Splunk Search

Community Activity

Correlate cs_uri and referer Is there a way to correlate two or more events which share the same cs_uri and referer and occurring within a specifi... by dmdicki New Member in Splunk Search 05-20-2014 0 1	0	1
Extracting Fields from Varying Lengths of Unlabeled Logs Given the following log output (timestamps denote the start of a new line), I am trying to graph the bolded value... by ctallarico20 Path Finder in Splunk Search 05-20-2014 0 1	0	1
How does the splunk search works? When i enter a search query , say (index=* \| stats values(source) by host) How does this fetch the data from the inde... by splunker12er Motivator in Splunk Search 05-20-2014 0 2	0	2
Concurrent search (user Vs system) Hello, I have, 1 search head (8 cores \| 16Gb RAM)4 indexers (24 cores each \| 32Gb RAM) I calculated Sytem wide Co... by splunker12er Motivator in Splunk Search 05-20-2014 2 2	2	2
Durations for Individual Events after grouping them together I have strings of individual events that can be grouped together by a person's unique ID. What I need to figure out i... by cmerriman Super Champion in Splunk Search 05-20-2014 0 2	0	2
API search limits to 1000 results When I use the Splunk API (from node.js) to query a given sid, I only get back 1000 results, even when supplying the ... by j6white Path Finder in Splunk Search 05-20-2014 3 6	3	6
Trouble With Captchas on edit I'm gettging 100% Captcha rejection trying to posting an edit of an earlier post by JimDeich Path Finder in Splunk Search 05-20-2014 1 4	1	4
length of RT searches? I am attempting to find out how long a RT search will go for before it simply stops. If I crank up my session time-... by tmarlette Motivator in Splunk Search 05-20-2014 0 3	0	3
Pulling Last Integer Value from Unlabeled Field Hi, this is a 3-line sample of my data: What I'm trying to do is get ahold of the last two fields (524288000 and 188... by ctallarico20 Path Finder in Splunk Search 05-20-2014 0 6	0	6
Removing duplicate events following eachother in a transaction I am creating transactions based on userId like this to find paths taken by a user in a session: * \| transaction mvl... by merethhe Engager in Splunk Search 05-20-2014 0 3	0	3
Search Optimization Hi, I've got ~15.000 events where FieldA exists (in total there are 20.000.000 events). I want to filter out these e... by HeinzWaescher Motivator in Splunk Search 05-20-2014 0 3	0	3
Pass arguments from one search to another Hello guys, I am trying to perform simple search, but with no success right now. Here's my sample search, just chan... by atanasmitev Path Finder in Splunk Search 05-20-2014 0 2	0	2
Filtering WinEventLog:Security Good day I read a few answers on the WinEventLog:Security filtering but it does not cover the answers I'm looking fo... by denisevw Path Finder in Splunk Search 05-20-2014 0 4	0	4
Timechart drops empty results - causes trouble with predict Hi, I am doing a prediction with a "timechart count" as base search, which works fine: index=logins username \| time... by Olli1919 Path Finder in Splunk Search 05-19-2014 1 3	1	3
Hunk Jobs not getting finalized Yarn HDP 2.x Hi, I have a cluster with HDP 2.x setup.The data connected to the virtual index has 384007 events. When i run a norm... by eseepnoname Explorer in Splunk Search 05-19-2014 1 7	1	7
earliest, latest and time variables Hi all, I have a requirement to create a dashboard view with following search: <searchString> index="my_index" publ... by antonioformato Explorer in Splunk Search 05-19-2014 2 6	2	6
Timechart: How can I chart actual time vs. actual values Hi, I am trying to chart a value over time, and the value may occur every few seconds, once per hour, once per day or... by proletariat99 Communicator in Splunk Search 05-19-2014 0 3	0	3
rfc5424_syslog is not showing in source type list After I installed rfc5424 app, rfc5424_syslog is not showing in source_type drop down list. Is it suppose to show? o... by wlifeng New Member in Splunk Search 05-19-2014 0 1	0	1
Do you have a plan to support multi character for field extractor Hi my Name is JaeHyun, Cho I lives in korea. my question is why splunk not allow multi charactor fields? some cli... by gimapei New Member in Splunk Search 05-19-2014 0 1	0	1
Splunk Saved and Scheduled Search Hi, I created a saved search and also I created an alert which was scheduled on every friday. Now, last friday I rec... by abhayneilam Contributor in Splunk Search 05-19-2014 0 8	0	8
Problem with a query not returning proper data with nested search I have a query that has two nested searches, it has been working correctly for at least a few years when I was using ... by rmcfarla Explorer in Splunk Search 05-19-2014 0 4	0	4
how to avoid to use join Hi, I'm using Splunk 6.1 and I have two sourcetype for my data: the first contains a list of events of this type id ... by RiccardoV Communicator in Splunk Search 05-19-2014 0 1	0	1
Custom Command error When i execute a Custom command which returns a python dictionary, i get the below error: 0 0 0 0 0 302 0 653k --:--... by sibbsnb Path Finder in Splunk Search 05-19-2014 0 2	0	2
dbquery show database name in results When using the DB connector, is it possible to show either the hostname or a fixed string alongside the query results... by Lazarix Communicator in Splunk Search 05-19-2014 1 7	1	7
Problem with getting all non matching events with outer join Hello, is there an easy possibility to get all events that have non matching field values after an outer join? Here ... by C_Sparn Communicator in Splunk Search 05-19-2014 0 3	0	3