Find Answers

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
Category Activity
V_at_Splunk
Such a helpful command, and yet doesn't work for me...
by V_at_Splunk Splunk Employee Splunk Employee in Splunk Search 02-05-2010
1 3
1
3
Mick
When I run this search - source="*conn.log" | rex field=_raw "\.IP = '(?<connectionIp>[^']+)" | fields host, connect...
by Mick Splunk Employee Splunk Employee in Splunk Search 02-05-2010
4 1
4
1
Mick
We are attempting to create a report that compares message traffic for the past two complete weeks. We have this as...
by Mick Splunk Employee Splunk Employee in Splunk Search 02-05-2010
0 2
0
2
Yancy
Any recommended best practices for managing eventtypes and their corresponding tags? I've found the Splunk Common In...
by Yancy Path Finder in Splunk Search 02-02-2010
0 2
0
2
dinh
What is wrong with this regex? (?P<AUTH_PIN_TYPE>[^ ]+)( [^ ]+){2}$ The interactive field extractor gives this err...
by dinh Path Finder in Splunk Search 02-01-2010
0 5
0
5
cfrln
I am using the transaction command to sessionize web access log events and therefore have made referer, uri etc. into...
by cfrln Explorer in Splunk Search 02-01-2010
4 3
4
3
hans
Let say I have events coming in everyday and I want to group the events as Monday's events, Tuesday's events, and so ...
by hans Splunk Employee Splunk Employee in Splunk Search 01-29-2010
1 2
1
2
Yancy
Sometimes Splunk sets the sourcetype on an incoming file as breakable_text or too_small. What determines these sourc...
by Yancy Path Finder in Getting Data In 01-29-2010
1 1
1
1
hulahoop
Use Case: Find Juniper firewall events where the source/destination IP (Src_Zone/Dst_Zone) does or does not belong in...
by hulahoop Splunk Employee Splunk Employee in Splunk Search 01-28-2010
5 5
5
5
hulahoop
Use Case: Correlate logon events from a Windows desktop to events on the domain controller. Sample (shortened) event...
by hulahoop Splunk Employee Splunk Employee in Splunk Search 01-28-2010
2 9
2
9
matt
I've got an application that logs status events. The values in these events generally will not change. Is there a s...
by matt Splunk Employee Splunk Employee in Splunk Search 01-27-2010
1 1
1
1
Justin_Grant
I'm trying to use Splunk to monitor both runtime metrics and configuration state of a server application like JBoss o...
by Justin_Grant Contributor in Getting Data In 01-27-2010
2 4
2
4
dinh
What is wrong with the way I'm using eval here? source="/some.audit.log" "End" "/foo/baz" | rex field=_raw "(?P<ReqI...
by dinh Path Finder in Splunk Search 01-27-2010
0 5
0
5
benstraw
I don't want to restart splunk right now, but the UI is giving my and my users an annoying message saying I need to r...
by benstraw Splunk Employee Splunk Employee in Deployment Architecture 01-27-2010
2 2
2
2
benstraw
I have a report on my dashboard that takes a very long time to build, how can I use summary indexing to improve the p...
by benstraw Splunk Employee Splunk Employee in Dashboards & Visualizations 01-25-2010
0 3
0
3
Johnvey
Sometimes I come across an event in my index that I'd like to refer to later, either as part of an investigation or t...
by Johnvey Contributor in Splunk Search 01-25-2010
1 3
1
3
Justin_Grant
I'm thinking about using the DEDUP commend to solve the following problem: I have an event with an ID field and I'd l...
by Justin_Grant Contributor in Monitoring Splunk 01-22-2010
2 1
2
1
Mick
I have a saved seach setup to check every minute for file changes. I have the start time set for [-1m] to search bac...
by Mick Splunk Employee Splunk Employee in Splunk Search 01-22-2010
2 1
2
1
Justin_Grant
I have a log which often has redundant events, where "redundant" is defined as 2+ events, on subsequent lines, where ...
by Justin_Grant Contributor in Splunk Search 01-22-2010
0 2
0
2
Mick
I need to understand how adding fields to raw data will increase our index size growth. We are in the process of addi...
by Mick Splunk Employee Splunk Employee in Splunk Search 01-21-2010
2 1
2
1
matt
I need to share all of the field extractions in my app with all of the other apps on the system. What is the most ef...
by matt Splunk Employee Splunk Employee in Splunk Search 01-21-2010
2 5
2
5
matt
$SPLUNK_HOME/var/lib/splunk/defaultdb/db/Sources.data On a fresh install I see this file has something like this: ...
by matt Splunk Employee Splunk Employee in Splunk Search 01-21-2010
1 2
1
2
Ledio_Ago
Are there ways in Splunk to monitor and index any activity on Windows Registry?
by Ledio_Ago Splunk Employee Splunk Employee in Getting Data In 01-20-2010
2 1
2
1
benstraw
I set up an alert action to create an rss feed and there is an rss link in the table view of all of my saved searches...
by benstraw Splunk Employee Splunk Employee in Reporting 01-20-2010
2 1
2
1
Justin_Grant
[UPDATE: from the answer below, it sounds like what I'm looking for is not supported in the product today. I'm tackin...
by Justin_Grant Contributor in Splunk Search 01-20-2010
18 2
18
2
Splunk Learning

Splunk has training and education options for everyone, whether it's your first or fiftieth deployment.

Get Started

Announcements
Register for Upcoming Live Tech Talks! Security and Observability Editions are held every month.

How digitally resilient are you? Take a quick Digital Resilience Assessment to find out if you're prepared for disruption!
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...
Top Karma Authors