Splunk Search

Community Activity

Internal DB used by Splunk 6.0+ for geo details Hi, Could you please let me know, which internal DB is used by splunk 6.0+ for geographical details. With out conne... by strive Influencer in Splunk Search 06-22-2014 2 2	2	2
Internet access for iplocation command Hi, We are using Splunk 5.0.4 extensively. We use maxmind to resolve Client IP to Country, City, Net Speed and ISP. ... by strive Influencer in Splunk Search 06-22-2014 1 2	1	2
Splunk searches unit test automation Hi, Is there any framework or tool that can be used/customized for unit test automation of splunk apps. Thanks Stri... by strive Influencer in Splunk Search 06-22-2014 0 1	0	1
Merge event field into single table column Hi, I'm trying to take filds from different events and put them in one table column. I've true this using the rename... by skottieb Explorer in Splunk Search 06-21-2014 0 4	0	4
regex multiple phrases I want to see if string a and string b are in the logs, but they might not be in the same event. And I don't want to ... by lucychang2015 New Member in Splunk Search 06-21-2014 0 2	0	2
[spam redacted] [spam redacted] by ssbaba786 New Member in Splunk Search 06-20-2014 0 2	0	2
Removing some field values from a mulitiple value field Hello, I am looking at the results of a table lookup, where there many values for a particular field are returned. ... by jamesdon Path Finder in Splunk Search 06-20-2014 2 4	2	4
Extracting multiple fields from a line I have a line that contains 2 different fields that I need Right now I have: index=os sourcetype="xxx" \| regex _ra... by cutenemo Engager in Splunk Search 06-20-2014 0 5	0	5
How to show multiple field values, that match another field Hi folks, I'll do my best to explain this. I'll use cars as an analogy because it is easier to explain: In my data s... by jravida Communicator in Splunk Search 06-20-2014 0 2	0	2
How to combine disparate log data into a single time chart? I have mail processing log lines I need to combine and report on. One type of log line contains strings like "clon... by dgillam Engager in Splunk Search 06-20-2014 0 12	0	12
What fields are displayed when using the "map" command Hey all, I have a search that uses the map command. It looks like: <myBaseSearch> \| map [search index=main sourcety... by bruceclarke Contributor in Splunk Search 06-20-2014 0 3	0	3
user fields contains comma in value. Best way to have field value include first and last name? My field in the events is as follows UserFullName=Lastname, Firstname , I know that I can use a regex to extract th... by ericrobinson Path Finder in Splunk Search 06-20-2014 0 3	0	3
Counting Events? Splunk Community, I’d like to be able to count the number of events I have per SourceFile when my sourcetype is LogF... by MichaelCohen829 Explorer in Splunk Search 06-20-2014 0 4	0	4
Fetching the data from the respective index of the log statement There is a log file which has events in the following format 0\|10\|434d5532\|xxxxxx34\|2014/06/06 04:47:54\|819670\|3\|2014... by Mubarish Path Finder in Splunk Search 06-20-2014 0 1	0	1
Windows PerfMon stats -- unable to create total_cpu field Hi all, I'm having difficulty trying to create a total_cpu field. If I map a single variable to it, this works fine ... by alekksi Communicator in Splunk Search 06-20-2014 0 2	0	2
DBX JOIN 2 databases together I can write a search like this: \| dbquery "DB1" "SELECT A.* AOS.* FROM Assets A JOIN AssetOSs AOS ON A.AssetOSID = A... by hartfoml Motivator in Splunk Search 06-20-2014 0 5	0	5
Doing lookup in the same index without using lookup command Hi [index=main host=syslog status="deny"\| top src_IP \| table src_IP ]:::::this is my sub search. and it will produce ... by thambisetty SplunkTrust in Splunk Search 06-19-2014 0 6	0	6
count by percentage Hi, we're trying to find out windows XP users with some rules: if mod=syn, get client ip (cli)if mod=syn+ack, get se... by stwong Communicator in Splunk Search 06-19-2014 0 6	0	6
Search time field extraction not showing in available fields I am attempting to perform a search time field extraction via the rex command. I use the default field of _raw and g... by dkichline Engager in Splunk Search 06-19-2014 0 3	0	3
inline stats without subsearch This is a recurring problem for me in SPL. I want to assign some stats command results to a variable name and pop th... by proletariat99 Communicator in Splunk Search 06-19-2014 0 1	0	1
metadata: how to find the most recent event for each host in each index? i have 50 indexes and i want to find out the last most recent event for each host in each index. i can do this for e... by robf Path Finder in Splunk Search 06-19-2014 1 6	1	6
how to get the value of field if another field has same value in particular time period HI, I have data like below, Source_Address Event_Code Time User 10.10.10.010 4625 6/17/2014 0... by thambisetty SplunkTrust in Splunk Search 06-19-2014 0 14	0	14
efficient way of comparing with historic events using percentile Hi, I have a query that is meant to compare longitudinal count of an event of a given day (e.g. today) with historic... by kundeng Path Finder in Splunk Search 06-19-2014 0 3	0	3
Extract Field Dear All, I have oracle error data i need to extract some fields from it here is the data [EntID: ] 17-Jun-2014, 07... by gajananh999 Contributor in Splunk Search 06-19-2014 0 6	0	6
How does rule based sourcetype works? In the below stanzas , both are having same source-type names, how the priority will be in assigning sourcetype? Has... by splunker12er Motivator in Splunk Search 06-19-2014 0 1	0	1