Splunk Search

Community Activity

How to remove "N/A" while the SingleValue query loads Hi, I have a Postprocess search command in a Dashboard , which wait for couple of seconds to display the output. I ... by harshal_chakran Builder in Splunk Search 03-17-2014 0 2	0	2
how can i use a single character wildcard in inputs.conf? I have a need to monitor files that look like this: host one = /path/to/base/app/App1/App1.{pidnumber}.log /path/t... by GeorgeStarkey Path Finder in Splunk Search 03-17-2014 1 1	1	1
remove specific columns from a table using a search command Hi, I have written a search query in Advanced XML dashboard, which displays the table as follows, parameter val... by harshal_chakran Builder in Splunk Search 03-17-2014 0 3	0	3
Time Stamp Question Quick question, is Splunk supposed to be able to understand a time stamp string like this; 2014 Mar 14 20:51:10:981 ... by OldManEd Builder in Splunk Search 03-17-2014 0 6	0	6
# of RT Search Increase I am attempting to incrase the number of RealTime searches a search head can spin up at one time. I am getting this m... by tmarlette Motivator in Splunk Search 03-17-2014 0 1	0	1
Display table along with percentage Hi I need to display table along with percentage This is my search query : source=foo \| fields DS_CLIENTE,DS_STATUS... by ncbshiva Communicator in Splunk Search 03-17-2014 0 3	0	3
show multiple rows per one user Hi, I have data that gives these fields: user and error code. I am trying to count the amount of certain errors PER... by bcusick Communicator in Splunk Search 03-17-2014 0 5	0	5
Grouping result after stats Hi I have a search like this host=A \|stats last("Status") by TaskId I like to group the result of above query by St... by SplunkBaby Explorer in Splunk Search 03-17-2014 0 6	0	6
Splunk db connect: "host is not allowed to connect to MySQL" I'm trying to connect to the database of another server for me to build dashboards but i can't connect. anyone here k... by aquillius New Member in Splunk Search 03-17-2014 0 1	0	1
One field in a lookup file referring to other fields in another lookup file. I have a weird situation. 1) I have a sourcetype "transactions" in which it has a field called "account_number". 2)... by thirumalreddyb Communicator in Splunk Search 03-17-2014 0 1	0	1
stats command gives complete result in dashbaord not in alert Below query gives the results like : index=* \| stats values(SERVICENAME) as SERVICE by HOST HOST SERVICE ----- ---... by splunker12er Motivator in Splunk Search 03-16-2014 0 8	0	8
Line breaking - regex and capturing group Hello, Need some help on regex here, am sure i maybe making mistake here but.. I don't undesrtand the problem in splu... by armonsal Explorer in Splunk Search 03-15-2014 0 1	0	1
Why is the count field in this search not being written? Hi, I'm trying to collect the number of emails with the same subject line into a summary index. Problem is, whilst ... by DerekKing Path Finder in Splunk Search 03-14-2014 0 5	0	5
convert the date in required format Hai i have a field which has dates example : 1-Oct-13 4-Dec-13 28-Oct-13 I have to convert to b... by ncbshiva Communicator in Splunk Search 03-14-2014 0 1	0	1
Splunk set diff I am comparing the results of two search queries using "\| set diff [search1][search2]". This works correctly in that ... by LordShacks New Member in Splunk Search 03-14-2014 0 3	0	3
How to create a new fields based on some characters in _raw log I wanted to create a new field name like 'Country' from the incoming logs based on some characters in the hostname. ... by splunker12er Motivator in Splunk Search 03-14-2014 0 6	0	6
How to apply rex for a field on mutiple sources Hello I am trying to change the data of the host field which has already been indexed. The host field has values in ... by theouhuios Motivator in Splunk Search 03-14-2014 0 6	0	6
Filter values after timechart Hello, i want to have a search which shows me in 10 minute span how often something did happen. i only want to displ... by Matthias_BY Communicator in Splunk Search 03-14-2014 0 2	0	2
How can we do drilldown saved searches in splunk sideview. I have saved searches in my app. In human words my requirement is: 1. Save the search 2. save the next search 3. s... by disha Contributor in Splunk Search 03-14-2014 0 3	0	3
Can segmentation be done for sourcetypes and indexes? Hello I have a syslog server which is being used to collect various network oriented data. For example if its a Arub... by theouhuios Motivator in Splunk Search 03-14-2014 0 24	0	24
Shorter maxspan delivers more results We have build a query spanning multiple source types. We try to create a simple transaction with one field. The resul... by cmeerbeek Path Finder in Splunk Search 03-14-2014 0 2	0	2
Building a Search for Comparison/Match I have a search that brings up specific order types by order numbers that begin with a 7: index=contract_gateway sou... by _gkollias Builder in Splunk Search 03-14-2014 0 2	0	2
Problem with rex not doing anything at all, not even in its simplest form! Hi, I am trying to extract the string after the first space, so for ex. I need to extract: "02-main-menu" for the fir... by fere Path Finder in Splunk Search 03-14-2014 1 5	1	5
INFO, ERROR and FATAL Hi all, if a log has the following types of log entries (INFO, ERROR, FATAL), how do I get splunk to recognise those ... by ycalpu New Member in Splunk Search 03-13-2014 0 3	0	3
Average events per day Hi, I would like to view the average number of events per day for a certain event code. It looks like I should be ab... by womblesplunk New Member in Splunk Search 03-13-2014 0 3	0	3