Splunk Search

Community Activity

Invalid latest event date in the Home ->Data section? We are indexing data into Splunk every day and its coming in the search results, but Splunk home page (Splunk version... by dhavamanis Builder in Splunk Search 08-11-2014 0 1	0	1
How to configure props.conf to extract fields and line break multiple XML files? Hi I'm new to splunk. I'm trying to index multiple XML files that look like: <?xml version="1.0" encoding="UTF-8"?>... by andyhine New Member in Splunk Search 08-11-2014 0 3	0	3
How to extract dynamic key value pairs in mixed data from DB Connect app? I am indexing a string for the DBConnect where one of the fields stores a modified data in one of the cells. In a sub... by TangentTexan New Member in Splunk Search 08-11-2014 0 1	0	1
Distinct count of all unique email addresses which do not end with certain domain names I want to count all unique email addresses in a multi-value "to" field which do not end with certain domain names. s... by landen99 Motivator in Splunk Search 08-11-2014 1 2	1	2
Multiple drilldown from a chart to a table to a table I have a bar chart and the user clicks on a bar and it then displays a table corresponding to the bar that was clicke... by RVDowning Contributor in Splunk Search 08-11-2014 0 6	0	6
Read time out while opening Job manager in Splunk UI Hi, I am getting the below error while opening Job manager in splunk UI. [JobManager module] Splunkd daemon is not ... by prosenjit Engager in Splunk Search 08-11-2014 3 6	3	6
DBConnect fetch not to consider latest value of rising column The rising column I'm using is a time stamp and at times there are many records with the same value and if the fetch ... by pradeepkumarg Influencer in Splunk Search 08-11-2014 0 1	0	1
Search query to find missing deployment client? Could you please anyone help me to write a query to find the missing deployment client? There are many forwarders con... by splunkn Communicator in Splunk Search 08-11-2014 0 1	0	1
Subsearch returning results before it is completed?? Hello, I have a problem with a subsearch in which I try to filter the results of the main search. The search looks l... by C_Sparn Communicator in Splunk Search 08-10-2014 0 9	0	9
Role/User default search indexes not working I can't tell if it's since we moved to mounted bundles or not, but recently we need to explicitly set the indexes whi... by yaleman Engager in Splunk Search 08-10-2014 0 5	0	5
Is this search achievable? My date is like this, The first and last event occur at random time every dayThe number of events are also randomEac... by calvintkng New Member in Splunk Search 08-10-2014 0 20	0	20
How to filter out results where a field value is less than 1? Hi Splunk community, I have this query source=main \| transaction user_id \| chart count as Attempts, count(eval(i... by ateterine Path Finder in Splunk Search 08-10-2014 1 2	1	2
tell how many user visited different sites (transaction with one field same and one field _different_) having a field user_id='1234' and page_id='yellow books' or page_id='green books', i can easily do a search search ... by a3p New Member in Splunk Search 08-09-2014 0 2	0	2
Elimination of duplicate logins over time My problem is that in my data source, when a user logs on there can be a single entry or multiple entries. I need to ... by DonDandrea Path Finder in Splunk Search 08-08-2014 2 6	2	6
Problems with tonumber convertion - always returns the same value Hi, while doing some field comparisons I had problems matching one number field to another. After some research into... by ChrisLH Explorer in Splunk Search 08-08-2014 0 5	0	5
size of a log event is there a query to get the size of a log event (how big the event is inside splunk?) I know you can get index sizes,... by sanju005ind Communicator in Splunk Search 08-08-2014 3 3	3	3
RegEx for the free -m command - Linux I have a script that runs the "free -m" command, and I am only pulling (grepping) the lines like the following: -/+ ... by aferone Builder in Splunk Search 08-08-2014 1 2	1	2
convert thousand to K in timechart Hi!! Please, someone who perhaps has ever happened, I'm generating a report with timechart, but the Y value reaches ... by jrodriguezap Contributor in Splunk Search 08-08-2014 0 6	0	6
Field extraction from an snmp trap message issue Having mixed results with this issue? I have trap messages being written to a txt file which then gets pushed to my ... by smithjnick Path Finder in Splunk Search 08-08-2014 0 2	0	2
How to restrict a user's search based on a lookup table? Hi all, I'm developing an app for use across different teams at my company. We have certain security restrictions ab... by bruceclarke Contributor in Splunk Search 08-08-2014 0 3	0	3
How to get back event raw data to the search results preview in Splunk 6.1? I have recently upgraded my version up to 6.1.3 and noticed such thing in Splunk UI, when doing a standard search. E... by greg Communicator in Splunk Search 08-08-2014 0 2	0	2
Why is the latest event indexed 4 days ago when server logs show current data? Hi, I have an issue currently where the last event was 4 days ago. I have checked the server logs manually and I can... by taylorl Explorer in Splunk Search 08-08-2014 2 1	2	1
"Last 15 min" - refers to event time or index time ? "Last 15 minutes" - Is this referring to index time (or) Events time ? I have hosts located in different timezones, ... by splunker12er Motivator in Splunk Search 08-08-2014 0 2	0	2
How to find unusual or rare events in my data? I'm finding some splunk commands can detecting unusual event. For example, each event has username field, usually use... by zensekibe Engager in Splunk Search 08-07-2014 2 2	2	2
How to extract date/time and host fields from stack trace events and match with user events? We get unformatted stack traces dumped into the same source type as our event logs. I'd like to strip off the time/d... by RVDowning Contributor in Splunk Search 08-07-2014 0 7	0	7