbp15.local",
"source": "/Users/fross/splunks/splunk-4.3.5/var/log/splunk/web_service.log",
"linecount": "1",
"date_wday": "wednesday",
"date_hour": "11",
"date_second": "55",
"date_year": "2012",
"component": "root",
"punct": "--_::,_t[]_:_-_:__():_////-..////",
"host": "fross-mbp15.local",
"_sourcetype": "splunk_web_service",
"_indextime": "1355946537",
"requestid": "50d21a262616082d0",
"_kv": "1",
"line": "535",
"_cd": "54:8662",
"_si": [
"fross-mbp15.local",
"_internal"
],
"timestartpos": "0",
"date_month": "december",
"_subsecond": ".425",
"_time": "2012-12-19T11:48:55.425-08:00",
"timeendpos": "24",
"_raw": "2012-12-19 11:48:55,425 INFO\t[50d21a262616082d0] root:535 - CONFIG: staticdir (str): /Users/fross/splunks/splunk-4.3.5/share/splunk/search_mrsparkle/exposed",
"_serial": "729"
},
"RAW_XML": "2012-12-19 11:48:55,425 INFO\t[50d21a262616082d0] root:535 - CONFIG: staticdir (str): /Users/fross/splunks/splunk-4.3.5/share/splunk/search_mrsparkle/exposed"
},
{
"fields": {
"date_zone": "local",
"date_mday": "19",
"date_minute": "48",
"message": "CONFIG: static_dir (str): share/splunk/search_mrsparkle/exposed",
"index": "_internal",
"log_level": "INFO",
"sourcetype": "splunk_web_service",
"splunk_server": "fross-mbp15.local",
"source": "/Users/fross/splunks/splunk-4.3.5/var/log/splunk/web_service.log",
"linecount": "1",
"date_wday": "wednesday",
"date_hour": "11",
"date_second": "55",
"date_year": "2012",
"component": "root",
"punct": "--_::,_t[]_:_-_:__():_///",
"host": "fross-mbp15.local",
"_sourcetype": "splunk_web_service",
"_indextime": "1355946537",
"requestid": "50d21a262616082d0",
"_kv": "1",
"line": "535",
"_cd": "54:8651",
"_si": [
"fross-mbp15.local",
"_internal"
],
"timestartpos": "0",
"date_month": "december",
"_subsecond": ".425",
"_time": "2012-12-19T11:48:55.425-08:00",
"timeendpos": "24",
"_raw": "2012-12-19 11:48:55,425 INFO\t[50d21a262616082d0] root:535 - CONFIG: static_dir (str): share/splunk/search_mrsparkle/exposed",
"_serial": "730"
},
"RAW_XML": "2012-12-19 11:48:55,425 INFO\t[50d21a262616082d0] root:535 - CONFIG: static_dir (str): share/splunk/search_mrsparkle/exposed"
},
{
"fields": {
"date_zone": "-480",
"date_mday": "19",
"date_minute": "49",
"message": "group=search_concurrency, system total, active_hist_searches=0, active_realtime_searches=0",
"index": "_internal",
"group": "search_concurrency",
"sourcetype": "splunkd",
"active_realtime_searches": "0",
"splunk_server": "fross-mbp15.local",
"source": "/Users/fross/splunks/splunk-4.3.5/var/log/splunk/metrics.log",
"linecount": "1",
"date_wday": "wednesday",
"date_hour": "11",
"date_second": "12",
"date_year": "2012",
"component": "Metrics",
"punct": "--_::._-____-_=,__,_=,_=",
"host": "fross-mbp15.local",
"_sourcetype": "splunkd",
"_indextime": "1355946552",
"_kv": "1",
"log_level": "INFO",
"_cd": "54:9267",
"_si": [
"fross-mbp15.local",
"_internal"
],
"active_hist_searches": "0",
"timestartpos": "0",
"date_month": "december",
"_subsecond": ".313",
"_time": "2012-12-19T11:49:12.313-08:00",
"timeendpos": "29",
"_raw": "12-19-2012 11:49:12.313 -0800 INFO Metrics - group=search_concurrency, system total, active_hist_searches=0, active_realtime_searches=0",
"_serial": "726"
},
