Splunk Search

Community Activity

Search Optimization Hi, I've got ~15.000 events where FieldA exists (in total there are 20.000.000 events). I want to filter out these e... by HeinzWaescher Motivator in Splunk Search 05-20-2014 0 3	0	3
Pass arguments from one search to another Hello guys, I am trying to perform simple search, but with no success right now. Here's my sample search, just chan... by atanasmitev Path Finder in Splunk Search 05-20-2014 0 2	0	2
Filtering WinEventLog:Security Good day I read a few answers on the WinEventLog:Security filtering but it does not cover the answers I'm looking fo... by denisevw Path Finder in Splunk Search 05-20-2014 0 4	0	4
Timechart drops empty results - causes trouble with predict Hi, I am doing a prediction with a "timechart count" as base search, which works fine: index=logins username \| time... by Olli1919 Path Finder in Splunk Search 05-19-2014 1 3	1	3
Hunk Jobs not getting finalized Yarn HDP 2.x Hi, I have a cluster with HDP 2.x setup.The data connected to the virtual index has 384007 events. When i run a norm... by eseepnoname Explorer in Splunk Search 05-19-2014 1 7	1	7
earliest, latest and time variables Hi all, I have a requirement to create a dashboard view with following search: <searchString> index="my_index" publ... by antonioformato Explorer in Splunk Search 05-19-2014 2 6	2	6
Timechart: How can I chart actual time vs. actual values Hi, I am trying to chart a value over time, and the value may occur every few seconds, once per hour, once per day or... by proletariat99 Communicator in Splunk Search 05-19-2014 0 3	0	3
rfc5424_syslog is not showing in source type list After I installed rfc5424 app, rfc5424_syslog is not showing in source_type drop down list. Is it suppose to show? o... by wlifeng New Member in Splunk Search 05-19-2014 0 1	0	1
Do you have a plan to support multi character for field extractor Hi my Name is JaeHyun, Cho I lives in korea. my question is why splunk not allow multi charactor fields? some cli... by gimapei New Member in Splunk Search 05-19-2014 0 1	0	1
Splunk Saved and Scheduled Search Hi, I created a saved search and also I created an alert which was scheduled on every friday. Now, last friday I rec... by abhayneilam Contributor in Splunk Search 05-19-2014 0 8	0	8
Problem with a query not returning proper data with nested search I have a query that has two nested searches, it has been working correctly for at least a few years when I was using ... by rmcfarla Explorer in Splunk Search 05-19-2014 0 4	0	4
how to avoid to use join Hi, I'm using Splunk 6.1 and I have two sourcetype for my data: the first contains a list of events of this type id ... by RiccardoV Communicator in Splunk Search 05-19-2014 0 1	0	1
Custom Command error When i execute a Custom command which returns a python dictionary, i get the below error: 0 0 0 0 0 302 0 653k --:--... by sibbsnb Path Finder in Splunk Search 05-19-2014 0 2	0	2
dbquery show database name in results When using the DB connector, is it possible to show either the hostname or a fixed string alongside the query results... by Lazarix Communicator in Splunk Search 05-19-2014 1 7	1	7
Problem with getting all non matching events with outer join Hello, is there an easy possibility to get all events that have non matching field values after an outer join? Here ... by C_Sparn Communicator in Splunk Search 05-19-2014 0 3	0	3
Clarification on the search using OR Hi, There are logs coming from two sources (xxx.success, yyy.error) into one index.Fields are to be extracted from t... by Jananee_iNautix Path Finder in Splunk Search 05-19-2014 0 1	0	1
Repeating pattern in rex Hi all, I'm trying to get the string after the 3rd colon in following log entry using rex "^([^:]+:){3,3}(?P<uastr... by stwong Communicator in Splunk Search 05-19-2014 0 4	0	4
Need help arranging the table Hi, I have a used a inputcsv command, which looks on splunk as below The PARAMETER TIMESTAMP and VALUE are the heade... by harshal_chakran Builder in Splunk Search 05-18-2014 0 2	0	2
timechart with stats and eval Hi, Here's my query - ... 500 \| stats dc(WEB_IP) as TEST2 \| eval TEST1=WEBURL." ".TEST2 \| timechart count by TEST1... by subtrakt Contributor in Splunk Search 05-18-2014 0 16	0	16
Distributed search scheduled alerts on SH We have an indexer indexing events with _time 5 hours head and we have Distributed search from SH which looks at _ind... by Mag2sub Path Finder in Splunk Search 05-18-2014 0 17	0	17
Summary Indexing and Send data back to Indexers Hi, I have build a dedicated Search head for running scheduled search and get summary indexing data, now i think it ... by nikhilmehra79 Path Finder in Splunk Search 05-18-2014 0 2	0	2
Changing logo in the login screen Splunk 6.0 Hello to Everyone, I go straight to the point. I have followed the different answers posted here related to how to c... by splunker24 Explorer in Splunk Search 05-18-2014 2 4	2	4
dashboards with similiar data, but different timeframes Hi, I have a customer who created a dashboard with 28 unique searches. (Using Splunk 6.1.1). It's some cool stuff,... by a212830 Champion in Splunk Search 05-16-2014 0 4	0	4
Extracting the end of a URL Hi folks, I was wondering if there is a quick way to extract the end of a URL (within the URI portion) and put it in... by jravida Communicator in Splunk Search 05-16-2014 0 2	0	2
Is there a way to "speed up" this search? Outside of creating an accelerated search or upgrading hardware, is there a way to speed up the search below? This s... by echojacques Builder in Splunk Search 05-16-2014 1 10	1	10