Splunk Search

Community Activity

Only show certain transactions Hi, I want to show events that were executed during someone's VPN session. I can create a transaction that pulls fr... by bcusick Communicator in Splunk Search 03-25-2014 0 2	0	2
Unable to read date properly from a mysql-log file I have a file something like below: 140215 4:07:49 [Note] Plugin 'FEDERATED' is disabled. 140215 4:07:49 InnoDB: ... by pradeep6kumar Engager in Splunk Search 03-25-2014 0 1	0	1
Display images instead of field values I have to replace some the table fields with strings like 'ok','warning','critical' with some images. I have added s... by username021 Explorer in Splunk Search 03-25-2014 0 8	0	8
How can I rename the host names for my chart? I have a chart that graphs by hostnames, but I don't want to see the fully qualified domain of each host. How could... by Simeon Splunk Employee in Splunk Search 03-24-2014 3 4	3	4
Summary / accelerate query counting disjoint indexed events I have a relatively large number of events being indexed and funneled into its own index based on source & source typ... by shawnce Engager in Splunk Search 03-24-2014 0 6	0	6
props.conf only partially applied to forwarded data source I'm attempting to set up a new daily data source which is sent to the indexer through the Splunk Fowarder. Unlike mo... by redc Builder in Splunk Search 03-24-2014 0 1	0	1
REGEX to find one-level DNS requests for filtering in transforms I'm trying to write a regex to match DNS names with only one level in Windows debug logs. I don't want to index thos... by wbfoxii Communicator in Splunk Search 03-24-2014 0 4	0	4
Determine which server in search head pool is being used I'd like to have some indication of which server in a search head pool I am currently using. For instance, having the... by rtadams89 Contributor in Splunk Search 03-24-2014 0 4	0	4
Heavy Forwarder REGEX Filting Issues Hi All, I am having difficulty finding in-depth documentation on REGEX syntax, and I am attempting to filter out [Wi... by dscoland Path Finder in Splunk Search 03-24-2014 0 9	0	9
how to distribute dynamic data to indexers from search heads for use by custom command on indexers? Hi Devs/Folks, I'm developing an alternate "lookup" command (in python) that doesn't use the standard CSV system. I'... by redspot New Member in Splunk Search 03-24-2014 0 3	0	3
Lookups with backslash in key Hi, We're analazing database logs. From SyBase, Oracle and MSSQL. MSSQL full db instances contain a \ e.g. MSNG123\M... by JensT Communicator in Splunk Search 03-24-2014 0 2	0	2
Deployment,Search Head,Indexer,Forwarder simple setup Please correct my simple step by step in linux environment: Forwarder : -Install splunkforwarder, accept license, en... by rjantarasami New Member in Splunk Search 03-24-2014 0 1	0	1
access.log indexed multiple time Splunk is monitoring access log file using the stanza below [monitor:///opt/logging/prodops_httpd] blacklist = (\.... by rbal_splunk Splunk Employee in Splunk Search 03-23-2014 0 1	0	1
Extract a field which apears only in the first event of a transaction I have the following to display average latency. It can be accelerated (vs. using the transaction command). Now I wou... by eisaak Engager in Splunk Search 03-23-2014 1 1	1	1
Field discovery/extraction works but extracted field values are not found in searches. Greetings, I apologize in advance for the long post. Problem abstract: field discovery and extract work great, but s... by kscher Path Finder in Splunk Search 03-23-2014 0 9	0	9
How to extract time-taken from IIS logs We are trying to build an alert based on the 'time-taken' IIS field; the query we have is: sourcetype=iis_logs host=... by yennaciri New Member in Splunk Search 03-23-2014 0 1	0	1
Creating Indexed Field Extraction from Source -- FORMAT I have been trying to extract an indexed field by using the transforms.conf file. Here's a sample: [serviceName] SOU... by Dave98 New Member in Splunk Search 03-22-2014 0 9	0	9
populatingSearch not working -- Search works as standalone search Very simple search string which works fine in free search. Similar searches like this work fine for other fields. The... by neiljpeterson Communicator in Splunk Search 03-22-2014 0 2	0	2
how to take out numeric numbers at the end of the event? Hi all, I need little help from good Regexp guy, or may be i m so bad that the guy could be moderate. I have a log ... by axl88 Communicator in Splunk Search 03-21-2014 0 7	0	7
Not eventtype Is it possible to create an eventtype called dns_google set as "src_ip=8.8.8.8 src_ip=4.2.2.2" and then treat it like... by landen99 Motivator in Splunk Search 03-21-2014 0 13	0	13
Join / Append columns Hi, I would like to join or append 2 dataseries and try the function append/ join. However, the result is not real... by shangshin Builder in Splunk Search 03-21-2014 0 1	0	1
whoami doesn't support external lookup? I have installed the app whoami. when I use it as a command from splunkweb search, it works as expected. But when I ... by soe_hlawin Explorer in Splunk Search 03-21-2014 0 5	0	5
prestats vs stats In $SPLUNK_HOME/var/run/splunk/dispatch/1312323432.11 is see: 03-19-2014 17:02:11.147 INFO SearchParser - PARSING... by rroberts Splunk Employee in Splunk Search 03-21-2014 0 2	0	2
Can I define string buckets with regular expressions (regex)? Hello, Here is the data format: 00:00:01 subject=A.A 00:00:01 subject=B.A 00:00:01 subject=A.A.A 00:00:01 subject=A... by manus Communicator in Splunk Search 03-21-2014 0 1	0	1
Pulldown module outputs multiple result Hi, I want to use a Pulldown module globally like timepicker ( If we use timepicker , the entire dashboard gets refr... by abhayneilam Contributor in Splunk Search 03-21-2014 1 1	1	1