Splunk Search

Community Activity

Splunk 6.3.0: Source type not getting applied to forwarded structured data I am using splunkforwarder-6.3.0-aa7d4b1ccb80-linux-2.6-x86_64.rpm to forward tab delimited structured data from one ... by pbadhe Explorer in Splunk Search 10-11-2015 0 4	0	4
Removing duplicates HI , i am new to splunk i need to create a report that has rest calls which has mulitple path parameters , so it was ... by 12onetwo New Member in Splunk Search 10-11-2015 0 1	0	1
How to prevent \| stats count in a macro from triggering a remote search? Using \| stats count is often useful to do a quick test \| stats count \| some search where you do not need event data ... by chris Motivator in Splunk Search 10-11-2015 1 10	1	10
How to get physical address given latitude and longitude coordinates and show it in a table? Given that I have my latitude an longitude in an RDBMS and I can access it using Splunk DB Connect. I want to show th... by rongruspe New Member in Splunk Search 10-11-2015 0 8	0	8
How can I search on _internal logs from forwarders in my environment? Hello everyone, It seems like I couldn't find any previous answer on this from the community. I have more than 1000 ... by yonphang Explorer in Splunk Search 10-10-2015 0 3	0	3
Hard Disk Change on the Indexers We have a clustered environment. 3 Indexers , 1 search head, 1 cluster master , 4 heavy forwarders and 100+ universal... by athorat Communicator in Splunk Search 10-10-2015 0 3	0	3
All resource graphs empty I installed SoS, enabled the collection scripts, and even though the scripts run fine and data is indexed, the resour... by n5zap Explorer in Splunk Search 10-09-2015 0 1	0	1
How do you turn minute offset columns into timestamps? I've got a csv file that looks like this: Key, Description1, 0, 1,2, 3, 4, 5, 6,7,8,9,10 A , Description of A, ... by gbronner_rbc Explorer in Splunk Search 10-09-2015 0 1	0	1
How to add a separate column which displays the total of the count? The following is my search …..My Search…… \| stats count by orderid,source,host Which displays the following resul... by pavanae Builder in Splunk Search 10-09-2015 0 6	0	6
how to show added and deleted in set diff I am using \| set diff to find the names that have been changed yesterday compared to a week using the search as below... by vinay4444 Explorer in Splunk Search 10-09-2015 0 1	0	1
Chart number of results returned from scheduled searches I have a scheduled search that runs each minute, and the basic premise is that the resulting events get passed to a P... by IngloriousSplun Communicator in Splunk Search 10-09-2015 0 3	0	3
Extracting calculated fields from an XML input doesn't work I'm trying to extract some fields from an XML input. The sourcetype is set up correctly, and I get all kinds of extra... by arkadyz1 Builder in Splunk Search 10-09-2015 0 4	0	4
Regex to match the price amount in Splunk? The following are my search results <Total_Amount_Due>122.34</Total_Amount_Due> <Total_Amount_Due>2.3</Total_Amount_... by pavanae Builder in Splunk Search 10-09-2015 0 3	0	3
Can I add more details to my license usage by time search to see how much is going to DEBUG logs? I use the License Usage search (generally when I click through on a host or source from the License Usage page) and c... by Celeste Engager in Splunk Search 10-09-2015 0 4	0	4
Replicate field percentage breakdown in SPL? If you click on a field name in the left column it will give you top results for that field, along with the percentag... by muebel SplunkTrust in Splunk Search 10-09-2015 0 1	0	1
How do I create and display a trend of the 10 largest database tables returned in my search results? I am setting up some trending. We currently collect stats on the largest tables and load them into Splunk. I am abl... by treadyho New Member in Splunk Search 10-09-2015 0 2	0	2
Format result table as tree or make indentations (parent-child relation) I have following data in data in columns: id parent step_name 1 Step_1 2 1 Step_1_1 3 2 ... by ptrstpp950 New Member in Splunk Search 10-09-2015 0 7	0	7
How do I parse my XML data in a single search? I've an xml wth below structure <root><stats> <total> <stat pass="12" fail="12">C</stat> <stat p... by i2sheri Communicator in Splunk Search 10-09-2015 0 6	0	6
How to extract values from rows that either contain Dept or do not contain Dept? 2015-05-01 07:33 - [User Login] \| Name#ID \| 'John#11' \| :User name: 'John', ID: '11' successfully logged in 2015-05-0... by lctanlc New Member in Splunk Search 10-08-2015 0 1	0	1
As a beginner, how do I actually get to the Splunk CLI to put commands in ? As a beginner, how do I actually get to the Splunk CLI to put commands in ? by jboike Explorer in Splunk Search 10-08-2015 0 4	0	4
Are the Splunk Conf 2011 videos available anywhere? All, Crazy question. Are 2011 conf videos available anywhere? I remember a Field extraction/Regex track that could ... by daniel333 Builder in Splunk Search 10-08-2015 0 2	0	2
Value from Rex command used to perform a new search with extracted value Hello all, New to Splunk and trying to figure out what I am doing wrong or best way to do the following. I am tryin... by splunker1981 Path Finder in Splunk Search 10-08-2015 0 5	0	5
Report on how log a user was logged on? I am trying to generate a report that show how long users stayed logged on. I can do a search and find the users and ... by neiowe Path Finder in Splunk Search 10-08-2015 1 1	1	1
Filtered search from 2 searches I have 2 searches: 1. Search(AAA)\|rename _time as TimeA\|table TimeA host; 2. Search(BBB)\|rename _time as TimeB\|tabl... by AllenZhang Explorer in Splunk Search 10-08-2015 0 4	0	4
How to change my stats sum(x) search to an hourly timechart sum(y)? Hi I have the following search which displays the sum of a field, but I am trying to put a time chart in hourly whi... by pavanae Builder in Splunk Search 10-08-2015 0 4	0	4