Splunk Search

Discussions

Thread Info

Eval rounding error too big

Hi, I'm getting a big rounding error when evaluating floating expressions. Here is the search that is evaluating the ...

by Path Finder in

extracting a data field

I have one event viewer log and I'm tryng to capture the data fields, since Splunk cannot recognize the timstamp by i...

by Path Finder in

How to draw a complex column chart

Hi, Splunk noob question: I defined and saved 3 searches: a. Users visiting my page. b. Users attempting to do act...

by Explorer in

Generate report of top n search queries

I'd like to generate a report of N top search queries from my apache weblogs. Log entry for a search looks like: ...

by Path Finder in

stats sum(duration) by user date_month date_year - Not really Addition of duration?

Splunkers... I am looking at a VPN logs from a Cisco ASA and trying to calculate the amount of time per day per user ...

by Explorer in

How to put SearchBar & HiddenSearch module to work together ?

Hello, I want to design an Form Seach which has a SearchBar on it to let user input their search keyords. And in t...

by Path Finder in

Limit result of a search query

Hi all, how can i limit this search query to the top 5 rows? eventtype="searchDC" Type="Audit Success" CategoryStr...

by Path Finder in

Time Picker, Search Picker for a Line Chart: Help with Advanced XML

I have been digging into the advanced xml stuff lately, and have come across a hurdle with simply figuring out the co...

by SplunkTrust in

List sum of fields across events

This seems like it would be easy. Maybe it is, and I'm being thick today.  Log lines look like ... server1 qs_...

by Influencer in

Monitor a file or directory indexing no longer working

The "monitor a file or directory" data input option is no longer working. When I add a new file this way, the source ...

by Explorer in

Charting values from performance record

I've got a log file that contains, time, controller, and CPU % used. I need to create a time chart that plots the CPU...

by SplunkTrust in

Search results not displayed when using certain fields in the initial search string

This is probably pretty straightforward but on my search head the following will not return any results: index=tra...

by Path Finder in

Having REGEX Problems

Sorry for the cross post but after posting i saw a recommendation to use this forum instead of splunk.com I am hav...

by Explorer in

Crossing multivalued fields

Got the following: One field with 4 types of values/functions and another field that is the status of those functions...

by Path Finder in

startminutesago/endminutesago vs earliest/latest

I know that from version 4 onward, use of the earliest and latest time parameters are preferred over the older startm...

by Motivator in

External lookups: lookup not found error

I'm following the instructions here and can't get it to even recognize the lookup. Did I miss something? My transf...

by Influencer in

Search with 3 fields and count

I'm trying to create a table which shows the following: - Domain Client_IP Client_User Count www.google.com 192...

by Path Finder in

Bucket Search Command Question

Hey, How would I go about writing a search that is able to show me how many events are found in a particular index...

by Motivator in

help to capture with rex an event

hello everybody, following is the event that i'm trying to capture with rex. [2010-08-05 17:51:11,661][info] INFO ...

by Path Finder in

Listing all tags in the search interface

I have been tagging hosts to aid in searching by environment, service, sub-service I would like to make a dashboar...

by Communicator in

Splunk Search

Discussions

Eval rounding error too big

extracting a data field

How to draw a complex column chart

Generate report of top n search queries

stats sum(duration) by user date_month date_year - Not really Addition of duration?

How to put SearchBar & HiddenSearch module to work together ?

Limit result of a search query

Time Picker, Search Picker for a Line Chart: Help with Advanced XML

List sum of fields across events

Monitor a file or directory indexing no longer working

Charting values from performance record

Search results not displayed when using certain fields in the initial search string

Having REGEX Problems

Crossing multivalued fields

startminutesago/endminutesago vs earliest/latest

External lookups: lookup not found error

Search with 3 fields and count

Bucket Search Command Question

help to capture with rex an event

Listing all tags in the search interface

Automatic Lookup local=true

Error - In handler 'savedsearch': Expecting differ...

Windows Servers - High CPU usuage of process that ...

ldapfilter does not return all attributes

Observing 30 mins dip in my Splunk Graph