Splunk Search

Community Activity

Get Percentage of Network bandwidth I'm looking to define a query that allows me to query the Network Interface for all my machines and create a percenta... by tysonjhayes Explorer in Splunk Search 05-06-2015 0 9	0	9
get size/bytes of log events and the number events by direction (request/response) I am trying to get the number of requests/response that we send/receive to/from one application and the combined size... by edookati Path Finder in Splunk Search 05-06-2015 0 2	0	2
Why is the markup all jacked? It seems to be switching my valid lessthan/greater than symbols to html entities even when marked as code! example: <myfield> by rsennett_splunk Splunk Employee in Splunk Search 05-06-2015 0 1	0	1
How can I create a third field based on unique combinations of two other fields Hello all, I am really new to Splunk and cannot for the life of me figure this one out. Unfortunately, Googling arou... by cmontonen Explorer in Splunk Search 05-06-2015 0 2	0	2
Date Parsing Dear all, I am collecting some application logs as below. Splunk can parse my log very well if the timestamp shows ... by simontam Explorer in Splunk Search 05-06-2015 0 2	0	2
Customize sourcetype display Im monitoring 2 harddrive usage from a server. This is my query : index="perfmon7days" earliest=-60m sourcetype="W... by jeanfrederic New Member in Splunk Search 05-06-2015 0 4	0	4
Why does _time bucket give different results depending on how the data is sorted? The following search returns two values (yesterday (1430780400) and today(1430866800)): earliest=-d@d index=_in... by manus Communicator in Splunk Search 05-06-2015 0 2	0	2
Search Top Field If exists I'm very new to Splunk, and I'm trying to figure out a way to search by different top fields, depending on whether th... by MDClayton Engager in Splunk Search 05-06-2015 0 1	0	1
Why fields from CSV are not being extracted? I'm getting data from forwarders that are polling a CSV file. However the fields from the CSV are not being extracte... by rbacon Path Finder in Splunk Search 05-06-2015 0 5	0	5
Subquery Event count in not work i need to count sub query i create query in which i search unique no of values of one field and that unique value join to other query they work... by nitesh218ss Communicator in Splunk Search 05-06-2015 0 2	0	2
How to pass one field from a real-time search result as variable on a dashboard? Hello Splunkers! I have a dashboard (with js) with some real-time search. This search always returns only one result... by ryastrebov Communicator in Splunk Search 05-06-2015 0 4	0	4
DBConnect Events Truncate Despite props.conf It seems that DBConnect inputs does no respect the props.conf configuration for event truncation. Example props: [e... by graememeyer Explorer in Splunk Search 05-06-2015 1 5	1	5
Best Practices to join two child objects of a data model We have a situation where we need to join two child objects of a data model. Both child objects have separate index ... by sanjay_shrestha Contributor in Splunk Search 05-06-2015 0 4	0	4
use subsearch hi every one, I want to make a search that could give me the same result of SQL Querie select id_product from prod... by otman01 Communicator in Splunk Search 05-06-2015 0 2	0	2
How to SUM each row that contain comma Hii All, I'm new on Splunk and my english isn't too good, so I'm sorry if any mistake in here. I have a file values... by slamety New Member in Splunk Search 05-05-2015 0 2	0	2
Pass search results to another search I have the following search index=linux_syslog netgroup=my_servers* user@email.com \| rex field=_raw "sendmail\[\d+\... by ulankford Engager in Splunk Search 05-05-2015 0 2	0	2
sort ip's within stats values function I am trying to figure out a way to sort the source ip's that are in my stats values results. Just adding a simple so... by tve784 Path Finder in Splunk Search 05-05-2015 2 7	2	7
Strange behaviour with count in stats when using macros I have a macro which is in the format: match($field$,"regex1") OR match($field$,"regex2") OR ... When I use it in ... by sohrab Explorer in Splunk Search 05-05-2015 0 2	0	2
use of NOT operator I have the following search to search file1 & file2 who have MY_ID as common field. (source="file11" keyword1 ) OR (... by pjmenon Explorer in Splunk Search 05-05-2015 2 2	2	2
How to query Splunk API to only search for data for a particular time range? i am trying to query splunk api from a c# application for a particular DateTime Range using below query search index... by rrahul963 Engager in Splunk Search 05-05-2015 1 3	1	3
does anyone know a better way to turn result rows back into event rows? So Splunk of course has an important but subtle distinction between 1) rows that are straight out of the index (these... by sideview SplunkTrust in Splunk Search 05-05-2015 3 1	3	1
Show the latest values from dataset differences? I have the following two splunk data messages. curtime=1430757796; ioVal1=A; ioVal3=B; curtime=1430757729; ioVal1=1;... by awwong1 Explorer in Splunk Search 05-05-2015 0 2	0	2
Disk quotas for real time searches Does the srchDiskQuota work for real time searches as well as non-real time? We had a user that appeared to do a * se... by rv6abob Engager in Splunk Search 05-05-2015 2 3	2	3
Limit Search by timeframe Want to run this search index="_internal" source="*metrics.log" group="per_host_thruput" splunk_server="splunk-x" \| c... by anasir Engager in Splunk Search 05-05-2015 1 4	1	4
subsearch default time range Are sub-searches, by default, constrained to the time range that is currently in the picker? Or are they run over "al... by caphrim007 Path Finder in Splunk Search 05-05-2015 5 4	5	4