Splunk Search

Community Activity

How do i find the most common events in my search? As a splunk user, i want to find the most common events in my search results. How would I accomplish this? I am tryin... by RicoSuave Builder in Splunk Search 07-02-2014 2 2	2	2
Concatenate events from FTP log to produce UserID list of successful logins My goal is to create a search that produces a report of ftp users that have logged in (successfully) in the past 7 da... by bwhyle Engager in Splunk Search 07-02-2014 1 3	1	3
How to run three different searches on click of a submitbutton? Hi How to run three different searches on click of a submitbutton? The scenario to choose a particular search will b... by Mubarish Path Finder in Splunk Search 07-02-2014 0 4	0	4
Top 3 results within a group from table How can i get the top 3 rows from each group in a table. Here is sample data output from my query The output is res... by pradeepkumarg Influencer in Splunk Search 07-02-2014 0 2	0	2
Regular expressions I'm new to writing regular expressions and am having a difficult time building a field using extract fields. Unfortun... by jsmith39 Path Finder in Splunk Search 07-02-2014 0 5	0	5
scheduled search with changing query Hi, I'm using 6.1 I have a group of people who are looking at a way to create monthly reports based on their list o... by jonathanfalconi Explorer in Splunk Search 07-02-2014 0 2	0	2
Moving CSV file to lookup folder Hi, I need to move the csv file generated inside the folder $SPLUNK_HOME$\var\run\splunk [as part of outputcsv comma... by Bhuavana Explorer in Splunk Search 07-02-2014 0 1	0	1
How to make case InSensitive search everywhere by default? Hi all, I need to make by default all searches in Splunk 6.1.1 as case InSensitive. For example, this search are cas... by Nikita_Danilov Path Finder in Splunk Search 07-02-2014 0 5	0	5
Splunk skipping indexing of Websphere logs We have a case where 4 log files are being monitored. Daily the log file is rolled to a back up and truncated at the ... by asherinb Explorer in Splunk Search 07-02-2014 0 2	0	2
Average response time, and count, by url path Hi, I'm trying to create a table that shows me the number of times a URL is requested for and what its average respo... by hdus001 New Member in Splunk Search 07-02-2014 0 5	0	5
How to refresh the list of servers in the SOS app I removed a server from my cluster, and it still shows up in the dropdowns of the SOS app. How is it maintained, can ... by mataharry Communicator in Splunk Search 07-01-2014 2 2	2	2
Splunk appears to be ignoring limits.conf: base_max_searches = 8 When submitting queries in rapid succession to Splunk (via the REST API), I'm getting 503 errors from splunkd. This s... by zliu Splunk Employee in Splunk Search 07-01-2014 0 2	0	2
How to use delim with stats? How to use delim with stats? Multivalued fields generated after using list() in stats is resulting in space-separated... by adityainamdar89 Explorer in Splunk Search 07-01-2014 0 4	0	4
Using token from previous populating search within a second populating search Hi all, I am currently using a populating search for several dropdowns in a dashboard. I have one for location, dev... by bcarr12 Path Finder in Splunk Search 07-01-2014 0 6	0	6
How to run subsearches on individual values of a field from a primary search? I have a primary search that finds all the events that indicate a failure of a process and presents a list of unique ... by djconroy Path Finder in Splunk Search 07-01-2014 0 1	0	1
Why query works in my own app, but not Search and Reporting app? Hi, I am having trouble with a query. It works in my own app, which I created with the Splunk -> Manage Apps, new Ap... by splunkbeginner2 Path Finder in Splunk Search 07-01-2014 0 2	0	2
Max of Distinct Count I am trying to get a distinct count of two concatenated numbers and then get the max of that distinct count over a ti... by pontorito Explorer in Splunk Search 07-01-2014 0 6	0	6
How to split time equally in bar chart index=main sourcetype=myTest host="hello1234" getUserDetail \| rex "(?im)^(?:[^:]:){4}\s(?P<TIMESTAMP>(?P<Date>[^T])... by th1agarajan Path Finder in Splunk Search 07-01-2014 0 4	0	4
How to create overlay chart in Splunk 6.0 with 2 y-axes? How to create an overlay chart in 6.0 with 2 y axis where bar graph refering to one axis and line graph refering to s... by nidhigoyal Explorer in Splunk Search 07-01-2014 0 2	0	2
Searching indexes by Deployment Client Name In a network with up to 150 deployment clients (all UF), is there a way to search indexes for all data from a particu... by pmdba Builder in Splunk Search 07-01-2014 0 2	0	2
Field Extraction from space-aligned fields in multi-line events From events of the form: Filesystem Type Size Used Avail UsePct M... by landen99 Motivator in Splunk Search 07-01-2014 0 2	0	2
Need help with Lookup and Auto Lookup I do have a solution to get guest logged into our network. This gives nice logs that I get into Splunk. My goal is to... by lakromani Builder in Splunk Search 07-01-2014 0 6	0	6
EVAL, EXTRACT in props.conf not working when using field names with special characters Hi, I try to add some EVAL and EXTRACT to the props.conf of same windows events with german localisation. Because th... by ndcl Path Finder in Splunk Search 07-01-2014 0 2	0	2
Real-time charts - Query once, view many? Hi all, We have a splunk setup where we are investigating a way of having a shared streaming dashboard that can be u... by alekksi Communicator in Splunk Search 06-30-2014 0 1	0	1
Filtering events with inputlookup not working Hello, Here is an example of my csv - first three lines: sourceHost web-a01 a02 I have given the lookup global per... by bsizemore Path Finder in Splunk Search 06-30-2014 0 1	0	1