"RAW_XML": "12-19-2012 11:49:12.313 -0800 INFO Metrics - group=search_concurrency, system total, active_hist_searches=0, active_realtime_searches=0"
},
{
"fields": {
"date_zone": "-480",
"date_mday": "19",
"date_minute": "49",
"message": "group=realtime_search_data, system total, drop_count=0",
"drop_count": "0",
"index": "_internal",
"group": "realtime_search_data",
"sourcetype": "splunkd",
"splunk_server": "fross-mbp15.local",
"source": "/Users/fross/splunks/splunk-4.3.5/var/log/splunk/metrics.log",
"linecount": "1",
"date_wday": "wednesday",
"date_hour": "11",
"date_second": "12",
"date_year": "2012",
"component": "Metrics",
"punct": "--_::._-____-_=,__,_=",
"host": "fross-mbp15.local",
"_sourcetype": "splunkd",
"_indextime": "1355946552",
"_kv": "1",
"log_level": "INFO",
"_cd": "54:9262",
"_si": [
"fross-mbp15.local",
"_internal"
],
"timestartpos": "0",
"date_month": "december",
"_subsecond": ".313",
"_time": "2012-12-19T11:49:12.313-08:00",
"timeendpos": "29",
"_raw": "12-19-2012 11:49:12.313 -0800 INFO Metrics - group=realtime_search_data, system total, drop_count=0",
"_serial": "727"
},
"RAW_XML": "12-19-2012 11:49:12.313 -0800 INFO Metrics - group=realtime_search_data, system total, drop_count=0"
},
{
"fields": {
"date_zone": "-480",
"date_mday": "19",
"date_minute": "49",
"message": "group=search_concurrency, system total, active_hist_searches=0, active_realtime_searches=0",
"index": "_internal",
"group": "search_concurrency",
"sourcetype": "splunkd",
"active_realtime_searches": "0",
"splunk_server": "fross-mbp15.local",
"source": "/Users/fross/splunks/splunk-4.3.5/var/log/splunk/metrics.log",
"linecount": "1",
"date_wday": "wednesday",
"date_hour": "11",
"date_second": "43",
"date_year": "2012",
"component": "Metrics",
"punct": "--_::._-____-_=,__,_=,_=",
"host": "fross-mbp15.local",
"_sourcetype": "splunkd",
"_indextime": "1355946583",
"_kv": "1",
"log_level": "INFO",
"_cd": "54:9769",
"_si": [
"fross-mbp15.local",
"_internal"
],
"active_hist_searches": "0",
"timestartpos": "0",
"date_month": "december",
"_subsecond": ".322",
"_time": "2012-12-19T11:49:43.322-08:00",
"timeendpos": "29",
"_raw": "12-19-2012 11:49:43.322 -0800 INFO Metrics - group=search_concurrency, system total, active_hist_searches=0, active_realtime_searches=0",
"_serial": "724"
},
"RAW_XML": "12-19-2012 11:49:43.322 -0800 INFO Metrics - group=search_concurrency, system total, active_hist_searches=0, active_realtime_searches=0"
},
{
"fields": {
"date_zone": "-480",
"date_mday": "19",
"date_minute": "49",
"message": "group=realtime_search_data, system total, drop_count=0",
"drop_count": "0",
"index": "_internal",
"group": "realtime_search_data",
"sourcetype": "splunkd",
"splunk_server": "fross-mbp15.local",
"source": "/Users/fross/splunks/splunk-4.3.5/var/log/splunk/metrics.log",
"linecount": "1",
"date_wday": "wednesday",
"date_hour": "11",
"date_second": "43",
"date_year": "2012",
"component": "Metrics",
"punct": "--_::._-____-_=,__,_=",
"host": "fross-mbp15.local",
"_sourcetype": "splunkd",
"_indextime": "1355946583",
"_kv": "1",
"log_level": "INFO",
"_cd": "54:9764",
"_si": [
"fross-mbp15.local",
"_internal"
],
"timestartpos": "0",
"date_month": "december",
