Splunk Search

Community Activity

Setting table headers? I have a transposed table, and I want to change the header. Because of being transposed, it looks like this now: <hea... by szabados Communicator in Splunk Search 05-11-2015 0 1	0	1
Top 10 values and other to be Grouped in "OTHERS"..?? Hi All, I am bit new to this Splunk I am able to get top 10 values but not able to group other ( not in top 10 ) in ... by SanthoshSreshta Contributor in Splunk Search 05-11-2015 1 2	1	2
REST API/Curl help Hi, I have a search that runs within Splunk, but when I try it via curl, I get an error. Hoping someone can help me... by a212830 Champion in Splunk Search 05-11-2015 0 2	0	2
How to debug transforms.conf regex errors Hi I have a logfile with different formated lines and I want to extract comon fields . My props.conf looks like: ... by huaraz Explorer in Splunk Search 05-11-2015 0 2	0	2
How i get Avg, Max, Min for every 5 min interval one by one in row? I create query which give total Average, min and max value in one row i need the result come in every 5 minuet Avg, ... by nitesh218ss Communicator in Splunk Search 05-11-2015 0 9	0	9
Help with search and stats Hi, I need to report on the latest events per two fields - remotehost and FS_Name. The FS_Name could be the same on... by a212830 Champion in Splunk Search 05-11-2015 0 5	0	5
why I am not able to find my string using search? I am trying to find the string using search "com.jdedwards.system.connector.dynamic.InvalidRemoteSessionException". T... by Abilan1 Path Finder in Splunk Search 05-11-2015 0 7	0	7
format command using up memory I got a simple search which uses format command and I noticed that the search uses up much more memory than when I do... by cwl Contributor in Splunk Search 05-10-2015 1 1	1	1
predict does not span the full dataset Hello all, Using Splunk 6.2.1 enterprise, with the wonderfull "predict" feature on my dataset. Can't seem to solve... by kenvanderheyden Path Finder in Splunk Search 05-10-2015 0 2	0	2
Using "eventtype" inside "if" function of "eval" command? This is a repost from the forums and includes the question AND THE ANSWER!</p> QUESTION: I have an event defined li... by woodcock Esteemed Legend in Splunk Search 05-10-2015 0 3	0	3
radial/marker/and filler gauge viualistions + controlling the ranges dynamically I am looking at the radial/marker/and filler gauge viualistions. As I understand it I have to have my search so tha... by HattrickNZ Motivator in Splunk Search 05-10-2015 0 2	0	2
Unpivoting a lookup table I have an interesting lookup table problem. I essentially want to unpivot a lookup table (in other words I have multi... by Splunkster45 Communicator in Splunk Search 05-10-2015 0 1	0	1
Splunk DB Connect 1.1.6: Why are MS SQL dbquery results sent to an index using a database input not parsing all fields correctly? I am using Splunk DB Connect 1.1.6 to connect to a SQL database. The dbquery using select * from databasename works f... by aervillar New Member in Splunk Search 05-10-2015 0 8	0	8
How to rename a database input from "db_input_1" to "db_input_X" without losing state.xml values and maintain data integrity? Hi I've defined database input "db_input_1" and that points to index "index_1"...the setup is in production meaning ... by ronak Path Finder in Splunk Search 05-09-2015 0 1	0	1
stats count not work in sub query? I create a query which have sub query i want total number of event on sub query but they show blank result My Quer... by nitesh218ss Communicator in Splunk Search 05-09-2015 0 11	0	11
Why would Transaction with endswith option return incorrect duration? Following query with Transaction without endswith host=phenix ("Scheduler started" OR "Scheduler stopped" OR "Resta... by sanjay_shrestha Contributor in Splunk Search 05-08-2015 0 1	0	1
Return all rows in which field value included in subsearch result Hello! I guess I need something like selfjoin, but selfjoin joins to itself, when I have to filter results with subse... by sergiyd New Member in Splunk Search 05-08-2015 0 10	0	10
Lookup Works from Search Head, But Not From Indexer? I am trying to run a search that populates a summary index using a lookup. The lookup works just fine on the searc... by aferone Builder in Splunk Search 05-08-2015 0 6	0	6
How to write the regex to parse comma separated values for a single field in a log? I need some help trying to parse a log that may have something like the following: 192.168.x.x process: field_a (va... by sswansonchtr Path Finder in Splunk Search 05-08-2015 1 7	1	7
How do I report on timestamps for earliest and latest field values for multiple events in a search? I have a list of logs that are relevant to a specific sourcetype and serial Number. My search results in the followin... by aramakrishnan New Member in Splunk Search 05-08-2015 0 2	0	2
Why Does Regex Not Match Ampersand? I have an event field in the format of fieldTitle=Type: This is a description. Sometimes this event field contains a... by IngloriousSplun Communicator in Splunk Search 05-08-2015 0 9	0	9
Translate Column values Hi, Say I have indexed a file that has this structure: 1\|A\|B 2\|C\|D I have a mapping like this : 1="Val1" 2="Val2"... by michael_lee Path Finder in Splunk Search 05-08-2015 0 1	0	1
How many indexes i can create in a splunk instance? How many number of indexes i can create in an indexer ? Is there any disadvantages , on too many indexes ? Keeping ... by splunker12er Motivator in Splunk Search 05-08-2015 2 6	2	6
Splunk 6.0/6.2: Methods to get/download Splunk search results Hi Splunk Team, We have an objective to get Splunk Search Results i) to connect to splunk site to get the output... by srikamal New Member in Splunk Search 05-07-2015 0 1	0	1
Indexing a log file comes up with empty results. Hello- I am trying to index some files in a directory local to the splunk server (/tmp/risqiq/). I can see in the S... by agregory23 New Member in Splunk Search 05-07-2015 0 2	0	2