| | It is a subtlety of the search language that keyword searches run against the raw event data only. To search metadat... 1 2 | 1 | 2 | |
| | Apart from the fact that a lightforwarder does not have a web UI, what are the main differences between the 2 apps? 0 2 | 0 | 2 | |
| | I'd like to limit certain users from running expensive searches by limiting the number of results that can be returne... 2 1 | 2 | 1 | |
| | Hi I have set up a light weight forwarder that appears to be getting data to the indexer. But I can't search for an... 2 2 | 2 | 2 | |
| | I'm trying to configure a search Time Window for my Splunk roles. I've read the documentation but can't find instruc... 1 1 | 1 | 1 | |
| | How do I change the default granularity on a chart? It appears I'm hitting a limit somewhere and I'm not getting as ... 5 2 | 5 | 2 | |
| | While I browse my local drive in Explorer I would like to add and search some log files with Splunk without opening a... 1 1 | 1 | 1 | |
| | There are some who are really good at regular expression, some okay, and the rest who downright are lost beyond a spl... 2 1 | 2 | 1 | |
| | Seeing this error in splunkd.log on a splunk indexer when running a saved search. What does it mean? 2 1 | 2 | 1 | |
| | I'm trying to configure LDAP auth for Splunk. I'm running into an issue where AD is only giving me 1000 entries and ... 2 2 | 2 | 2 | |
| | Does maxresults in limits.conf have an effect when piping results to the stats command? For example, if I run a sear... 2 1 | 2 | 1 | |
| | I have millions of events being indexed by Splunk now and I suspect something is happening within my IT environment a... 1 1 | 1 | 1 | |
| | In the installation manual it shows how once you have indexed some data by using the "du -shc hot_v*/rawdata" command... 1 1 | 1 | 1 | |
| | I need to do the following on my forwarder: Forward all data received and gathered by the forwarder to Splunk indexe... 1 1 | 1 | 1 | |
| | [I heard this question on an internal mailing list, but it seemed generally relevant so asking it here too] I have a... 1 2 | 1 | 2 | |
| | Hi Splunkers, I have a sample Perforce log file and I'm trying to extract the code contributors. Here is an example:... 2 2 | 2 | 2 | |
| | I created a snazzy new report that generates a chart, how can I add this to my dashboard? 1 3 | 1 | 3 | |
| | How do i use the same search strings in splunks UI on the command line? 0 4 | 0 | 4 | |
| | There are plenty of ways to specify the exact time range or maximum range between two events in a search. But I need ... 3 1 | 3 | 1 | |
| | explain the significance of the connected flag in transaction 2 1 | 2 | 1 | |
| | Dan Goldburt asks: I'm consistently getting the following request from customers: "can I see where each event came fr... 1 1 | 1 | 1 | |
| | The use of LINE_BREAKER is a bit cryptic to me... ok, a lot. But I think I've managed to figure out how to break my ... 0 6 | 0 | 6 | |
| | When I've created a new index. how can I direct certain sourcetypes to be indexed in that new index, rather than into... 0 1 | 0 | 1 | |
| | When attempting to make a Simple Form Search using the Developer Manual documentation, I encounter the error: Not... 0 1 | 0 | 1 | |
| | What I'm trying to do: at index time, create a multiline event based on a unique ID. In the data sample below, I nee... 2 6 | 2 | 6 | |
