Splunk Search

Community Activity

Weird behavior with timechart - any way to workaround? 1) If I run a regular timechart command against normal rows. * \| timechart span=1h count by sourcetype limit=500 ... by sideview SplunkTrust in Splunk Search 03-11-2014 1 7	1	7
split function in calculated fields When i try to save in Splunk Web calculated fields that contains split function i have a "Encountered the following e... by AlexeyNL Explorer in Splunk Search 03-11-2014 6 4	6	4
Multiple log files with several keys Hi all! I've got different log files (in fact, extracts from different databases) from a data warehouse (abstractly ... by renaudleroy New Member in Splunk Search 03-11-2014 0 2	0	2
subsearch question I'm trying to pull a list of the last time User Accounts logged. The part I need help on is the following.I'm looking... by Phynyte New Member in Splunk Search 03-11-2014 0 1	0	1
Counting from metadata and inputcsv Hi, I have a use case whereby I would like to report how many assets I am monitoring in splunk, as a percentage of ... by DerekKing Path Finder in Splunk Search 03-11-2014 0 4	0	4
Grouping field values which are in common My incoming logs has several hosts and many services running in each hosts. I would like to generate a table from my ... by splunker12er Motivator in Splunk Search 03-11-2014 0 2	0	2
How to create time chart with accumulate statistics, not just for each time slots? Considering data like this week1: value=1 week2: value=2 week3: value=3 week4: value=4 How do I create time cha... by jzhong_splunk Splunk Employee in Splunk Search 03-10-2014 0 1	0	1
Find events in a different index related by time I need to find events in Index B that happened withing 5 minutes of events in Index A. Unfortunately I do not have a... by splunkranger Path Finder in Splunk Search 03-10-2014 0 2	0	2
calculate time between every events Hello splunkers! I need your help. I analyze transport accessibility between two groups of city district. First know... by ryastrebov Communicator in Splunk Search 03-10-2014 1 3	1	3
Appending Data using Subsearch/Custom Commands & Dedup I currently have a search that is looking at firewall data that looks something like this: index=my_index sourcetype... by SplunkMonster Engager in Splunk Search 03-10-2014 0 1	0	1
finding the percent difference between two searches I have the below search. I'm trying to get the % difference between the first count which pulls from a CSV file and ... by mileven Explorer in Splunk Search 03-10-2014 0 5	0	5
How to pass _time from subsearch to mainsearch which contains lookup Hi All, I have a lookup table which contains fields like name , id,etc but not timestamp. In the log file I will be ... by Anusha_Sankar New Member in Splunk Search 03-09-2014 0 1	0	1
How can I get a fixed number of columns returned in my search? Hi, Hope someone can point me in the right direction. I have a search that pulls a count by 'UserID' of the number ... by Stu_Art New Member in Splunk Search 03-09-2014 0 4	0	4
how to find the Unique field value which is present in two different source logs My question is how to find the uniqueId which is present in two different source logs..? I have 2 source logs say, a... by RashmiGowda Explorer in Splunk Search 03-09-2014 0 8	0	8
using a subsearch in an outer search problem I'm trying to use the results from a subsearch in the outer out search to pull info i'm looking for right now it loo... by Phynyte New Member in Splunk Search 03-08-2014 0 1	0	1
Streamstats by clause Hi splunkers, I'm using the streamstats command with the by clause to split the results using another field but the ... by whopper Explorer in Splunk Search 03-08-2014 0 7	0	7
count message types by facility I need to know when a particular facility isn't passing a message type(s). In Powershell it would be as easy as, fore... by technoe Explorer in Splunk Search 03-07-2014 0 12	0	12
Copy data from search results to clipboard; preserve previous search The results of the searches bring a lot of useful information such as hashes, ip addresses, file locations and names.... by landen99 Motivator in Splunk Search 03-07-2014 1 9	1	9
average of a sum of values based on differing values in a different column Hi, given the data below, I want to find the average sum of a1 to a3 and b1 to b3 every 10 minutes time field1 field... by stephen123 Path Finder in Splunk Search 03-07-2014 0 1	0	1
Extend Search without re-running I just ran a search over the last 24 hours which returned a large number of results, but not the full picture I was l... by thepocketwade Path Finder in Splunk Search 03-07-2014 0 4	0	4
adding results from top query Hi, I've got a result table from a top query and want to add the results to compute an overall cache hit rate and fe... by snookerfly New Member in Splunk Search 03-07-2014 0 1	0	1
when will OSX 10.7 / Lion supported ? I saw that 4.2.4 is only supported on Mac OS 10.5 and 10.6. When will Lion be supported ? Will Splunk run in full 64... by mataharry Communicator in Splunk Search 03-06-2014 3 4	3	4
Custom modules not loading Hi, I have created some custom modules, but receive warnings that the module cannot be found when opening the view c... by joonradley Path Finder in Splunk Search 03-06-2014 3 5	3	5
Override Sourcetype I'm trying to do a sourcetype override and not having much luck. I am trying to change the sourcetype from 2 hosts, f... by Bill_B Communicator in Splunk Search 03-06-2014 0 4	0	4
Stop displaying aliased fields I have aliased a field (let's call it application_auth_id) to a new name (user). I want my Splunk users to search usi... by lguinn2 Legend in Splunk Search 03-06-2014 1 4	1	4