Splunk Search

Community Activity

How to join data and extract field values as field names? How to change event field values into field name? Event log sample1: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ id, code, message... by splunk_worker Path Finder in Splunk Search 08-06-2014 0 4	0	4
How to convert a dollar amount field with $ sign, commas and decimals to a number so I can do avg or sum, etc.? latest funciton works but avg function does not. I believe splunk is treating my Amount field as a text string. Any ... by bandit Motivator in Splunk Search 08-06-2014 0 5	0	5
How to create a chart showing ticket status by week? Hi all, I am trying to create a dashboard or a graph where I want to show the ticket status by weekly. I am uploading... by kvmanjunath New Member in Splunk Search 08-06-2014 0 4	0	4
Regex help to extract number Hello, My logs contain some sentence like : "2014-07-22 14:47:10,783 INFO [LoggingInterceptor]\|EXIT: CmsXwbDecoding... by splunksogetiht Explorer in Splunk Search 08-06-2014 1 3	1	3
How can i convert String Type Time field(a) to a human readable Date Type Time field(#)? Splunk version 4.3 I want to sort human readable Time Field in Table results. Date Type _time(timestamp) field is s... by joy76 Path Finder in Splunk Search 08-06-2014 1 2	1	2
input monitor scanning too much files and causes Splunk indexing troubles Hi, I have to monitor specific files over a NFS share containing itself thousands of files, this causes troubles to ... by guilmxm Influencer in Splunk Search 08-06-2014 0 8	0	8
Can Splunk index the complete folder? If yes, how can we achieve this? Can Splunk index the complete folder? If yes, how can we achieve this? by kratikaj07 Explorer in Splunk Search 08-06-2014 0 9	0	9
Custom scripts in Splunk Hi, I need to understand that does SPLUNK supports creating our own scripts/java codes to read data from some securi... by viverma5 Explorer in Splunk Search 08-05-2014 1 3	1	3
How does iplocation identify anonymous proxies? We use IpLocation at my company and its performing pretty well. I would like to find out a bit more of how the IpLoca... by bdenes_snap Engager in Splunk Search 08-05-2014 0 2	0	2
splunk db connect - dbquery not accessible Hi, I have a Splunk6 search-head which has DB Connect installed on it. I configured some db connections as admin, an... by a212830 Champion in Splunk Search 08-05-2014 1 3	1	3
How to assign field name area_code to first 3 digits in voip logs and geolocate based on field? My voip logs have a format of xxxxxxxxxx 10 digit number. Two questions: How do I assign a field name of "area_code... by hartfoml Motivator in Splunk Search 08-05-2014 1 1	1	1
Conditional count in stats function I need to do the following: Get a distinct count of serial numbers where a selected date falls within a particular r... by willial Communicator in Splunk Search 08-05-2014 1 2	1	2
Maintaining _time with tscollect and tstats I've tried a number of ways, and I don't seem to be able to use tscollect effectively while maintaining a _time compo... by David Splunk Employee in Splunk Search 08-05-2014 0 5	0	5
Transaction with two fields have that have the same value in my logs the "connectionid" on one _raw log and the fcid I tried this sourcetype=foo \| rename connectionid AS tr... by hartfoml Motivator in Splunk Search 08-05-2014 1 2	1	2
How can I extract fields from a list of field names and values in xml data? My xml data looks like this: <name>A</name> <name>B</name> <name>C</name> <filler>someStuff</filler> <value>1</value... by jeromma Explorer in Splunk Search 08-05-2014 2 4	2	4
Can I fill null results of a field with results from another field? Hi, I'm currently looking at partially complete logs, where some contain an article_id, but some don't. Is it possib... by anthony_copus Explorer in Splunk Search 08-05-2014 2 1	2	1
rex for capturing up to 2 levels Hi, we have uris in the below format. i want to capture only up to 2 levels (if it does not have 2 levels it should... by xvxt006 Contributor in Splunk Search 08-05-2014 0 2	0	2
How do I query for an event and all surrounding events I'm trying to write a query that 1. will find the first instance of a particular problem 2. show "all" events 15 minu... by Alan_Bradley Path Finder in Splunk Search 08-05-2014 1 4	1	4
Windows Event Field Extraction I am having a problem with field extraction of some Windows event logs. I have an example log below. 08/05/2014 09:5... by conor_splunk Path Finder in Splunk Search 08-05-2014 0 2	0	2
How to check a certain (not _raw) field value matches a value returned by a subsearch? By default, when we append a subsearch to a search, it looks for events which _raw field value matches one of the val... by manus Communicator in Splunk Search 08-04-2014 0 6	0	6
How to fill a field with an ip address extracted from another field? I have a need for the field "dest" to be filled with an ip address that I am extracting from another field, the extra... by aelliott Motivator in Splunk Search 08-04-2014 1 2	1	2
Comma separated number in sum function going negative in the following situation: ... \| stats sum(SumofCoreSecs) as total \| eval Total = tostring(total, "commas") \| table ... by mjones414 Contributor in Splunk Search 08-04-2014 0 3	0	3
How to match start and end dates with search? I have the following result from as search and would like help matching the start and end dates. These are two separa... by sndegwa Explorer in Splunk Search 08-04-2014 0 8	0	8
MS SQL Server Perfmon multiple Install instances I am trying to create generic MSSQL for data collection. While installing SQL you are able to use the DEFAULT_INSTAN... by bmacias84 Champion in Splunk Search 08-04-2014 0 2	0	2
Using 2 lookup tables in one search? Hi, trying to use two lookup tables in one search. Is this possible? Basically I have a list of email domains in one... by bcusick Communicator in Splunk Search 08-04-2014 0 3	0	3