Splunk Search

Community Activity

search by linecount last 1 million lines. how can i search only last 1 million lines of 4 million lined total log file? by levent_kurt Explorer in Splunk Search 07-09-2014 0 1	0	1
Subsearch calculating average of hits and showing list of values higher than the average? I am trying to make a subsearch which calculates the avg of the hits . And showing the list of higher value than the ... by changwoo Communicator in Splunk Search 07-09-2014 1 3	1	3
calculate duration of multiple seperate log lines Sometimes a single connection is interrupted in the logs, becoming two lines. (Lines 2 and 5) and sometimes the exact... by AzJimbo Path Finder in Splunk Search 07-09-2014 0 4	0	4
Search result based on max(field) Log format ServiceName,ResponseTime,RequestTime,TransactionId Service1,10,12,12345 Service2,5,8,12346 Service2,7,3,1... by th1agarajan Path Finder in Splunk Search 07-08-2014 0 3	0	3
REGEX not working in transforms.conf Here is my event: Contact=" (Contact){ Id -- '123' Email -- 'johnny@gmail.com' Name -- 'Johnny blah' Phone -- '33333... by jhallur_splunk Splunk Employee in Splunk Search 07-08-2014 0 5	0	5
extract URI_Stem and combine based on lowest path Hey all I have some IIS extractions that are pulling the field cs_uri_stem from my IIS 7.0-8.0 logs. I am trying t... by dragon98902072 Explorer in Splunk Search 07-08-2014 1 1	1	1
Why search query not working ? I am not able to run any search query and getting following error. Splunkd daemon is not responding: ('Error connect... by spsrasru Path Finder in Splunk Search 07-08-2014 0 1	0	1
DBX > 1.2 rising_column in query problem So, to get around the known issue with rising_column not being able to be fully qualified (which is sort of required ... by StewGoin1 Explorer in Splunk Search 07-08-2014 2 4	2	4
TailingProcessor File Status without port 8089? We would like to have forwarders run as root in order to overcome file permissions. However, we also will be security... by vcarbona Path Finder in Splunk Search 07-08-2014 0 7	0	7
How do I search a csv file created via Outputlookup? I am creating lookup csv files for my app on a nightly basis via scheduled searches doing search \| outputlookup mydat... by mshapirovp Explorer in Splunk Search 07-08-2014 0 4	0	4
Splunk triggers an alert but shouldn't Hello, I have implemented an correlation search, where I want to find "Brute Force Behavior" and afterwards an "User... by ESIMatNeforce Path Finder in Splunk Search 07-08-2014 0 1	0	1
How can I pass field value as macro name I have two macros with names yes and no Now, I want to refer to these macros in my search query, but not by directly... by pradeepkumarg Influencer in Splunk Search 07-08-2014 1 6	1	6
Parse time in drilldown and snap to beginning of that month I am creating a series of dashboards with will enable to globally view data and drilldown to specific events. My fir... by splunkmasterfle Path Finder in Splunk Search 07-08-2014 1 2	1	2
TImeChart Fun Multiple Lines for a line graph I have this search string below which gives the top files with the most Bugs related to them. index = git \| rename D... by dreamwork801 Path Finder in Splunk Search 07-08-2014 1 7	1	7
help with splunk dedup Hello, please help me. How I can dedup this: Jul 8 07:58:01 host crond[7597]: pam_unix(crond:account): password for... by vinchakov_a Path Finder in Splunk Search 07-08-2014 1 2	1	2
parsing json and sending as search command Hi Guys I have a json with 75 elements. Normally i can put them in macro and run in search but that means 75 macro ... by CorpusCallosum Explorer in Splunk Search 07-07-2014 1 4	1	4
Create a field whose value is a multi-value list of all field names in each respective event I'd like to create a field whose value is a multi-value list of all field names in each respective event. I don't mi... by landen99 Motivator in Splunk Search 07-07-2014 0 2	0	2
searching iplocation generated fields Hi, Splunk newbie here. I am trying to search for values in fields generated by the iplocation command (i.e., Country... by shermantsui New Member in Splunk Search 07-07-2014 0 2	0	2
Trying to find the 'run time' difference between two daily jobs Hello - I am trying to find a way to display the daily run time of a job that kicks off daily. I am trying to creat... by fisuser1 Contributor in Splunk Search 07-07-2014 0 12	0	12
Are there hooks into an ERP app when a job is paused or stopped? I basically have a command to start my Java ERP program and that all works fine. I was wondering if any calls are mad... by peberhardt Engager in Splunk Search 07-07-2014 0 1	0	1
False group by time (microseconds range!) Hello, I wanted to take a look at some data with splunk, as I was suddenly very surprised by its form. splunks show... by splunkbeginner2 Path Finder in Splunk Search 07-07-2014 0 2	0	2
Symbols based on different threshold values of columns of each individual row I want to put symbols against the values in a column. I have different ranges for different rows. eg. : 1st row : ran... by mvaradarajam Path Finder in Splunk Search 07-07-2014 0 2	0	2
how to take the data if in the data with time stamp the value is separated with space. my data for buffer use for a particular time is: 00:00:04: port 1, buffer 12221, 00:00:04: port 2, buffer 22, 00:00:0... by pritamkumar01 Engager in Splunk Search 07-07-2014 0 2	0	2
chart percentage over a timeframe I have a webserver log with one entry per request. Every entry contains the used cipher. I want to generate a chart o... by charles981 Engager in Splunk Search 07-07-2014 1 2	1	2
Splunk Hosts metadata correlation with index Im using a metadata type=hosts query to output hosts that have not logged data using recenttime However i dont see th... by Mag2sub Path Finder in Splunk Search 07-07-2014 1 13	1	13