"_subsecond": ".322",
"_time": "2012-12-19T11:49:43.322-08:00",
"timeendpos": "29",
"_raw": "12-19-2012 11:49:43.322 -0800 INFO Metrics - group=realtime_search_data, system total, drop_count=0",
"_serial": "725"
},
"RAW_XML": "12-19-2012 11:49:43.322 -0800 INFO Metrics - group=realtime_search_data, system total, drop_count=0"
},
{
"fields": {
"date_zone": "-480",
"date_mday": "19",
"date_minute": "50",
"message": "group=search_concurrency, system total, active_hist_searches=0, active_realtime_searches=0",
"index": "_internal",
"group": "search_concurrency",
"sourcetype": "splunkd",
"active_realtime_searches": "0",
"splunk_server": "fross-mbp15.local",
"source": "/Users/fross/splunks/splunk-4.3.5/var/log/splunk/metrics.log",
"linecount": "1",
"date_wday": "wednesday",
"date_hour": "11",
"date_second": "14",
"date_year": "2012",
"component": "Metrics",
"punct": "--_::._-____-_=,__,_=,_=",
"host": "fross-mbp15.local",
"_sourcetype": "splunkd",
"_indextime": "1355946614",
"_kv": "1",
"log_level": "INFO",
"_cd": "54:10097",
"_si": [
"fross-mbp15.local",
"_internal"
],
"active_hist_searches": "0",
"timestartpos": "0",
"date_month": "december",
"_subsecond": ".351",
"_time": "2012-12-19T11:50:14.351-08:00",
"timeendpos": "29",
"_raw": "12-19-2012 11:50:14.351 -0800 INFO Metrics - group=search_concurrency, system total, active_hist_searches=0, active_realtime_searches=0",
"_serial": "722"
},
"RAW_XML": "12-19-2012 11:50:14.351 -0800 INFO Metrics - group=search_concurrency, system total, active_hist_searches=0, active_realtime_searches=0"
}
],
"is_preview": true
}
},
"4.2.5": {
"results-empty": {
"fields": [],
"results": [],
"is_preview": null
},
"results": {
"fields": [
"_cd",
"_indextime",
"_kv",
"_raw",
"_serial",
"_si",
"_sourcetype",
"_subsecond",
"_time",
"active_hist_searches",
"active_realtime_searches",
"alert_actions",
"app",
"autoload",
"bytes",
"clientip",
"component",
"cookie",
"date_hour",
"date_mday",
"date_minute",
"date_month",
"date_second",
"date_wday",
"date_year",
"date_zone",
"dispatch_time",
"drop_count",
"earliest",
"eventtype",
"file",
"group",
"host",
"ident",
"index",
"line",
"linecount",
"log_level",
"message",
"method",
"other",
"punct",
"q",
"referer",
"referer_domain",
"req_time",
"requestid",
"result_count",
"return_to",
"root",
"run_time",
"savedsearch_id",
"savedsearch_name",
"scheduled_time",
"sid",
"source",
"sourcetype",
"spent",
"splunk_server",
"status",
"suppressed",
"thread_id",
"timeendpos",
"timestartpos",
"trigger_condition_state",
"uri",
"uri_domain",
"uri_path",
"uri_query",
"user",
"useragent",
"version"
],
"results": [
{
"RAW_XML": "127.0.0.1 - admin [19/Dec/2012:12:01:22.845 -0800] \"GET /services/search/timeparser/tz HTTP/1.1\" 200 2891 - - - 1ms",
"fields": {
"date_hour": "12",
"_subsecond": ".845",
"uri": "/services/search/timeparser/tz",
"date_zone": "-480",
"date_mday": "19",
"date_minute": "1",
"file": "tz",
"clientip": "127.0.0.1",
"index": "_internal",
"sourcetype": "splunkd_access",
"eventtype": "splunkd-access",
"splunk_server": "fross-mbp15.local",
"source": "/Users/fross/splunks/splunk-4.2.5.6/var/log/splunk/splunkd_access.log",
"linecount": "1",
"version": "HTTP/1.1",
"date_wday": "wednesday",
"method": "GET",
