Splunk Search

Community Activity

How to show multiple field values, that match another field Hi folks, I'll do my best to explain this. I'll use cars as an analogy because it is easier to explain: In my data s... by jravida Communicator in Splunk Search 06-20-2014 0 2	0	2
How to combine disparate log data into a single time chart? I have mail processing log lines I need to combine and report on. One type of log line contains strings like "clon... by dgillam Engager in Splunk Search 06-20-2014 0 12	0	12
What fields are displayed when using the "map" command Hey all, I have a search that uses the map command. It looks like: <myBaseSearch> \| map [search index=main sourcety... by bruceclarke Contributor in Splunk Search 06-20-2014 0 3	0	3
user fields contains comma in value. Best way to have field value include first and last name? My field in the events is as follows UserFullName=Lastname, Firstname , I know that I can use a regex to extract th... by ericrobinson Path Finder in Splunk Search 06-20-2014 0 3	0	3
Counting Events? Splunk Community, I’d like to be able to count the number of events I have per SourceFile when my sourcetype is LogF... by MichaelCohen829 Explorer in Splunk Search 06-20-2014 0 4	0	4
Fetching the data from the respective index of the log statement There is a log file which has events in the following format 0\|10\|434d5532\|xxxxxx34\|2014/06/06 04:47:54\|819670\|3\|2014... by Mubarish Path Finder in Splunk Search 06-20-2014 0 1	0	1
Windows PerfMon stats -- unable to create total_cpu field Hi all, I'm having difficulty trying to create a total_cpu field. If I map a single variable to it, this works fine ... by alekksi Communicator in Splunk Search 06-20-2014 0 2	0	2
DBX JOIN 2 databases together I can write a search like this: \| dbquery "DB1" "SELECT A.* AOS.* FROM Assets A JOIN AssetOSs AOS ON A.AssetOSID = A... by hartfoml Motivator in Splunk Search 06-20-2014 0 5	0	5
Doing lookup in the same index without using lookup command Hi [index=main host=syslog status="deny"\| top src_IP \| table src_IP ]:::::this is my sub search. and it will produce ... by thambisetty SplunkTrust in Splunk Search 06-19-2014 0 6	0	6
count by percentage Hi, we're trying to find out windows XP users with some rules: if mod=syn, get client ip (cli)if mod=syn+ack, get se... by stwong Communicator in Splunk Search 06-19-2014 0 6	0	6
Search time field extraction not showing in available fields I am attempting to perform a search time field extraction via the rex command. I use the default field of _raw and g... by dkichline Engager in Splunk Search 06-19-2014 0 3	0	3
inline stats without subsearch This is a recurring problem for me in SPL. I want to assign some stats command results to a variable name and pop th... by proletariat99 Communicator in Splunk Search 06-19-2014 0 1	0	1
metadata: how to find the most recent event for each host in each index? i have 50 indexes and i want to find out the last most recent event for each host in each index. i can do this for e... by robf Path Finder in Splunk Search 06-19-2014 1 6	1	6
how to get the value of field if another field has same value in particular time period HI, I have data like below, Source_Address Event_Code Time User 10.10.10.010 4625 6/17/2014 0... by thambisetty SplunkTrust in Splunk Search 06-19-2014 0 14	0	14
efficient way of comparing with historic events using percentile Hi, I have a query that is meant to compare longitudinal count of an event of a given day (e.g. today) with historic... by kundeng Path Finder in Splunk Search 06-19-2014 0 3	0	3
Extract Field Dear All, I have oracle error data i need to extract some fields from it here is the data [EntID: ] 17-Jun-2014, 07... by gajananh999 Contributor in Splunk Search 06-19-2014 0 6	0	6
How does rule based sourcetype works? In the below stanzas , both are having same source-type names, how the priority will be in assigning sourcetype? Has... by splunker12er Motivator in Splunk Search 06-19-2014 0 1	0	1
how to exclude a certain field value from results Search query: list the last known user (userid) on each host. sourcetype=syslog source=/var/log/secure "pam_unix(ssh... by ayenumula Explorer in Splunk Search 06-18-2014 2 4	2	4
Multiline Regex trouble - Can't get fields to be associated with keys Hi, I am in great troubles with a multilines events i'm trying to analyse, and associated required regex to extract ... by guilmxm Influencer in Splunk Search 06-18-2014 0 8	0	8
Use a Function without Running a Search Hey guys, is it possible to run an eval function in the search bar without piping a search to it? In an attempt to t... by pfernandez133 Explorer in Splunk Search 06-18-2014 0 4	0	4
How to get sum and charts of usage time values for corresponding fields? I'm using splunk 6.0.3 When I search for: "has been closed after being in use" I have a series of hits like shown i... by fziegler New Member in Splunk Search 06-18-2014 0 2	0	2
How to display timechart as area chart over last 4 hours with span of 1 hour? I will try my best to formulate my question as I couldn't find anything similar asked already. I am trying to displa... by ateterine Path Finder in Splunk Search 06-18-2014 0 9	0	9
Displaying the count of events over varying time spans All, I want to create a search that will return the count of events over the last 5 minutes, 30 minutes, hour, 6 hou... by bruceclarke Contributor in Splunk Search 06-18-2014 1 4	1	4
Report new users each month trended - large time range Hi, I have a request to trend new users on a web application by month over a two year period and produce this report... by DanielFordWA Contributor in Splunk Search 06-18-2014 0 2	0	2
Field extraction for logs with slightly different field position based on the servername Hi All Here are my sample logs _time prod-server-1234 web_access 10.11.12.13 "GET /json/some_search?asasa HTTP/1.1" ... by splunk_worker Path Finder in Splunk Search 06-18-2014 1 2	1	2