Splunk Search

Community Activity

If I want to create a pie chart to show web access by browser, what is the best way to detect the browser? I'm going to make a pie chart to show web access by browser. I want to use httpagentparser (module) to python lookup ... by mishin Explorer in Splunk Search 11-02-2015 0 1	0	1
How to use stats to join 2 indexes based on 1 field Currently I have 2 indexes: Index A contains ProgramID, User Index B contains ID, Machine I would like to use stats ... by leonheart78 Explorer in Splunk Search 11-02-2015 0 4	0	4
How to edit my Apdex calculation search to prevent warning "'stats command: limit for values of field 'utt' reached."? Hi. I'm creating an Apdex SLA report on "user response time" performance in my application. I am aware about the "Ap... by patrik_lundberg New Member in Splunk Search 11-02-2015 0 1	0	1
How to extract fields from a specific field instead of raw data using the conf files? How to extract fields from a specific field instead of raw data using the conf files? Can it be done with EXTRACT-<cl... by rsimmons Splunk Employee in Splunk Search 11-02-2015 0 2	0	2
How to convert a time field with multiple formats to epoch at search-time? How do I take a time field with multiple human-readable formats and get the epoch time at search-time? by landen99 Motivator in Splunk Search 11-02-2015 0 6	0	6
Virtual index time setting not effective Hi Our data is stored in the following directories. Each directory contains 1 day of data. s3n://rcs-cms-event/cep/... by mikechu New Member in Splunk Search 11-02-2015 0 3	0	3
Is it possible to use regex in an inputs.conf monitor stanza? Hi Is it possible to do something like this: [MONITOR:///some directory/WE\d{8}.log] for indexing the following f... by edrivera3 Builder in Splunk Search 11-02-2015 1 3	1	3
How to use Rex command to extract this field from my sample log? Hi, Sample log file: STD QBATCH:P GRAUT 77718 R5609812_S0000001_5847829 I want to create that highlight... by Abilan1 Path Finder in Splunk Search 11-02-2015 0 13	0	13
Why is the transaction command with maxspan not giving accurate results? Hi, I have some transactions which have taken 3 hours to complete. When I use maxspan=90m, my transaction is breakin... by Laya123 Communicator in Splunk Search 11-02-2015 1 9	1	9
How to write a search to create a column that will produce results based on another column's data? Column1 Column2 28 28 46 46-28 58 58-(28+46) 89 89-(28+46+58) Is this possible? ... by payal23 Path Finder in Splunk Search 11-02-2015 0 2	0	2
Create a new field with cumulative count of a unique ID IS there a way I can create a new field with a cumulative count of a unique ID? For example, currently i have create... by keithyap Path Finder in Splunk Search 11-01-2015 0 2	0	2
How to write the regex for the removal of a header from a log file? I am trying to remove the header from a log file. I know that I need to put a stanza in props.conf on the forwarder ... by Bliide Path Finder in Splunk Search 11-01-2015 0 3	0	3
How do I divide each value in this row by a value in one of the columns? How would I divide each value in this row by the count(CMDB SERVER) calc? by jhayIV Engager in Splunk Search 10-31-2015 0 2	0	2
How to use SEDCMD to anonymize a field after automatic lookup from a CSV file at index-time? I want to do an automatic lookup from a CSV file on index time, and add new fields to the event. I got this working, ... by joarsvensson New Member in Splunk Search 10-31-2015 0 5	0	5
How can I optimize the performance of my search? I am doing a simple search: index=pqr host=xyz* NOT TYPE="ABCDE" \| fields X, Y \| timechart limit=0 span=10m count,... by m_vivek Path Finder in Splunk Search 10-31-2015 0 9	0	9
Top command causing issues with stats commands I am trying to audit bandwidth usage. The following search works as expected, except the URLS flood the URL field. I ... by alaking Explorer in Splunk Search 10-31-2015 0 1	0	1
Extract fields from an already extracted field Hi all, I'm trying to extract the filename and file ext of a windows path into to different fields. The sourcetype i... by markwymer Path Finder in Splunk Search 10-30-2015 0 5	0	5
How can I get a list of concurrent searches Hi, I need a detailed report on search concurrency, for both scheduled and interactive searches. How would I get th... by a212830 Champion in Splunk Search 10-30-2015 0 2	0	2
How to use the output from one search as input for another search? I have a search that results in an IP address as the result with the field name clientIP: host=hostname SSL=TLSv1.2 ... by mkatz New Member in Splunk Search 10-30-2015 0 6	0	6
Can we put or in 2 regex conditions Can we put or in 2 regex conditions? If no, is there any alternative? for example index = idx1 \| regex name = ^Aa ... by aashish_122001 Explorer in Splunk Search 10-30-2015 0 3	0	3
How to find out which field values from logs that are not found in a CSV file? The abclogs index contains a field call "userid" and there is similar field "identity" in the file totalname.csv. Now... by chlily New Member in Splunk Search 10-30-2015 0 3	0	3
How do I search and alert on processes that are not running on a list of hosts? I have to identify processes not running on a list of hosts. To do this, I have a lookup table with all the processes... by gcusello SplunkTrust in Splunk Search 10-30-2015 0 1	0	1
How to edit my regex to filter out images in Apache logs from being indexed? Hi, We have a large amount of data in the Apache log files, and we do not want images to be indexed. How do I match... by dmccabe2 New Member in Splunk Search 10-30-2015 0 3	0	3
How to edit my eval statement to extract values for the current day to find the percentage difference between dates? Hi, I posted this question before, but was unable to attach the picture later in the thread. I am looking to add a c... by pmcfadden91 Path Finder in Splunk Search 10-29-2015 0 5	0	5
Is search performance affected by number of warm buckets? I would like to know if search performance could be increased by moving buckets from warm to cold? My main index cont... by DDerck New Member in Splunk Search 10-29-2015 0 1	0	1