"status": "200",
"_serial": "0",
"date_second": "22",
"date_year": "2012",
"punct": "..._-__[//:::._-]_\"_////_/.\"___-_-_-_",
"host": "fross-mbp15.local",
"_sourcetype": "splunkd_access",
"_indextime": "1355947283",
"user": "admin",
"_kv": "1",
"_cd": "1:5282",
"_si": [
"fross-mbp15.local",
"_internal"
],
"uri_path": "/services/search/timeparser/tz",
"ident": "-",
"timestartpos": "31",
"date_month": "december",
"bytes": "2891",
"spent": "1",
"_time": "2012-12-19T12:01:22.845-08:00",
"timeendpos": "49",
"_raw": "127.0.0.1 - admin [19/Dec/2012:12:01:22.845 -0800] \"GET /services/search/timeparser/tz HTTP/1.1\" 200 2891 - - - 1ms",
"req_time": "19/Dec/2012:12:01:22.845 -0800",
"root": "services",
"other": "- - - 1ms"
}
},
{
"RAW_XML": "127.0.0.1 - admin [19/Dec/2012:12:01:22.762 -0800] \"POST /en-US/account/login HTTP/1.1\" 200 1897 \"http://localhost:8000/en-US/account/login?return_to=%2Fen-US%2Fapp%2Fsearch%2Fflashtimeline%3Fq%3Dsearch%2520search%2520index%253D_internal%2520%257C%2520head%252010%26earliest%3D0\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20100101 Firefox/17.0\" - 50d21d12c31e60610 35ms",
"fields": {
"date_hour": "12",
"referer": "http://localhost:8000/en-US/account/login?return_to=%2Fen-US%2Fapp%2Fsearch%2Fflashtimeline%3Fq%3Dsearch%2520search%2520index%253D_internal%2520%257C%2520head%252010%26earliest%3D0",
"_subsecond": ".762",
"uri": "/en-US/account/login",
"date_zone": "-480",
"date_mday": "19",
"date_minute": "1",
"file": "login",
"clientip": "127.0.0.1",
"index": "_internal",
"sourcetype": "splunk_web_access",
"splunk_server": "fross-mbp15.local",
"source": "/Users/fross/splunks/splunk-4.2.5.6/var/log/splunk/web_access.log",
"linecount": "1",
"version": "HTTP/1.1",
"date_year": "2012",
"method": "POST",
"status": "200",
"_serial": "1",
"date_second": "22",
"date_wday": "wednesday",
"_raw": "127.0.0.1 - admin [19/Dec/2012:12:01:22.762 -0800] \"POST /en-US/account/login HTTP/1.1\" 200 1897 \"http://localhost:8000/en-US/account/login?return_to=%2Fen-US%2Fapp%2Fsearch%2Fflashtimeline%3Fq%3Dsearch%2520search%2520index%253D_internal%2520%257C%2520head%252010%26earliest%3D0\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20100101 Firefox/17.0\" - 50d21d12c31e60610 35ms",
"punct": "..._-__[//:::._-]_\"_/-//_/.\"___\"://:/-//?=%-%%%%%%",
"host": "fross-mbp15.local",
"_sourcetype": "splunk_web_access",
"req_time": "19/Dec/2012:12:01:22.762 -0800",
"user": "admin",
"_kv": "1",
"return_to": "%2Fen-US%2Fapp%2Fsearch%2Fflashtimeline%3Fq%3Dsearch%2520search%2520index%253D_internal%2520%257C%2520head%252010%26earliest%3D0",
"_cd": "1:5211",
"_si": [
"fross-mbp15.local",
"_internal"
],
"uri_path": "/en-US/account/login",
"ident": "-",
"_indextime": "1355947283",
"timestartpos": "31",
"root": "en-US",
"bytes": "1897",
"spent": "35",
"_time": "2012-12-19T12:01:22.762-08:00",
"timeendpos": "49",
"date_month": "december",
"useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20100101 Firefox/17.0",
"referer_domain": "http://localhost:8000",
"other": "- 50d21d12c31e60610 35ms"
}
}
],
"is_preview": false
},
"results-preview": {
"fields": [
"_indextime",
"_kv",
"_raw",
"_serial",
"_sourcetype",
"_subsecond",
"_time",
"active_streams",
