Splunk Search

Community Activity

Count logging systems Is there a fast way to count all logging systems to a certain index? Currently I use the "stats" command with the "di... by FRoth Contributor in Splunk Search 03-18-2014 0 2	0	2
get uncommon results from two files Hi , I am joining two files based on the common field, now i want results which are not common, how do in get uncom... by kavyatim Path Finder in Splunk Search 03-18-2014 0 2	0	2
Sort months according to calender in splunk Hi I have a date field called Time_Line(01-Jan-13) in my source file. My search query is: source=foo \| eval startd... by ncbshiva Communicator in Splunk Search 03-18-2014 0 2	0	2
Display IP address and hostname from DNS Search arpa data Searches of DNS logs, sourcetype=dns, reveal records with information of the form *.in-addr.arpa While I can reverse ... by landen99 Motivator in Splunk Search 03-18-2014 0 2	0	2
Partial Matching Hi all, How do we check field2 contains field1? Please help. Field1 Value= CA6 Field2 Value= IA6,CA6,CA8,CA9,CA10,... by rsathish47 Contributor in Splunk Search 03-18-2014 0 2	0	2
How to remove "N/A" while the SingleValue query loads Hi, I have a Postprocess search command in a Dashboard , which wait for couple of seconds to display the output. I ... by harshal_chakran Builder in Splunk Search 03-17-2014 0 2	0	2
how can i use a single character wildcard in inputs.conf? I have a need to monitor files that look like this: host one = /path/to/base/app/App1/App1.{pidnumber}.log /path/t... by GeorgeStarkey Path Finder in Splunk Search 03-17-2014 1 1	1	1
remove specific columns from a table using a search command Hi, I have written a search query in Advanced XML dashboard, which displays the table as follows, parameter val... by harshal_chakran Builder in Splunk Search 03-17-2014 0 3	0	3
Time Stamp Question Quick question, is Splunk supposed to be able to understand a time stamp string like this; 2014 Mar 14 20:51:10:981 ... by OldManEd Builder in Splunk Search 03-17-2014 0 6	0	6
# of RT Search Increase I am attempting to incrase the number of RealTime searches a search head can spin up at one time. I am getting this m... by tmarlette Motivator in Splunk Search 03-17-2014 0 1	0	1
Display table along with percentage Hi I need to display table along with percentage This is my search query : source=foo \| fields DS_CLIENTE,DS_STATUS... by ncbshiva Communicator in Splunk Search 03-17-2014 0 3	0	3
show multiple rows per one user Hi, I have data that gives these fields: user and error code. I am trying to count the amount of certain errors PER... by bcusick Communicator in Splunk Search 03-17-2014 0 5	0	5
Grouping result after stats Hi I have a search like this host=A \|stats last("Status") by TaskId I like to group the result of above query by St... by SplunkBaby Explorer in Splunk Search 03-17-2014 0 6	0	6
Splunk db connect: "host is not allowed to connect to MySQL" I'm trying to connect to the database of another server for me to build dashboards but i can't connect. anyone here k... by aquillius New Member in Splunk Search 03-17-2014 0 1	0	1
One field in a lookup file referring to other fields in another lookup file. I have a weird situation. 1) I have a sourcetype "transactions" in which it has a field called "account_number". 2)... by thirumalreddyb Communicator in Splunk Search 03-17-2014 0 1	0	1
stats command gives complete result in dashbaord not in alert Below query gives the results like : index=* \| stats values(SERVICENAME) as SERVICE by HOST HOST SERVICE ----- ---... by splunker12er Motivator in Splunk Search 03-16-2014 0 8	0	8
Line breaking - regex and capturing group Hello, Need some help on regex here, am sure i maybe making mistake here but.. I don't undesrtand the problem in splu... by armonsal Explorer in Splunk Search 03-15-2014 0 1	0	1
Why is the count field in this search not being written? Hi, I'm trying to collect the number of emails with the same subject line into a summary index. Problem is, whilst ... by DerekKing Path Finder in Splunk Search 03-14-2014 0 5	0	5
convert the date in required format Hai i have a field which has dates example : 1-Oct-13 4-Dec-13 28-Oct-13 I have to convert to b... by ncbshiva Communicator in Splunk Search 03-14-2014 0 1	0	1
Splunk set diff I am comparing the results of two search queries using "\| set diff [search1][search2]". This works correctly in that ... by LordShacks New Member in Splunk Search 03-14-2014 0 3	0	3
How to create a new fields based on some characters in _raw log I wanted to create a new field name like 'Country' from the incoming logs based on some characters in the hostname. ... by splunker12er Motivator in Splunk Search 03-14-2014 0 6	0	6
How to apply rex for a field on mutiple sources Hello I am trying to change the data of the host field which has already been indexed. The host field has values in ... by theouhuios Motivator in Splunk Search 03-14-2014 0 6	0	6
Filter values after timechart Hello, i want to have a search which shows me in 10 minute span how often something did happen. i only want to displ... by Matthias_BY Communicator in Splunk Search 03-14-2014 0 2	0	2
How can we do drilldown saved searches in splunk sideview. I have saved searches in my app. In human words my requirement is: 1. Save the search 2. save the next search 3. s... by disha Contributor in Splunk Search 03-14-2014 0 3	0	3
Can segmentation be done for sourcetypes and indexes? Hello I have a syslog server which is being used to collect various network oriented data. For example if its a Arub... by theouhuios Motivator in Splunk Search 03-14-2014 0 24	0	24