Splunk Search

Community Activity

How to change time interval on x-axis of a graph to 10 minutes instead of 1 hour using dbquery? Hi All, Is there any way we can change the time interval on x-axis to be 10 mins instead of 1 hour using dbquery. My... by usha_nittala New Member in Splunk Search 08-03-2014 0 3	0	3
How to search for the most common word used? Hi, I've a file which contains a chunk of words. What I wanted to do is to find the top 10 most common word used fro... by NoisyClip Engager in Splunk Search 08-03-2014 0 2	0	2
set of last events for several tags Hello, I am trying to find a way to analyze the last occurrence of different events. The data I work with is structu... by wsw70 Communicator in Splunk Search 08-03-2014 0 9	0	9
How to replace characters in string from field extraction? I have a field extraction as below which extracts a date into a field called my_date EXTRACT-my_date = (?i)StopDate... by pradeepkumarg Influencer in Splunk Search 08-02-2014 0 6	0	6
Regex Error - Regex: PCRE does not support \L, \l, \N{name}, \U, or \u A little help needed. Regex below is throwing the error in title of question... rex field=source "N:\\logs\\(?P<UID>... by snoobzilla Builder in Splunk Search 08-02-2014 0 5	0	5
Fields extraction from access log I would like to list below log in 8 parts and I'm not sure how to do it in with Regex. Please help me {Field 1] ... by pavan_bhumanapa New Member in Splunk Search 08-01-2014 0 1	0	1
How to search top 5 IPs with highest distinct count emails per day? Hello, In each line of the logs ,there is an email, an IP address and a timestamp. I'd like to calculate for each d... by niboucher Explorer in Splunk Search 08-01-2014 1 5	1	5
Searching Max values in a span/range I'm not sure of the proper approach for this query. I have a list of events,one event per day, with fields min,max a... by jlkokko Path Finder in Splunk Search 08-01-2014 0 4	0	4
Pie chart max value Hello Splunkers, I'm working on a pie chart where I am trying to show the total number of assets and then show that s... by lbogle Contributor in Splunk Search 08-01-2014 0 4	0	4
What is the most efficient way to filter search results by list? Hello, I am looking to filter my search results by the 'UniqueID' field so that I only get results from the devices ... by AlexMcDuffMille Communicator in Splunk Search 08-01-2014 0 5	0	5
Timechart with Time (X-) Axis delineated in "T-minutes before now"? I have a timechart that shows latency in minutes for the last 24 hours snapped to the hour. What I would like to see... by woodcock Esteemed Legend in Splunk Search 08-01-2014 0 2	0	2
REGEX pattern to extract the hostname in transforms.conf Please provide the REGEX pattern to extract from host and assign the value to index name, In the below example, we ne... by dhavamanis Builder in Splunk Search 08-01-2014 0 2	0	2
Transforms.conf - Hide values or make them anonymous I have a log that look like this: <ReceivedPermissions>EMULATION = [ EMULATEANOTHERUSER = Deny ], APPLICATION = [ PR... by celsohso Path Finder in Splunk Search 08-01-2014 3 11	3	11
Automatic lookup field not displayed I created the below automatic lookup through Splunk 6 web. app_info host AS host gate AS gate OUTPUTNEW app AS app ... by sc0tt Builder in Splunk Search 08-01-2014 0 3	0	3
Field extraction regex conditional if-then-else Here are 2 events from an apache log. I have a field extraction regex which works unless the content-type contains a... by cdstealer Contributor in Splunk Search 08-01-2014 1 2	1	2
How to add column of last login date/time for Target users? How can I add a column for my below search that displays a result for the Target_Account_Name's last login date/ time... by dmcavoy New Member in Splunk Search 08-01-2014 0 3	0	3
Compare IP list from the same search between different weeks I'm newbie with Splunk and I would like to compare IP list that I get with below search: index=com-mng-puppet host="... by maglez Engager in Splunk Search 08-01-2014 0 4	0	4
How to only find matches where two tables have the same value? I have one table called CurrentValue and another called NextValue, I want to be able to only find results where Curre... by Hergel New Member in Splunk Search 08-01-2014 0 4	0	4
Can you refresh or reload index-time sourcetype properties without restarting Splunk? When you make changes to search-time extractions and other props.conf/transforms.conf settings, they can take effect ... by gkanapathy Splunk Employee in Splunk Search 08-01-2014 3 5	3	5
Pickup the latest row of records. acct_nbr event_stamp membership_fee Zip_Code 12345 2014-07-08-10.27.13.000000 0.00 ... by ishugupta Path Finder in Splunk Search 08-01-2014 0 2	0	2
how to parse and format single digit month in splunk All, how can i parse a single digit month like(7/20/2014) date format and convert it into (07/20/2014). Is it a limi... by ishugupta Path Finder in Splunk Search 07-31-2014 1 4	1	4
How to compare most recent results with previous search results? Open ports are check every 5 minutes. index=os sourcetype=openPorts host=myhost earliest = -5m@m udp 123 udp ... by vinchakov_a Path Finder in Splunk Search 07-31-2014 0 3	0	3
Set implied transaction start and end time if start or end events are missing Hi There, We have some user activity logs with LOG_ON and LOG_OFF events in Splunk similar to following: 2014/07/13... by mahesh_ravji1 Explorer in Splunk Search 07-31-2014 1 5	1	5
How to get top 2 MB users per website? Hi! That maybe someone has been through this. I have the following table as a result of search: website **u... by jrodriguezap Contributor in Splunk Search 07-31-2014 1 2	1	2
Pivot and Stats and disappearing make my data disappear Hi All, I'm playing around with data models at the moment and I came across this strange issue. This is similar to ... by stephenho Path Finder in Splunk Search 07-31-2014 0 1	0	1