"blocking",
"bytes",
"client_app",
"clientip",
"component",
"count",
"date_hour",
"date_mday",
"date_minute",
"date_month",
"date_second",
"date_wday",
"date_year",
"date_zone",
"display_row_numbers",
"earliest",
"enable_event_actions",
"enable_field_actions",
"entity_name",
"eventtype",
"field_list",
"file",
"fillcontents",
"filter",
"host",
"ident",
"index",
"length",
"linecount",
"log_level",
"max_block_secs",
"max_lines",
"max_lines_constraint",
"max_pages",
"message",
"method",
"min_freq",
"min_lines",
"offset",
"other",
"output_mode",
"output_time_format",
"punct",
"q",
"queue_size",
"referer",
"referer_domain",
"req_time",
"reverse_order",
"root",
"s",
"segmentation",
"show_empty_fields",
"sid",
"source",
"sourcetype",
"spent",
"splunk_server",
"status",
"time_format",
"timeendpos",
"timestartpos",
"truncation_mode",
"uri",
"uri_path",
"uri_query",
"user",
"useragent",
"version"
],
"results": [
{
"fields": {
"max_block_secs": "0",
"date_zone": "-480",
"date_mday": "19",
"date_minute": "2",
"message": "rtsearch connection established, filter = '[ AND index::_internal search ]', active_streams = 1, queue_size = 10000, blocking = FALSE, max_block_secs = 0",
"index": "_internal",
"log_level": "INFO",
"sourcetype": "splunkd",
"eventtype": "splunkd-log",
"splunk_server": "fross-mbp15.local",
"source": "/Users/fross/splunks/splunk-4.2.5.6/var/log/splunk/splunkd.log",
"linecount": "1",
"date_wday": "wednesday",
"date_hour": "12",
"date_second": "18",
"date_year": "2012",
"component": "IndexProcessor",
"punct": "--_::._-____-___,__=_'[__::__]',__=_,__=_,__=_,__=",
"host": "fross-mbp15.local",
"_sourcetype": "splunkd",
"_indextime": "1355947338",
"_kv": "1",
"blocking": "FALSE",
"timestartpos": "11",
"queue_size": "10000",
"date_month": "december",
"_subsecond": ".172",
"filter": "'[ AND index::_internal search ]'",
"_time": "2012-12-19T12:02:18.172-08:00",
"active_streams": "1",
"timeendpos": "29",
"_raw": "12-19-2012 12:02:18.172 -0800 INFO IndexProcessor - rtsearch connection established, filter = '[ AND index::_internal search ]', active_streams = 1, queue_size = 10000, blocking = FALSE, max_block_secs = 0",
"_serial": "0"
},
"RAW_XML": "12-19-2012 12:02:18.172 -0800 INFO IndexProcessor - rtsearch connection established, filter = '[ AND index::_internal search ]', active_streams = 1, queue_size = 10000, blocking = FALSE, max_block_secs = 0"
},
{
"fields": {
"date_zone": "local",
"date_mday": "19",
"date_minute": "2",
"index": "_internal",
"sourcetype": "searches",
"splunk_server": "fross-mbp15.local",
"source": "/Users/fross/splunks/splunk-4.2.5.6/var/log/splunk/searches.log",
"linecount": "1",
"date_wday": "wednesday",
"date_hour": "12",
"date_second": "18",
"date_year": "2012",
"punct": "--_::,_-_t__=_|__",
"host": "fross-mbp15.local",
"_sourcetype": "searches",
"_indextime": "1355947338",
"_kv": "1",
"timestartpos": "11",
"date_month": "december",
"_subsecond": ".066",
"_time": "2012-12-19T12:02:18.066-08:00",
"timeendpos": "24",
"_raw": "2012-12-19 12:02:18,066 - admin\tsearch search index=_internal | head 10",
"_serial": "1"
},
"RAW_XML": "2012-12-19 12:02:18,066 - admin\tsearch search index=_internal | head 10"
}
],
"is_preview": true
}
}
}