Splunk Search

Community Activity

Need to rename just one header Hi, I need to be able to change the _time column header to something else instead of just saying _time (I guess that... by infra2sec Path Finder in Splunk Search 07-25-2016 0 2	0	2
average count events Hey guys. I need to know what ip have less events then avarage of all devices. for example: ip events 1... by Shark2112 Communicator in Splunk Search 07-25-2016 0 1	0	1
Splunk for Unix Sourcetypes for syslog All, I am looking at Splunk for Unix TA. I see the /var/log/messages input and for the life of me I can't find in t... by daniel333 Builder in Splunk Search 07-25-2016 0 2	0	2
Send a message Hi, I want to create my own message (like https://answers.splunk.com/storage/attachments/67212-splunk-alert.png - bu... by lukasz92 Communicator in Splunk Search 07-25-2016 0 1	0	1
How often users are searching for old data Is it possible to find out what time range Splunk users are searching for? We're upgrading our multi-site cluster fro... by shahzadarif Path Finder in Splunk Search 07-24-2016 0 2	0	2
simple xml dashboard eval strptime using old value not updated value for timepicker Hi In my dashboard I have a lot of the following timestamps at the beginning of I have a timepicker <input type="... by mortenb123 Path Finder in Splunk Search 07-24-2016 0 6	0	6
How can I parse and index fields from XML data? I input an XML file and indexed it, but found there are fields that contain XML. How can I parse and index fields f... by hanshen Explorer in Splunk Search 07-24-2016 0 3	0	3
What is the purpose of the file conf.conf found in .../etc/system/default ? I read 12 questions/answers when searching for conf.conf. I still have no idea of the meaning/purpose of that file. ... by Thuan Explorer in Splunk Search 07-24-2016 0 2	0	2
Creating index in another drive windows How can I create index in another drive, I am running splunk on windows and its in C: drive. So I want to create an i... by masterpiece Engager in Splunk Search 07-24-2016 0 2	0	2
Has anyone done hardware benchmarking with Splunk and these m2 interface disks? All, Has anyone done any hardware benchmarking with splunk and these m2 interface disks? http://www.tomshardware.c... by daniel333 Builder in Splunk Search 07-23-2016 0 1	0	1
How to write a search to alert if our Tomcat server is down? Hi, We need to create an alert to check if tomcat is up and running. This we could identify using pid. If tomcat is... by splunker9999 Path Finder in Splunk Search 07-23-2016 0 5	0	5
Can you add dynamically to your events when theres a match in lookup? I have a static or .csv file that lookups with a field in the events. If there is a match It should create a field dy... by ashishlal82 Explorer in Splunk Search 07-23-2016 0 1	0	1
For data indexed after the hour, how do I prevent events from showing up for the wrong day? We are pulling in data from the previous hour at 5 minutes after the current hour. This is because the source data wi... by JDukeSplunk Builder in Splunk Search 07-23-2016 0 6	0	6
Where can I learn more about how Splunk indexing works to process unstructured data to make it easily searchable? Hello, I am new to Splunk. Been reading a few of their papers, but I would like to learn more about how the indexing... by mhuntington Explorer in Splunk Search 07-22-2016 0 1	0	1
How can I list full table entries when an extracted field has multiple values? Good morning. So I have a search which generates a list of recipients for a particular message subject. The search... by user12345a_2 Explorer in Splunk Search 07-22-2016 0 3	0	3
How to configure Splunk to break events after an empty line or before certain strings? We have the logs like below pattern. We want to break the events after an empty newline or starting before ERROR: or... by dhavamanis Builder in Splunk Search 07-22-2016 0 2	0	2
CSV File with inline field data extracting headers incorrectly I have a csv file that we're getting from an ALU application that is proving incredibly difficult to work with. This... by burras Communicator in Splunk Search 07-22-2016 0 2	0	2
Diff Nessus Reports I'm trying to compare two monthly Nessus reports using Splunk with the following command: sourcetype="nessus:scan" n... by leunammejii New Member in Splunk Search 07-22-2016 0 1	0	1
Extract last field from pair of lines in a log file Data looks like this # grep 28969 request.log 22/Jul/2016:15:09:54 +0200 [28969] -> GET /libs/granite/csrf/token.js... by smurf4568 New Member in Splunk Search 07-22-2016 0 2	0	2
How can I extract specified fields from the log files uploaded in Splunk thru a UI? I have created a UI which loads the user selected log file in Splunk. Now I have to extract some fields from that fil... by tankhanandita Explorer in Splunk Search 07-22-2016 0 6	0	6
How to search all events from multiple sourcetypes that have a matching field? Hi, I'm new to Splunk and I want make a search that finds all events from multiple sourcetypes that have a matching... by festeves Engager in Splunk Search 07-22-2016 0 4	0	4
Multiple (same) Keyword search Hi I'm currently trying to use splunk to identify when a log is produced with the same line twice (eg below) Wed 20... by jameslitt New Member in Splunk Search 07-22-2016 0 3	0	3
Update tokens and sources with JS Hello, I am trying to investigate how automated Splunk reporting can be. Is it possible to integrate a JS script to ... by test365498 Path Finder in Splunk Search 07-22-2016 0 3	0	3
How to configure limits.conf to make the most of our hardware and improve search performance? My company has two massive machines as search heads: 256GB RAM and 24 cores each. The indexers are equipped just fine... by dwh_splunk Explorer in Splunk Search 07-22-2016 2 2	2	2
Need to change the field delimiter after extraction example as below. The output that i am receiving is separated by commas.. it is possible to get the output separated ... by prachisaxena Explorer in Splunk Search 07-22-2016 0 1	0	1