Splunk Search

Discussions

Thread Info

Paused searches available after a restart?

We have a long search running, and need to restart Splunk. Will a job that is "paused" be able to be restarted after ...

by Motivator in

Alert on user with different src address

Hello, I'm trying to setup an alert that fires when a user tries to log in from more than one src ip address within t...

by Builder in

Multi-line event field extraction

I have logs being indexed that look like: /some/filesystem/path 1234567890 1500 /some/filesystem/path2 1256320145 ...

by Path Finder in

Most efficient to find most recent eventtype by host

It is easy and fast to get the last event logged by a particular host using metadata, but has anyone concocted an eff...

by Contributor in

Is it possible to refer to externally-hosted CSS, images, etc in view XML?

I'm trying to create a customized view by building my own XML, and I see that it's possible to refer to CSS and image...

by Engager in

multivalues in field

I have a data like this: NUM=001,Rules="Food Water" NUM=002,Rules="Water Product" NUM=003,Rules="Water" N...

by Explorer in

Getting the wrong list of OSSEC server when rebuilding lookup table?

Hi, I have only one the OSSEC server (manager) where I install Splunk. When I access OSSEC Agent Status from the D...

by New Member in

Per-app field name prefixes?

We're building an app for WebSphere and trying to come up with a naming convention for field names. I'm nervous a...

by Contributor in

Jobs Page Show Owner as Logged in User and Status Running

Is it possible to set this up? Upon landing on the jobs page to have the 'Owner' as myself (currently logged in) w...

by Communicator in

Subsearch does not work

What is wrong with following search: sourcetype="security" ip=[search sourcetype=access_combined status=401 client...

by Splunk Employee in

How to customize time intervals for time range in Time Range Picker

I want to customize time intervals for the options in Time Range Picker. For Ex- If I select Last 7 days from drop do...

by Path Finder in

How to sorted stacked bar chart ?

dear all i wanna show ratio in bar chart by special field, for example i use my search | stats count by DEST_IP...

by Contributor in

Can We have different Time Range Picker According to Screens

I have 5 Screens. For Screen 1,2 and 3 I want "Real Time" option in Time Range Picker. But for Screen 4 and 5, ...

by Path Finder in

Transforms.conf: Need help combining regex (simple)?

I'm sure this is really simple but I've been unable to figure out the syntax to combine these 2 regexes in my transfo...

by Champion in

Chart a specific value

Sorry... I'm completely new to this. I have used punct (search feature) to select the type of record from my home aut...

by New Member in

Omit/filter/exclude events from a transaction

When I do the following search sourcetype="access*" [ search method="POST" |fields clientip | rename clientip as q...

by New Member in

link 2 search together by in multivalue field

following best view with courier font  I need to create a report from QMAIL log. There will be more then one thr...

by Explorer in

search command to check missing events by sourcetypes/source?

Hi, I'm using this command to search for hosts that have stopped sending data within the last 24 hours.Using this,...

by Contributor in

how to extract fields from one event in a log file and append them to other events in same log?

My log files: ============= 2011-06-05 05:11:23.234 Program Version 10.02.2345 2011-06-05 05:11:23.239 event...

by Explorer in

How do I get the amount of time between event A and B into a field?

Say you have a stream of events, such as web page accesses. There is no field for amount of time on a certain page, s...

by Motivator in

Splunk Search

Discussions

Paused searches available after a restart?

Alert on user with different src address

Multi-line event field extraction

Most efficient to find most recent eventtype by host

Is it possible to refer to externally-hosted CSS, images, etc in view XML?

multivalues in field

Getting the wrong list of OSSEC server when rebuilding lookup table?

Per-app field name prefixes?

Jobs Page Show Owner as Logged in User and Status Running

Subsearch does not work

How to customize time intervals for time range in Time Range Picker

How to sorted stacked bar chart ?

Can We have different Time Range Picker According to Screens

Transforms.conf: Need help combining regex (simple)?

Chart a specific value

Omit/filter/exclude events from a transaction

link 2 search together by in multivalue field

search command to check missing events by sourcetypes/source?

how to extract fields from one event in a log file and append them to other events in same log?

How do I get the amount of time between event A and B into a field?

Search That Looks Back in Time and Checks Fields

Generate timechart with normalized/rescaled data p...

mvexpand issues and alternative needed

Continue on dbxquery Failure

How to display a unit format and a color format in...