I added a field "cluster" to all my events, so that I can search for results in a Hadoop cluster specified. I edited inputs.conf on each node for example with
[default]
_meta = cluster::Test8
and fields.conf with
[cluster]
INDEXED=true
The cluster information is displayed fine in Splunk Search:
![alt text][1]
If I try to search for a specific cluster however get no results:
![alt text][2]
When I search for cluster=*Test8 the search works fine again. When I try to plot data (CPU_Load) with timechart and plot it by cluster it messes up the diagram, because it doesn't show any data points.
Thanks for your help!
[1]: /storage/temp/76238-splunk1.jpg
[2]: /storage/temp/76239-splunk-2.jpg
↧