Splunk Search

Community Activity

Line breaking - regex and capturing group Hello, Need some help on regex here, am sure i maybe making mistake here but.. I don't undesrtand the problem in splu... by armonsal Explorer in Splunk Search 03-15-2014 0 1	0	1
Why is the count field in this search not being written? Hi, I'm trying to collect the number of emails with the same subject line into a summary index. Problem is, whilst ... by DerekKing Path Finder in Splunk Search 03-14-2014 0 5	0	5
convert the date in required format Hai i have a field which has dates example : 1-Oct-13 4-Dec-13 28-Oct-13 I have to convert to b... by ncbshiva Communicator in Splunk Search 03-14-2014 0 1	0	1
Splunk set diff I am comparing the results of two search queries using "\| set diff [search1][search2]". This works correctly in that ... by LordShacks New Member in Splunk Search 03-14-2014 0 3	0	3
How to create a new fields based on some characters in _raw log I wanted to create a new field name like 'Country' from the incoming logs based on some characters in the hostname. ... by splunker12er Motivator in Splunk Search 03-14-2014 0 6	0	6
How to apply rex for a field on mutiple sources Hello I am trying to change the data of the host field which has already been indexed. The host field has values in ... by theouhuios Motivator in Splunk Search 03-14-2014 0 6	0	6
Filter values after timechart Hello, i want to have a search which shows me in 10 minute span how often something did happen. i only want to displ... by Matthias_BY Communicator in Splunk Search 03-14-2014 0 2	0	2
How can we do drilldown saved searches in splunk sideview. I have saved searches in my app. In human words my requirement is: 1. Save the search 2. save the next search 3. s... by disha Contributor in Splunk Search 03-14-2014 0 3	0	3
Can segmentation be done for sourcetypes and indexes? Hello I have a syslog server which is being used to collect various network oriented data. For example if its a Arub... by theouhuios Motivator in Splunk Search 03-14-2014 0 24	0	24
Shorter maxspan delivers more results We have build a query spanning multiple source types. We try to create a simple transaction with one field. The resul... by cmeerbeek Path Finder in Splunk Search 03-14-2014 0 2	0	2
Building a Search for Comparison/Match I have a search that brings up specific order types by order numbers that begin with a 7: index=contract_gateway sou... by _gkollias Builder in Splunk Search 03-14-2014 0 2	0	2
Problem with rex not doing anything at all, not even in its simplest form! Hi, I am trying to extract the string after the first space, so for ex. I need to extract: "02-main-menu" for the fir... by fere Path Finder in Splunk Search 03-14-2014 1 5	1	5
INFO, ERROR and FATAL Hi all, if a log has the following types of log entries (INFO, ERROR, FATAL), how do I get splunk to recognise those ... by ycalpu New Member in Splunk Search 03-13-2014 0 3	0	3
Average events per day Hi, I would like to view the average number of events per day for a certain event code. It looks like I should be ab... by womblesplunk New Member in Splunk Search 03-13-2014 0 3	0	3
How can I make mvfind start its search at the last entry of a multivalue field ? Hi, I have a search query that creates trans: ......\| eval locale=case(tags=="my-world", "my-world:".screen, tags==... by fere Path Finder in Splunk Search 03-13-2014 0 3	0	3
Looking to create a chart that displays run time values Hello, looking to create a data table that displays run time values of a batch jobs... Example of this would be defin... by fisuser1 Contributor in Splunk Search 03-13-2014 0 7	0	7
last indexed data How to search last indexed data in splunk? by rsathish47 Contributor in Splunk Search 03-13-2014 0 7	0	7
how to add Attributes with a Regular Expression Hi Gurus, I have a index, and the data was in one column is like Item__bAffected, I'd like to replace "__b" with a... by bigbeetlefan Explorer in Splunk Search 03-13-2014 0 4	0	4
Checkpoint OPSEC LEA is not working Hi, Mi Checkpoint OPSEC LEA is working. I get next splunk log: index=_internal host="MOL18107" ( source="*splunkd.... by apezuela Explorer in Splunk Search 03-13-2014 1 1	1	1
Format Date Hi - I have a raw event which has raw event lines as "11-Mar-14 9:38:58 PM",300,64.00000000 This was from today 11 M... by nikhilmehra79 Path Finder in Splunk Search 03-13-2014 0 9	0	9
How to perfom math calculations I am trying to figure out how to take two searches and divide their results to create a dial chart showing the percen... by bvenom28 Engager in Splunk Search 03-13-2014 0 4	0	4
Displaying full list of server names I'm querying a log file on 50+ servers looking for the number of records processed in a given time frame. The problem... by jsmith39 Path Finder in Splunk Search 03-13-2014 0 9	0	9
two time series data in one chart Hi, Is there a way to put two lines in one chart while these two lines of data are in different timeframes ? For exa... by jimyliu Explorer in Splunk Search 03-12-2014 0 1	0	1
How to compare multiple files by diff command in search? I have a question about diff command in search. Of course though, a diff command compares two files, I want to comp... by sunrise Contributor in Splunk Search 03-12-2014 1 3	1	3
Chart showing the results of multiple searches Hi there! Wondering if anyone can offer some advice on how to combine several searches to create a chart... I have e... by andilee Explorer in Splunk Search 03-12-2014 0 2	0	2