Splunk Search

Community Activity

Multi key value combinations in a single line Hi, I'm trying to perform some field extractions in a log containing availability reports of segments in our system s... by tonniea Explorer in Splunk Search 03-12-2014 0 2	0	2
TimePicker: Limit the choices on a specifique Dashboard Hi, I have two dashboard: - "Normal" dashboard: With the basic TimePicker. - Fixed Time report: Here i want... by jlhamlet Path Finder in Splunk Search 03-12-2014 0 4	0	4
Joining data Hi All, This is a repeated question.I am posting it again because I cant find a solution. I have 2 data sets which c... by jimjohn Path Finder in Splunk Search 03-12-2014 0 3	0	3
Data vanished from search Hey, We have a 20GB index that is showing an earliest date of 27th Dec 2013. The current size of the index is about... by Kindred Path Finder in Splunk Search 03-12-2014 0 2	0	2
Query to check license violation I need to write a query to check for license violation and the day it happened and then send an email alert with some... by pdash Path Finder in Splunk Search 03-12-2014 0 5	0	5
Set limit to Accum value I have a list of +1 and -1 that I would like to sum them up as events happen, but I do not want the sum to go below 0... by weihtee New Member in Splunk Search 03-12-2014 0 3	0	3
Fields Search Issue what does the syntax look like so I can pull Multiple fields from a subsearch to an outer search? index=security "An... by Phynyte New Member in Splunk Search 03-12-2014 0 7	0	7
SPLUNK query Hi, I had input some logs into splunk and now I need someone's help to write a query such that I get the reults in t... by sushma6 New Member in Splunk Search 03-12-2014 0 19	0	19
Displaying calculated value in timechart My search sting is like: host=A\|rename "ERC" TO EMPLOYERCODE\|join EMPLOYERCODE [search host= B\|rename EMPLOYER_CODE... by jimjohn Path Finder in Splunk Search 03-12-2014 0 5	0	5
Timechart - Count columns per day Hi, I'm doing a simple timechart search: index=XXX \| timechart span=1d count by src_ip This leads to a table/chart... by fbl_itcs Path Finder in Splunk Search 03-12-2014 0 8	0	8
Non-windowed realtime search On page 62 of the Splunk Search manual, it mentions that: "Windowed real-time searches are more expensive than non-wi... by mexa Explorer in Splunk Search 03-12-2014 0 3	0	3
Search Condition Hi, I have my search set and everything is work fine except the condition. In the search I have this condition in t... by hxa27 Path Finder in Splunk Search 03-11-2014 0 4	0	4
Regex tokenizer when the multivalue field has values within an event that are not always connected in a structured way? I want to make my DATASET field a multivalue field. The regex extracting the field using Splunkweb's Field Extractio... by boris Path Finder in Splunk Search 03-11-2014 0 1	0	1
Weird behavior with timechart - any way to workaround? 1) If I run a regular timechart command against normal rows. * \| timechart span=1h count by sourcetype limit=500 ... by sideview SplunkTrust in Splunk Search 03-11-2014 1 7	1	7
split function in calculated fields When i try to save in Splunk Web calculated fields that contains split function i have a "Encountered the following e... by AlexeyNL Explorer in Splunk Search 03-11-2014 6 4	6	4
Multiple log files with several keys Hi all! I've got different log files (in fact, extracts from different databases) from a data warehouse (abstractly ... by renaudleroy New Member in Splunk Search 03-11-2014 0 2	0	2
subsearch question I'm trying to pull a list of the last time User Accounts logged. The part I need help on is the following.I'm looking... by Phynyte New Member in Splunk Search 03-11-2014 0 1	0	1
Counting from metadata and inputcsv Hi, I have a use case whereby I would like to report how many assets I am monitoring in splunk, as a percentage of ... by DerekKing Path Finder in Splunk Search 03-11-2014 0 4	0	4
Grouping field values which are in common My incoming logs has several hosts and many services running in each hosts. I would like to generate a table from my ... by splunker12er Motivator in Splunk Search 03-11-2014 0 2	0	2
How to create time chart with accumulate statistics, not just for each time slots? Considering data like this week1: value=1 week2: value=2 week3: value=3 week4: value=4 How do I create time cha... by jzhong_splunk Splunk Employee in Splunk Search 03-10-2014 0 1	0	1
Find events in a different index related by time I need to find events in Index B that happened withing 5 minutes of events in Index A. Unfortunately I do not have a... by splunkranger Path Finder in Splunk Search 03-10-2014 0 2	0	2
calculate time between every events Hello splunkers! I need your help. I analyze transport accessibility between two groups of city district. First know... by ryastrebov Communicator in Splunk Search 03-10-2014 1 3	1	3
Appending Data using Subsearch/Custom Commands & Dedup I currently have a search that is looking at firewall data that looks something like this: index=my_index sourcetype... by SplunkMonster Engager in Splunk Search 03-10-2014 0 1	0	1
finding the percent difference between two searches I have the below search. I'm trying to get the % difference between the first count which pulls from a CSV file and ... by mileven Explorer in Splunk Search 03-10-2014 0 5	0	5
How to pass _time from subsearch to mainsearch which contains lookup Hi All, I have a lookup table which contains fields like name , id,etc but not timestamp. In the log file I will be ... by Anusha_Sankar New Member in Splunk Search 03-09-2014 0 1	0	1