Splunk Search

Community Activity

Error using lookup table Hello I am running the following search with the end aim of using the 'map' functionality to plot the results but wh... by ahogbin Communicator in Splunk Search 06-17-2014 0 1	0	1
How to rename _time column How to rename the _time to TIME in the below query: \|inputlookup currentesdorders.csv \| dedup ORDER_NUMBER \| where O... by webnair Explorer in Splunk Search 06-17-2014 2 3	2	3
How can I add new columns and name them by result or subsearch? Hi! I would like to draw a chart with stacked bars , but I don't know how to add columns depend on result. for exampl... by millie Engager in Splunk Search 06-17-2014 1 2	1	2
Limiting Forwarding Throughput Hi, We are trying to limit the maxKBps of a couple forwarders to 30 KBps. We are doing this because the app on those ... by AppServices Explorer in Splunk Search 06-17-2014 1 7	1	7
How to get sum for unique field values? Hi, I saw that there is dc so we can get the distinct count but what if I want to get the sum for unique field value... by xvxt006 Contributor in Splunk Search 06-17-2014 1 2	1	2
Chart column widths How do I specify a minimum width for columns in a column chart? The documentation very usefully says columnStyle sty... by chrmcq Explorer in Splunk Search 06-17-2014 2 9	2	9
Sorting the stats values results by count, and include count in results I am trying to get a search result that shows a single IP associated with all of its user agents, but I would like th... by soundchaos Path Finder in Splunk Search 06-17-2014 1 5	1	5
Return fields from subsearch but not used as filter in outer search Hi all, can I return fields from subsearch but not used as filter in outer sesarch? Assuming the log1 contains fiel... by stwong Communicator in Splunk Search 06-17-2014 0 1	0	1
variable fields - re-arrange (tranpose) variables fields into one field for data aggregation Hi, I have data indexed with variable fields (csv data indexed as csv by Splunk) such as: timestamp device1 device2... by guilmxm Influencer in Splunk Search 06-17-2014 1 10	1	10
Is there a way to email more than 10K results sendemail command limits to 10k events. This number makes my automates search emails imcomplete. Is there anywhere I ... by suhprano Path Finder in Splunk Search 06-17-2014 4 7	4	7
newlines in stats command failure with savedsearch I've discovered that if you have newlines in a stats command in a savedsearch like this: \| stats values(blah), lis... by sloshburch Ultra Champion in Splunk Search 06-17-2014 1 1	1	1
matching logs we have two log files one is ids logs and another is waf we want to check for source address which are common in bot... by somu2014 New Member in Splunk Search 06-17-2014 0 1	0	1
question regarding correlating two different device logs hiii we are having waf and ids the ip passes from ids and waf so i need to correlate the ip address and name fields ... by somu2014 New Member in Splunk Search 06-17-2014 0 3	0	3
Too many search jobs found in the dispatch directory (found=28834, warning level=2000). This could negatively impact Splunk's performance, consider removing some of the old search jobs. The above warning message is displayed in th GUI with the following error message: [JobManager module] Splunkd daemo... by uayub Path Finder in Splunk Search 06-17-2014 0 2	0	2
find logs for IP Address hello, I want to search proxy logs for 2 different area of ip address ? (like from x.x.x.x to y.y.y.y and from x1.x... by hyahmadi Explorer in Splunk Search 06-17-2014 0 3	0	3
Reduce a result set using the foreach splunk search command The result of a splunk query is the following: Result set 1: method success failures Over_method1 Over_metho... by lpolo Motivator in Splunk Search 06-17-2014 0 3	0	3
Custom Search Lite app I have an odd requirement where I want to limit the index, source or sourcetype for my end users. I have had a quick... by nickstone Path Finder in Splunk Search 06-17-2014 0 2	0	2
Ideas on a timechart with large volume Hi! I have a timechart that run every ten minutes but the event volume is very high and sometimes the query won't com... by subtrakt Contributor in Splunk Search 06-16-2014 0 6	0	6
Redefining MAX size for production indexes Hello all, I am helping a partner who have a couple of indexes very closed to the MAX limit. They want to re-defin... by wdeoliveira_spl Splunk Employee in Splunk Search 06-16-2014 0 1	0	1
Concatenate onto Regex I'm trying to concatenate something onto one of my regex's. ie: index=eph \| rex "EPH(?P<EPHID>\d+)" \| table EPHID, ... by edschembor Path Finder in Splunk Search 06-16-2014 1 2	1	2
operations on field values within multiple rows of the same source I have one source and I need to use the field values from multiple rows to come up with an average. I have the data a... by trailhead26 New Member in Splunk Search 06-16-2014 0 8	0	8
Standardizing Account_Name for Event 4769 to match others? I'm trying to use EventCode 4769 along with several other EventCodes in a search and am running into the problem that... by kearaspoor SplunkTrust in Splunk Search 06-16-2014 0 2	0	2
Search users who access url1, url2 but not url3 I am analyzing Apache web access log and want to search all clientip who accessed url1, url2 but not url3. Meanwhile,... by xuguang New Member in Splunk Search 06-16-2014 0 2	0	2
Is there a way to use wildcards or regex in lookup csv file? Hello Following up on a previous question about lookups I am looking for a way to either use or simulate wildcards i... by wsw70 Communicator in Splunk Search 06-16-2014 1 2	1	2
lookup file not queried? Hello I have a search which reports a field N_os (a string indicating an Operating System). I wanted values from thi... by wsw70 Communicator in Splunk Search 06-16-2014 0 5	0	5