Splunk Search

Community Activity

Regular expressions I'm new to writing regular expressions and am having a difficult time building a field using extract fields. Unfortun... by jsmith39 Path Finder in Splunk Search 07-02-2014 0 5	0	5
scheduled search with changing query Hi, I'm using 6.1 I have a group of people who are looking at a way to create monthly reports based on their list o... by jonathanfalconi Explorer in Splunk Search 07-02-2014 0 2	0	2
Moving CSV file to lookup folder Hi, I need to move the csv file generated inside the folder $SPLUNK_HOME$\var\run\splunk [as part of outputcsv comma... by Bhuavana Explorer in Splunk Search 07-02-2014 0 1	0	1
How to make case InSensitive search everywhere by default? Hi all, I need to make by default all searches in Splunk 6.1.1 as case InSensitive. For example, this search are cas... by Nikita_Danilov Path Finder in Splunk Search 07-02-2014 0 5	0	5
Splunk skipping indexing of Websphere logs We have a case where 4 log files are being monitored. Daily the log file is rolled to a back up and truncated at the ... by asherinb Explorer in Splunk Search 07-02-2014 0 2	0	2
Average response time, and count, by url path Hi, I'm trying to create a table that shows me the number of times a URL is requested for and what its average respo... by hdus001 New Member in Splunk Search 07-02-2014 0 5	0	5
How to refresh the list of servers in the SOS app I removed a server from my cluster, and it still shows up in the dropdowns of the SOS app. How is it maintained, can ... by mataharry Communicator in Splunk Search 07-01-2014 2 2	2	2
Splunk appears to be ignoring limits.conf: base_max_searches = 8 When submitting queries in rapid succession to Splunk (via the REST API), I'm getting 503 errors from splunkd. This s... by zliu Splunk Employee in Splunk Search 07-01-2014 0 2	0	2
How to use delim with stats? How to use delim with stats? Multivalued fields generated after using list() in stats is resulting in space-separated... by adityainamdar89 Explorer in Splunk Search 07-01-2014 0 4	0	4
Using token from previous populating search within a second populating search Hi all, I am currently using a populating search for several dropdowns in a dashboard. I have one for location, dev... by bcarr12 Path Finder in Splunk Search 07-01-2014 0 6	0	6
How to run subsearches on individual values of a field from a primary search? I have a primary search that finds all the events that indicate a failure of a process and presents a list of unique ... by djconroy Path Finder in Splunk Search 07-01-2014 0 1	0	1
Why query works in my own app, but not Search and Reporting app? Hi, I am having trouble with a query. It works in my own app, which I created with the Splunk -> Manage Apps, new Ap... by splunkbeginner2 Path Finder in Splunk Search 07-01-2014 0 2	0	2
Max of Distinct Count I am trying to get a distinct count of two concatenated numbers and then get the max of that distinct count over a ti... by pontorito Explorer in Splunk Search 07-01-2014 0 6	0	6
How to split time equally in bar chart index=main sourcetype=myTest host="hello1234" getUserDetail \| rex "(?im)^(?:[^:]:){4}\s(?P<TIMESTAMP>(?P<Date>[^T])... by th1agarajan Path Finder in Splunk Search 07-01-2014 0 4	0	4
How to create overlay chart in Splunk 6.0 with 2 y-axes? How to create an overlay chart in 6.0 with 2 y axis where bar graph refering to one axis and line graph refering to s... by nidhigoyal Explorer in Splunk Search 07-01-2014 0 2	0	2
Searching indexes by Deployment Client Name In a network with up to 150 deployment clients (all UF), is there a way to search indexes for all data from a particu... by pmdba Builder in Splunk Search 07-01-2014 0 2	0	2
Field Extraction from space-aligned fields in multi-line events From events of the form: Filesystem Type Size Used Avail UsePct M... by landen99 Motivator in Splunk Search 07-01-2014 0 2	0	2
Need help with Lookup and Auto Lookup I do have a solution to get guest logged into our network. This gives nice logs that I get into Splunk. My goal is to... by lakromani Builder in Splunk Search 07-01-2014 0 6	0	6
EVAL, EXTRACT in props.conf not working when using field names with special characters Hi, I try to add some EVAL and EXTRACT to the props.conf of same windows events with german localisation. Because th... by ndcl Path Finder in Splunk Search 07-01-2014 0 2	0	2
Real-time charts - Query once, view many? Hi all, We have a splunk setup where we are investigating a way of having a shared streaming dashboard that can be u... by alekksi Communicator in Splunk Search 06-30-2014 0 1	0	1
Filtering events with inputlookup not working Hello, Here is an example of my csv - first three lines: sourceHost web-a01 a02 I have given the lookup global per... by bsizemore Path Finder in Splunk Search 06-30-2014 0 1	0	1
How can I do a timechart of sum(val) where events have start/end times? I'm hoping that this is easy for someone with more Splunk-Fu than my meager amount. The indexed data looks like the ... by rettops Path Finder in Splunk Search 06-30-2014 1 6	1	6
time range selection not working on CLI I'm trying: splunk search Calling -earliest=06/30/2014:11:40:00 AND -latest=06/30/2014:12:00:00 and i'm not getting r... by glsplunk New Member in Splunk Search 06-30-2014 0 4	0	4
Wildcards and Regex(s) in Windows OS (UF) Monitor Paths (inputs.conf)? Without any examples of Windows UF Monitor Paths (Universal Forwarder), it's pretty tough to figure out just what wor... by kfeagans_splunk Splunk Employee in Splunk Search 06-30-2014 2 5	2	5
Table visualisation of events with extra metadata fields I'm currently trying to get a dashboard to show a simple overview table of 4 or 5 keys fields. Then instead of using ... by atat23 Path Finder in Splunk Search 06-30-2014 0 4	0	4