Splunk Search

Community Activity

how to take timestamp from this Dear all, I need your help to how to remove timestamp from this field. 2014-05-19T03:25:26.000-04:00 There is TO w... by gajananh999 Contributor in Splunk Search 06-10-2014 0 4	0	4
Find index retention stats Hi, I would like to get the following stats in a distributed index setup: index name, current size of index (sum all... by shankern Explorer in Splunk Search 06-10-2014 0 3	0	3
How to give output of first search to second search input? ![alt text][1]I have log files with errors and warnings so my requirement is first events show only errors or warnin... by frankharry New Member in Splunk Search 06-09-2014 0 1	0	1
Splunk - retrieve nth word in a string Hi, How can I retrieve nth word in a string using rex or other alternatives? For example: "ABC BBC XYZ QAS" "POP IM... by rupesh30n Explorer in Splunk Search 06-09-2014 0 4	0	4
db lookup not found Hi, I just added a db lookup (via db connect), and when I try to use it via a search, I get a "lookup table does not... by a212830 Champion in Splunk Search 06-09-2014 2 1	2	1
what are the calculated differences between stats and eventstats? The result from this search: index=_internal \| eval something=case(kb!="0", "1") \| stats sum(something) as sumST \| st... by kingsizebk Path Finder in Splunk Search 06-09-2014 0 6	0	6
How to remove your own searches I am creating a dashboard for failed login, however, in the table created, there will be rows with all "" as values- ... by chungmp New Member in Splunk Search 06-09-2014 0 1	0	1
Adding help for custom search commands in splunk 6? Hi all, I have created custom search command. I need to add a custom search command to the list that search help pop... by rsathish47 Contributor in Splunk Search 06-09-2014 0 3	0	3
Splunk search not returning results prior to ./splunk clean eventdata As the title says, after cleaning the event data and reindexing, the splunk search doesn't return events prior to the... by wtian4 Engager in Splunk Search 06-09-2014 0 1	0	1
時間の計算方法を教えてください時間の計算を行い、各端末がどれぐらいの時間使用しているか調査したいと考えています。このような例のログになります。時間 , 端末名 , ステータス 2014/6/5 12:00:00 , PC01 , ログイン 2014/6... by pisc Explorer in Splunk Search 06-08-2014 0 2	0	2
A search that does not produce results for "All time (real-time)" but does for "Today" It is a very simple search for a string. (Account lock outs to be precise) and as worked in the past. But just recent... by neiljpeterson Communicator in Splunk Search 06-06-2014 0 1	0	1
Regular expression for a pattern Hi we have some uri's as shown below which have 2 words (/verify/abrasives) before /ecatalog and 3 words and 4 words.... by xvxt006 Contributor in Splunk Search 06-06-2014 0 3	0	3
List of top client IP's each with their most common user agent I am trying to find a search command that will get me a list of my top 20 client ip addresses (c_ip) along with each ... by soundchaos Path Finder in Splunk Search 06-06-2014 0 3	0	3
Splunk DB Connect Error - NullValuePointerException I am getting this error on some data I am trying to push into a Teradata database: command="dboutput", Unexpected er... by ShaneNewman Motivator in Splunk Search 06-06-2014 1 16	1	16
Regex apache log when field is undefined We have some apache logs that I've added the %D (response time in microseconds) log config to at the very end. The s... by DFresh4130 Path Finder in Splunk Search 06-06-2014 0 3	0	3
Get the number of similar rows in table in splunk having count greater than 100 I have a splunk query like this index=main_branch* \| table email_id file_size_in_bytes I want to count for simila... by sanchitlohia Explorer in Splunk Search 06-06-2014 0 6	0	6
tsidx size limits Is there a way to set a max size on the entire tsidxstats or even a single set of tsidxstats? I have the Splunk for ... by jtrucks Splunk Employee in Splunk Search 06-06-2014 3 2	3	2
Adjust fieldvalue (regex) Hi, I've got some fieldvalues like this: field=aaaaaaaabbbbccccddddeeeeeeeeeeee I would like to add a "-" after c... by HeinzWaescher Motivator in Splunk Search 06-06-2014 0 2	0	2
Database lookup returning no results I've set up a database lookup, but it's not returning any results; it should be returning 5 events. Here are the sce... by redc Builder in Splunk Search 06-05-2014 0 2	0	2
Means to generate a chart and then send it to non-Splunk users? A user has asked me if they can take a chart they just generated in Splunk and then send it to other users who don't ... by mfrost8 Builder in Splunk Search 06-05-2014 2 8	2	8
Can I use a macro within a macro? Wondering if it's possible to embed a macro into another macro. by Dimitri_McKay Splunk Employee in Splunk Search 06-05-2014 0 2	0	2
How to create a search that calculates percentage from 2 different values in the same field. New Splunk user. I am creating web dashboards and I want to calculate the percentage of successful status codes. Th... by Bliide Path Finder in Splunk Search 06-05-2014 0 2	0	2
round number from max () as and also avg() as I have a created a table using timechart with the max #. It generates a row of maximum of sourcetype. How would I r... by mmouse88 Path Finder in Splunk Search 06-04-2014 0 16	0	16
What forwarder versions am I running? Is there a search that I can run at the indexer that will tell me what versions my forwarders are on? by the_wolverine Champion in Splunk Search 06-04-2014 4 4	4	4
Can I split a field based on its values and graph as multi-series? I have a single numeric field that I want to timechart in ranges...i.e. rangemap the field into custom buckets, then ... by jheney New Member in Splunk Search 06-04-2014 0 1	0	1