Splunk Search

Community Activity

props.conf only partially applied to forwarded data source I'm attempting to set up a new daily data source which is sent to the indexer through the Splunk Fowarder. Unlike mo... by redc Builder in Splunk Search 03-24-2014 0 1	0	1
REGEX to find one-level DNS requests for filtering in transforms I'm trying to write a regex to match DNS names with only one level in Windows debug logs. I don't want to index thos... by wbfoxii Communicator in Splunk Search 03-24-2014 0 4	0	4
Determine which server in search head pool is being used I'd like to have some indication of which server in a search head pool I am currently using. For instance, having the... by rtadams89 Contributor in Splunk Search 03-24-2014 0 4	0	4
Heavy Forwarder REGEX Filting Issues Hi All, I am having difficulty finding in-depth documentation on REGEX syntax, and I am attempting to filter out [Wi... by dscoland Path Finder in Splunk Search 03-24-2014 0 9	0	9
how to distribute dynamic data to indexers from search heads for use by custom command on indexers? Hi Devs/Folks, I'm developing an alternate "lookup" command (in python) that doesn't use the standard CSV system. I'... by redspot New Member in Splunk Search 03-24-2014 0 3	0	3
Lookups with backslash in key Hi, We're analazing database logs. From SyBase, Oracle and MSSQL. MSSQL full db instances contain a \ e.g. MSNG123\M... by JensT Communicator in Splunk Search 03-24-2014 0 2	0	2
Deployment,Search Head,Indexer,Forwarder simple setup Please correct my simple step by step in linux environment: Forwarder : -Install splunkforwarder, accept license, en... by rjantarasami New Member in Splunk Search 03-24-2014 0 1	0	1
access.log indexed multiple time Splunk is monitoring access log file using the stanza below [monitor:///opt/logging/prodops_httpd] blacklist = (\.... by rbal_splunk Splunk Employee in Splunk Search 03-23-2014 0 1	0	1
Extract a field which apears only in the first event of a transaction I have the following to display average latency. It can be accelerated (vs. using the transaction command). Now I wou... by eisaak Engager in Splunk Search 03-23-2014 1 1	1	1
Field discovery/extraction works but extracted field values are not found in searches. Greetings, I apologize in advance for the long post. Problem abstract: field discovery and extract work great, but s... by kscher Path Finder in Splunk Search 03-23-2014 0 9	0	9
How to extract time-taken from IIS logs We are trying to build an alert based on the 'time-taken' IIS field; the query we have is: sourcetype=iis_logs host=... by yennaciri New Member in Splunk Search 03-23-2014 0 1	0	1
Creating Indexed Field Extraction from Source -- FORMAT I have been trying to extract an indexed field by using the transforms.conf file. Here's a sample: [serviceName] SOU... by Dave98 New Member in Splunk Search 03-22-2014 0 9	0	9
populatingSearch not working -- Search works as standalone search Very simple search string which works fine in free search. Similar searches like this work fine for other fields. The... by neiljpeterson Communicator in Splunk Search 03-22-2014 0 2	0	2
how to take out numeric numbers at the end of the event? Hi all, I need little help from good Regexp guy, or may be i m so bad that the guy could be moderate. I have a log ... by axl88 Communicator in Splunk Search 03-21-2014 0 7	0	7
Not eventtype Is it possible to create an eventtype called dns_google set as "src_ip=8.8.8.8 src_ip=4.2.2.2" and then treat it like... by landen99 Motivator in Splunk Search 03-21-2014 0 13	0	13
Join / Append columns Hi, I would like to join or append 2 dataseries and try the function append/ join. However, the result is not real... by shangshin Builder in Splunk Search 03-21-2014 0 1	0	1
whoami doesn't support external lookup? I have installed the app whoami. when I use it as a command from splunkweb search, it works as expected. But when I ... by soe_hlawin Explorer in Splunk Search 03-21-2014 0 5	0	5
prestats vs stats In $SPLUNK_HOME/var/run/splunk/dispatch/1312323432.11 is see: 03-19-2014 17:02:11.147 INFO SearchParser - PARSING... by rroberts Splunk Employee in Splunk Search 03-21-2014 0 2	0	2
Can I define string buckets with regular expressions (regex)? Hello, Here is the data format: 00:00:01 subject=A.A 00:00:01 subject=B.A 00:00:01 subject=A.A.A 00:00:01 subject=A... by manus Communicator in Splunk Search 03-21-2014 0 1	0	1
Pulldown module outputs multiple result Hi, I want to use a Pulldown module globally like timepicker ( If we use timepicker , the entire dashboard gets refr... by abhayneilam Contributor in Splunk Search 03-21-2014 1 1	1	1
compare field values for VPN times Hi, I have a search that combines 2 sources (VPN and another event system - system B). I am trying to pinpoint if e... by bcusick Communicator in Splunk Search 03-21-2014 0 10	0	10
REGEX not picking up all results This is the SPLUNK generated pattern - (?i)"Label\\":\\"(?P<FIELDNAME>[^\\]+) Label is the field in the API Fieldnam... by edrad80 New Member in Splunk Search 03-21-2014 0 4	0	4
What is a HTTPDispatch? Hi all. I have a crashlog in my slpunk.(4.3) Recently, my splunk server has shutdown very often. Below is a part of... by joy76 Path Finder in Splunk Search 03-21-2014 0 1	0	1
Lookup table not giving results. Hi all, I've trying to establish a lookup table that is used in a query (query below). I've setup the lookup table i... by neonmonarch Engager in Splunk Search 03-20-2014 0 3	0	3
Header extraction rename I am monitoring several BizTalk\MSMQ perfmon counters (Host Counters, General Counters, MSMQ Queue, MSMQ Service). I ... by ShaneNewman Motivator in Splunk Search 03-20-2014 0 2	0	2