Splunk Search

Community Activity

Timechart count of -30d rolling window I'm looking to create a timechart of counts for a field where there is one bucket per day, and each bucket spans back... by hoiby Explorer in Splunk Search 04-22-2014 0 3	0	3
Condensing multiple table rows into one row I'm working with a database as my source (through DB Connect) and performing a bunch of different evals. When I go to... by willial Communicator in Splunk Search 04-22-2014 0 3	0	3
SimpleResultsTable page number When search results are displayed via a table, the following appears when the number of result rows exceeds the set l... by Ant1D Motivator in Splunk Search 04-22-2014 1 3	1	3
lookup doubts Hi, Need info on why lookup is necessary what is the use of it. I have a scenario under which i have indexed 30 rec... by harshavrath Contributor in Splunk Search 04-22-2014 0 9	0	9
How to group disparate data in stats (Interface Names and Routers) Here is my sample data: CoreRouter peer uplink speed -- Core1.stl gw1.stlouis f... by albyva Communicator in Splunk Search 04-22-2014 0 3	0	3
Using subsearches to narrow down main search to a specific source Hi, Say I'm collecting crash reports into log A (I'm extracting the PID using rex) and the activity leading to said ... by anz_leycurav Explorer in Splunk Search 04-22-2014 0 3	0	3
Lookup Table作成について Query上でoutputlookupコマンドを利用して作成したlookup csvファイルは、自動的にSettings > Lookups > Lookup table filesに生成されると認識していたのですが、実際にcsvファ... by appleman Contributor in Splunk Search 04-22-2014 0 2	0	2
Multiple diff commands in same search I am using diff to compare two results from a search. Everything works great if my search only returns two results. ... by JWBailey Communicator in Splunk Search 04-21-2014 0 1	0	1
Search query requirements Is it possible to require fields in a search query for specific users/roles? Non-power users or admins, they must ha... by bleung93 Path Finder in Splunk Search 04-21-2014 0 4	0	4
Colour the rows of dashboard Hi, I have created a dashboard in search named "dashboard_title", which shows the output result as follows: I want... by harshal_chakran Builder in Splunk Search 04-21-2014 0 3	0	3
update search head & indexer to 6.0.3 but not forwarders? I would like to update my search head and indexer (ver. 6.0 both) to version 6.0.3. Do I need to update all of my fo... by jollyjackster New Member in Splunk Search 04-21-2014 0 2	0	2
Plottng a value (cumulative) over time. Hi: I am feeding in Accounting data from my network equipment. This allows me to see what current active sessions I ... by matthewceroni New Member in Splunk Search 04-21-2014 0 1	0	1
Microsoft DNS debug logs. Massaging log format. I have sending DNS debug log from forwarder on Windows 2003 to Splunk indexer: The DNS names in the log appear like ... by ageld Path Finder in Splunk Search 04-21-2014 1 2	1	2
What does it mean the difference between "phoneHomeIntervalInSecs" and "handshakeRetryIntervalInSecs" ? Hi Splunkers, I cannot understand the difference between "phoneHomeIntervalInSecs" and "handshakeRetryIntervalInSecs... by sunrise Contributor in Splunk Search 04-21-2014 0 1	0	1
Time extraction from string? I have following values in a field +000 00:00:00.00 +000 00:00:00.03 +000 00:00:43.18 +000 00:00:20.69 +000 00:... by asifhj Path Finder in Splunk Search 04-21-2014 0 1	0	1
Filter search result to only include events that has top N largest values Hi - I am building a query as below: sourcetype=my-data \| eventstats count(request-id) as requestCountByService by... by Findekano Engager in Splunk Search 04-19-2014 0 1	0	1
Dynamically extract field names from multiline event I've got some log data that has a multi-line event this format: 2011-04-28 11:40:00\|ACTION\|1304005199906869\|stuff\|st... by frink Explorer in Splunk Search 04-18-2014 0 7	0	7
simple xml for table display I am using the simple xml example from the "UI Examples" APP in the example the output is a count field. I would li... by hartfoml Motivator in Splunk Search 04-18-2014 0 1	0	1
Use subsearch results for dbquery I have a subsearch that finds destination IP's like this [search sourcetype=ids sid=xxxx \| dedup dst \| table dst] I... by hartfoml Motivator in Splunk Search 04-18-2014 0 8	0	8
Finding/displaying date range I have a process running on 50 servers that processes 4 files into a SQL DB and then writes to a log file the name of... by jsmith39 Path Finder in Splunk Search 04-18-2014 0 4	0	4
How can i get ip address from postfix logs Hi, How can i get ip address from like under log?? --- Sep 13 23:55:42 mailhost1 postfix/smtpd[15824]: [ID 197553 m... by saito0910 Engager in Splunk Search 04-18-2014 0 2	0	2
How to pass a parameter from one search query to another as a search argument? Hello, I have a situation where I want to do the following: search field_1 from (index_1 and sourcetype_1) and then ... by pramit46 Contributor in Splunk Search 04-17-2014 0 8	0	8
Multiprocessing funcion "Pool()" cannot be used in my lookup external python script on Linux. Hello, I cannot use one of multiprocessing functions, "Pool()" in my lookup external python script on CentOS 6.3 wit... by Suda Communicator in Splunk Search 04-17-2014 0 3	0	3
Trying to get the first 10 events based on sourcetype I'm trying to get the first 10 or so events per sourcetype but the methodology is escaping me. You can't simply use t... by Runals Motivator in Splunk Search 04-17-2014 0 2	0	2
how to retrieve the IE version using splunk I have a farm of Windows Boxes, and it's a pain to figure which versions of IE they are running on. The only place I ... by mataharry Communicator in Splunk Search 04-17-2014 2 2	2	2