Splunk Search

Community Activity

Nested Transactions? lookup tables or a better way? Hi, I have a single large dataset that is related as follows. Each User has a UserID, when they login a SessionID i... by mrflibbleuk New Member in Splunk Search 03-03-2014 0 1	0	1
Can i count the value for the multivalue field? I want to count the number for the multivalue field count(eval x=commands("search passed \| search sub_areaA")) AS su... by jasklee Engager in Splunk Search 03-03-2014 0 3	0	3
simple search sourcetype=X finds events but wont display them - unless field is forced this search: index=flowspaces sourcetype=auditlog produces search results that are not displayed in the ui. if field... by asmithe Path Finder in Splunk Search 03-03-2014 0 2	0	2
Print the strings on Splunk web UI simultaneously while python file running in background Hi, I have a python file, whose output I am trying to show on splunk web interface. I have written some print stateme... by harshal_chakran Builder in Splunk Search 03-03-2014 0 1	0	1
Splunk On Splunk Why is Splunk On Splunk showing CPU usage at between 200% and 1100%? This makes me wonder if all the other monitorin... by OldManEd Builder in Splunk Search 03-03-2014 0 3	0	3
Group by field / table Hi, I am grabbing interface errors from Cisco routers (via snmpget) that form a distinct path through the network. I... by ross_warren New Member in Splunk Search 03-03-2014 0 4	0	4
Multiple Series Line Chart Dashboard Hi everyone! I'm trying to add a new series to my line chart from my dashboard's xml file. (Which means I want to di... by vtrujillo Explorer in Splunk Search 03-03-2014 0 3	0	3
List of objects available in metadata Hi Is there a list of all known objects on which I can set ACLs which Splunk's metadata files (default.meta/local.me... by Simon Contributor in Splunk Search 03-03-2014 2 1	2	1
subtract csv results by metadata source I'm trying to subtract the list of host contains in my csv file in field "clients_supprimes" to results of host not r... by gnoellbn Explorer in Splunk Search 03-03-2014 0 5	0	5
Loggraber - how to get all logs exept action=accept from CP Hi, I'm trying to get less logs from CheckPoint Firewall (75.4) into a Splunk server (v 6). I just want to have all... by clanglais Explorer in Splunk Search 03-03-2014 1 3	1	3
Help using multiple sources Hi, I am successfully reading and joining a couple of sources, but am having a trouble adding a 3rd. index=access_l... by tt1 Explorer in Splunk Search 03-02-2014 0 1	0	1
Lookup cidr performance We have a need to identify the country of origin of IPs that are hitting our firewalls, notably from "unfriendly" cou... by Thuan Explorer in Splunk Search 03-02-2014 1 8	1	8
正規表現を使用しない場合のカラム名変換についてカラム名の変換方法について教えてください。正規表現を使用せずにSplunk側で処理が出来て読み込めたデータがありますが、カラム名を変更したいと思います。 Splunk側で読み込んだデータに対してカラム名を変更することは可能ですか？ by pisc Explorer in Splunk Search 03-02-2014 0 3	0	3
Build a Key that defines and renames field values extracted What's the easiest way to create a key for a list of octets that need to be renamed? Example: I have a rex query tha... by ho000dor Explorer in Splunk Search 03-01-2014 0 3	0	3
Average of count per second I am trying to get average per second while using this query Source= (logRecordType="V" OR logRecordType="U") earl... by vinraisf New Member in Splunk Search 03-01-2014 0 3	0	3
How does the bucket command create bins? Hi I thought that the bucket command would split events into two bins that cover half the search span if i use 2 bi... by chris Motivator in Splunk Search 02-28-2014 0 2	0	2
extract domain from field Could someone help me with a rex to extract the domain out of a http or https URL? For example, I need 'www.test.com... by foreright360 Engager in Splunk Search 02-28-2014 1 3	1	3
grouping by a log column How can I do a group by on a log column. For example: for fore: 28.02.2014 18:08:30.841 ERROR [pool-6-thread-14-com/... by toby53 New Member in Splunk Search 02-28-2014 0 3	0	3
Blocking searches using splunkJS-stack? I have multiple searches, and I need their results in a particular order. I am trying to make a splunk view that show... by ahmetcepoglu Engager in Splunk Search 02-28-2014 0 3	0	3
REX command: something or something or nothing Here's my rex: rex max_match=0 "(MSM-\w+\s+(?<slotMSM>\w+)\s+\|MM-\w+\s+(?<slotMM>\w+)\s+\|Slot-\d+\s+(?<slotNum>\d+)\... by willial Communicator in Splunk Search 02-28-2014 0 3	0	3
Trouble converting time (epoch) when using timechart I can't seem to convert epoch time when using timechart. I'm trying to get each users first logon of the day over a p... by dpoon Explorer in Splunk Search 02-28-2014 0 5	0	5
Help displaying duration of all orders of a single orderType Hi All, I'm trying to create a table that shows the duration of a transaction by the hour. I'm trying to use someth... by _gkollias Builder in Splunk Search 02-28-2014 0 12	0	12
Step By Step Searches Hi If I feel difficult to achieve the search result in a single search,is there any way to do it in multiple steps l... by jimjohn Path Finder in Splunk Search 02-28-2014 0 6	0	6
Combine/Merge results from Exim Search As first, sry for my bad english. At the moment i making a praktical training My ask is to analyze exim4 Logs. My Pr... by FloFa New Member in Splunk Search 02-28-2014 0 2	0	2
Edit csv file on splunk web lookupで指定されたcsvファイルを編集したい場合、splunk web上(GUI)で編集することは可能でしょうか。若しくはコマンド上で編集するか、新しく編集したcsvをinputlookupで入れなおすしかないのでしょうか。 ... by appleman Contributor in Splunk Search 02-27-2014 0 3	0	3