Splunk Search

Community Activity

REX command: something or something or nothing Here's my rex: rex max_match=0 "(MSM-\w+\s+(?<slotMSM>\w+)\s+\|MM-\w+\s+(?<slotMM>\w+)\s+\|Slot-\d+\s+(?<slotNum>\d+)\... by willial Communicator in Splunk Search 02-28-2014 0 3	0	3
Trouble converting time (epoch) when using timechart I can't seem to convert epoch time when using timechart. I'm trying to get each users first logon of the day over a p... by dpoon Explorer in Splunk Search 02-28-2014 0 5	0	5
Help displaying duration of all orders of a single orderType Hi All, I'm trying to create a table that shows the duration of a transaction by the hour. I'm trying to use someth... by _gkollias Builder in Splunk Search 02-28-2014 0 12	0	12
Step By Step Searches Hi If I feel difficult to achieve the search result in a single search,is there any way to do it in multiple steps l... by jimjohn Path Finder in Splunk Search 02-28-2014 0 6	0	6
Combine/Merge results from Exim Search As first, sry for my bad english. At the moment i making a praktical training My ask is to analyze exim4 Logs. My Pr... by FloFa New Member in Splunk Search 02-28-2014 0 2	0	2
Edit csv file on splunk web lookupで指定されたcsvファイルを編集したい場合、splunk web上(GUI)で編集することは可能でしょうか。若しくはコマンド上で編集するか、新しく編集したcsvをinputlookupで入れなおすしかないのでしょうか。 ... by appleman Contributor in Splunk Search 02-27-2014 0 3	0	3
Multiple occurrences of fields Hello, I have log lines that look like this [ some silly example but the idea is there  ] mm/dd/yyyy hh:mm:ss - fr... by lain179 Communicator in Splunk Search 02-27-2014 1 1	1	1
Distinct Events Days in Index I'm trying to write an efficient search to find out the distinct days of events that I have in an index. Basically, I... by fredclown Builder in Splunk Search 02-27-2014 0 3	0	3
How to keep the multivalue field values in ascending order when creating a transaction? I have the following query: ..... \| transaction CUSTOMER_KEY mvlist=t \| makemv delim="," moves Problem is when it ... by fere Path Finder in Splunk Search 02-27-2014 0 1	0	1
problem with streamstats command, using both window=N and a by clause. This is in regards to using the streamstats command with a "by" clause, and at the same time specifying window=N to ... by sideview SplunkTrust in Splunk Search 02-27-2014 2 4	2	4
Help with regex I have a log format that uses space as delim and "" as delim when we have space in between. How should i write the re... by pdash Path Finder in Splunk Search 02-27-2014 0 6	0	6
Dbquery and time_stamp Hi, I have a query like \| dbquery TEST_DB "select a.time_stamp, a.num_busy_engines, a.num_total_engines, a.num_tasks... by gudavasr Path Finder in Splunk Search 02-27-2014 0 9	0	9
How to keep leading zeros in a numeric field when converting it to string? I have this as part of my query: eval this_move=tostring(seq)."-."screen Only I need to make sure seq is treated as... by fere Path Finder in Splunk Search 02-27-2014 0 2	0	2
Search event logs that only accrue between 4PM to 11:59PM every day Looking to see if there is a way to search for only specific windows event logs that accrue after 4 pm up to 11:59 pm... by kpers Path Finder in Splunk Search 02-27-2014 0 5	0	5
single value background image Hello Everyone, Please suggest me how to place an images to extreme left in the single value box.This is what I have... by vikas_gopal Builder in Splunk Search 02-27-2014 0 3	0	3
Gap in chart data Hi, I have a chart that is produced by executing a search with a \| timechart command. As the search is executing, y... by Ant1D Motivator in Splunk Search 02-27-2014 0 2	0	2
Start/End time Displaying Same time I have a search where I'd like to show the duration of the order. My search below almost gives me that, but the star... by _gkollias Builder in Splunk Search 02-27-2014 0 1	0	1
サーチ結果をダッシュボードに載せると結果が変わる下記サーチをダッシュボードに載せると結果が変わってしまうのですが、原因はなんでしょうか。サーチ結果では前週比がでるはずが、ダッシュボードに載せるとその数が足された結果になってしまいます。 source=test id... by appleman Contributor in Splunk Search 02-27-2014 0 1	0	1
Changing timechart X axis Hello, I want to change X axis on timechart, so I created a dashboard, and added the following option. My search: ... by appleman Contributor in Splunk Search 02-27-2014 0 3	0	3
Exporting raw search results to clipboard? Hi, Exporting search results to a file is a bit too cumbersome for our current workflow. Is there any way to export ... by rotate Engager in Splunk Search 02-27-2014 3 1	3	1
Charting non indexed values I have a feed going into Splunk currently that follows a trend that looks like it starts at a very small number, then... by L064979 Engager in Splunk Search 02-27-2014 0 1	0	1
Discarding of Events based on some column value Hi, I have a JSON file which has a key value pair. I want to discard the events which contains "Name":"John" ( I mean... by abhayneilam Contributor in Splunk Search 02-27-2014 0 2	0	2
CASE() search option produces no results While using the CASE() feature of the search command (as per http://docs.splunk.com/Documentation/Splunk/6.0.2/Search... by sloshburch Ultra Champion in Splunk Search 02-26-2014 0 8	0	8
using custom JS rendering scripts I'm having a bit of a problem with using JS scripts in my dashboard panels. I've been using the Simple XML examples a... by yong_ly Path Finder in Splunk Search 02-26-2014 0 1	0	1
Calculating a total for use later to calculate a percentage I am trying to calculate an overall total value for use later in my pipeline in a percentage calculation. My data l... by lehrfeld Path Finder in Splunk Search 02-26-2014 0 1	0	1