zulip/zerver/fixtures/splunk/splunk_search_one_result.json

47 lines
1.4 KiB
JSON

{
"results_link": "http://example.com:8000/app/search/search?q=%7Cloadjob%20rt_scheduler__admin__search__sudo_at_1483557185_2.2%20%7C%20head%201%20%7C%20tail%201&earliest=0&latest=now",
"app": "search",
"result": {
"timestartpos": "0",
"_serial": "2",
"splunk_server": "myserver",
"date_month": "january",
"USER": "",
"date_second": "32",
"source": "/var/log/auth.log",
"timeendpos": "15",
"_si": [
"myserver",
"main"
],
"punct": "___::_-_:_(:):_____",
"host": "myserver",
"TTY": "",
"_raw": "Jan 4 11:14:32 myserver sudo: pam_unix(sudo:session): session closed for user root",
"_sourcetype": "syslog",
"index": "main",
"date_minute": "14",
"date_year": "2017",
"_kv": "1",
"process": "sudo",
"PWD": "",
"pid": "",
"_time": "1483557272",
"uid": "",
"date_zone": "local",
"sourcetype": "syslog",
"_indextime": "1483557272",
"date_hour": "11",
"date_mday": "4",
"linecount": "",
"eventtype": "",
"COMMAND": "",
"_eventtype_color": "",
"date_wday": "wednesday",
"_confstr": "source::/var/log/auth.log|host::myserver|syslog"
},
"sid": "rt_scheduler__admin__search__sudo_at_1483557185_2.2",
"search_name": "sudo",
"owner": "admin"
}