Splunk Search

Community Activity

Can I split a field based on its values and graph as multi-series? I have a single numeric field that I want to timechart in ranges...i.e. rangemap the field into custom buckets, then ... by jheney New Member in Splunk Search 06-04-2014 0 1	0	1
Database lookup says its table doesn't exist I'm attempting to create my first database lookup. I followed this documentation, choosing to specify the fields dir... by redc Builder in Splunk Search 06-04-2014 0 2	0	2
Lookup table question Using Splunk v 5.04 I have a lookup table containing devicename,interfacename,speed . Each device name can have mul... by pitshot Explorer in Splunk Search 06-04-2014 0 3	0	3
Appendcols error doesn't make sense I have a query that works when I run it with a time range under 4 hours but anything at 4 hours or over, I get this e... by EricLloyd79 Builder in Splunk Search 06-04-2014 0 6	0	6
Results of a join search Hello I have the below search and it seems to work fine for the most part. The problem is that if search 2 does no... by brywilk_umich Path Finder in Splunk Search 06-04-2014 0 4	0	4
Unable to bind splunk to IP We would like to access Splunk Web from other hosts. We did a full splunk 5.0.1 (build: 143156) install on a Windows... by atewari Path Finder in Splunk Search 06-04-2014 0 8	0	8
Converting AM/PM time to 24 hour time for a view I have data that contains a field with dates and times formatted as such: "5/18/14 7:04:04.000 PM". The date part is ... by nlapier2 Path Finder in Splunk Search 06-04-2014 0 1	0	1
Extract fields from antivirus summary I've been trying to use the field extractor to get some useful data from my Sophos Anti-virus scan log. Unfortunately... by thommck New Member in Splunk Search 06-04-2014 0 5	0	5
dbquery and outputlookup Hello, I'm running a dbquery and would like to save the results as a lookuptable.csv. \| dbquery mysearch \| outputlo... by HeinzWaescher Motivator in Splunk Search 06-04-2014 0 5	0	5
logical grouping of hosts - aggregate stats I have a situation where I want to report on events from 2 sets of servers where i can compare the aggregate counts. ... by desertpilotjc Explorer in Splunk Search 06-03-2014 0 1	0	1
"Unknown country" returned by iplocation? bug? iplocation bug? "UNKNOWN COUNTRY" is returned for ip addresses that actually have a known country? USA 208.65.40.98... by boris Path Finder in Splunk Search 06-03-2014 0 4	0	4
Different values of parameters Hi, I have below variations of uri patterns for a particular functionality. i want to list out query string paramete... by xvxt006 Contributor in Splunk Search 06-03-2014 0 4	0	4
Search to Pull Values from START log I have a search that monitor's failed PO's. Essentially the idea is to monitor the overall state of the txn, and whe... by _gkollias Builder in Splunk Search 06-03-2014 0 2	0	2
How to create an array of values from a field? Hello, I am trying to parse a field like the one below into an array of Key/Value pairs and access each array value ... by naveenurs Explorer in Splunk Search 06-03-2014 0 2	0	2
Two Search Heads One Indexer I have two Splunk instances, a development and a test platform. Can I have them both pointing to the same indexer wit... by kmattern Builder in Splunk Search 06-03-2014 0 7	0	7
Show source not available Hi. For some events in a particular index, users (including Admins) are getting an error of "Show Source not availab... by Sqig Path Finder in Splunk Search 06-03-2014 0 3	0	3
Top Limit 50000 results - Where to Change? In my local limits.conf file, on my Search Head, I have the following: [searchresults] maxresultrows = 100000 [s... by aferone Builder in Splunk Search 06-03-2014 1 5	1	5
splunk daemon error Hi All, whenever i am trying to search the query,i am getting following error. Splunkd daemon is not responding: ('... by mvaradarajam Path Finder in Splunk Search 06-03-2014 0 1	0	1
How to turn search '... \| extract access-extractions' into a props.conf file? Hey All, So i have some web logs, lets call them source type 'webbylogs'. If I search 'sourcetype=webbylogs \| extrac... by Pierceyuk Path Finder in Splunk Search 06-03-2014 0 4	0	4
Difference between input.conf and search results Hello, This is my input.conf on the iis server: [monitor://D:\IISLogs\W3SVC2] index=iis_db sourcetype=iis However,... by isaacyeo Engager in Splunk Search 06-02-2014 0 8	0	8
DB Connect - Oracle - Single quote in query I am have the following stanza in my inputs.conf. [dbmon-tail://DB/TABLE] interval = 1m query = SELECT SL_UID,SL_TIM... by johnoxley_liqui Engager in Splunk Search 06-02-2014 1 1	1	1
Is there a way to drilldown to two different dashboards depending on column i click? In my dashboard, it loads data into a table with 4 columns Now what i require is to drill down to Dashboard1 if any ... by adityapavan18 Contributor in Splunk Search 06-02-2014 1 2	1	2
How to pass a variable value from one search to another in advance xml? Hi, Following is the advance xml code, where I have defined a search command in a postprocess module and want to pas... by harshal_chakran Builder in Splunk Search 06-02-2014 0 3	0	3
Searches appearing in search results (yo dawg) When I search in the search application, my search terms are starting to appear in subsequent searches. So search fo... by bbegyperkspot Explorer in Splunk Search 06-02-2014 1 5	1	5
Joining multiple events via a common field. So I have three sources that i need to join together to view as one event. The three sources are NewWFL, MoneyNEW, an... by mgubser Explorer in Splunk Search 06-02-2014 0 5	0	5