Splunk Search

Community Activity

Appending Data using Subsearch/Custom Commands & Dedup I currently have a search that is looking at firewall data that looks something like this: index=my_index sourcetype... by SplunkMonster Engager in Splunk Search 03-10-2014 0 1	0	1
finding the percent difference between two searches I have the below search. I'm trying to get the % difference between the first count which pulls from a CSV file and ... by mileven Explorer in Splunk Search 03-10-2014 0 5	0	5
How to pass _time from subsearch to mainsearch which contains lookup Hi All, I have a lookup table which contains fields like name , id,etc but not timestamp. In the log file I will be ... by Anusha_Sankar New Member in Splunk Search 03-09-2014 0 1	0	1
How can I get a fixed number of columns returned in my search? Hi, Hope someone can point me in the right direction. I have a search that pulls a count by 'UserID' of the number ... by Stu_Art New Member in Splunk Search 03-09-2014 0 4	0	4
how to find the Unique field value which is present in two different source logs My question is how to find the uniqueId which is present in two different source logs..? I have 2 source logs say, a... by RashmiGowda Explorer in Splunk Search 03-09-2014 0 8	0	8
using a subsearch in an outer search problem I'm trying to use the results from a subsearch in the outer out search to pull info i'm looking for right now it loo... by Phynyte New Member in Splunk Search 03-08-2014 0 1	0	1
Streamstats by clause Hi splunkers, I'm using the streamstats command with the by clause to split the results using another field but the ... by whopper Explorer in Splunk Search 03-08-2014 0 7	0	7
count message types by facility I need to know when a particular facility isn't passing a message type(s). In Powershell it would be as easy as, fore... by technoe Explorer in Splunk Search 03-07-2014 0 12	0	12
Copy data from search results to clipboard; preserve previous search The results of the searches bring a lot of useful information such as hashes, ip addresses, file locations and names.... by landen99 Motivator in Splunk Search 03-07-2014 1 9	1	9
average of a sum of values based on differing values in a different column Hi, given the data below, I want to find the average sum of a1 to a3 and b1 to b3 every 10 minutes time field1 field... by stephen123 Path Finder in Splunk Search 03-07-2014 0 1	0	1
Extend Search without re-running I just ran a search over the last 24 hours which returned a large number of results, but not the full picture I was l... by thepocketwade Path Finder in Splunk Search 03-07-2014 0 4	0	4
adding results from top query Hi, I've got a result table from a top query and want to add the results to compute an overall cache hit rate and fe... by snookerfly New Member in Splunk Search 03-07-2014 0 1	0	1
when will OSX 10.7 / Lion supported ? I saw that 4.2.4 is only supported on Mac OS 10.5 and 10.6. When will Lion be supported ? Will Splunk run in full 64... by mataharry Communicator in Splunk Search 03-06-2014 3 4	3	4
Custom modules not loading Hi, I have created some custom modules, but receive warnings that the module cannot be found when opening the view c... by joonradley Path Finder in Splunk Search 03-06-2014 3 5	3	5
Override Sourcetype I'm trying to do a sourcetype override and not having much luck. I am trying to change the sourcetype from 2 hosts, f... by Bill_B Communicator in Splunk Search 03-06-2014 0 4	0	4
Stop displaying aliased fields I have aliased a field (let's call it application_auth_id) to a new name (user). I want my Splunk users to search usi... by lguinn2 Legend in Splunk Search 03-06-2014 1 4	1	4
Only display earliest hit for each day Hi, We have building access logs in Splunk and I have to generate an attendance report. I can filter based on speci... by oleg106 Explorer in Splunk Search 03-06-2014 0 9	0	9
Need help with Splunk REST command, Get property value from configuration file Hi All, I am trying to write a search to get values from the configuration file. An example of it will be to the min... by somesoni2 Revered Legend in Splunk Search 03-06-2014 1 3	1	3
Multiple Search Heads in a Cluster We're setting up an Index Cluster with a Master Node. From the documentation it looks like the Cluster will take care... by hvandenb Path Finder in Splunk Search 03-06-2014 0 4	0	4
TIME_FORMAT vs DATETIME_CONFIG = CURRENT I have a log file that has a date at the top, but otherwise is essentially unpredictable stdout. It could be written ... by vbumgarner Contributor in Splunk Search 03-06-2014 0 2	0	2
Show date in label Hello Everyone, Please suggest me how I can get current date and time in label . Regards Vikas by vikas_gopal Builder in Splunk Search 03-06-2014 0 4	0	4
what could account for changes in case for input sources? When constructing a search to render a table of count of events by source I noticed that splunk was treating the iden... by dstaulcu Builder in Splunk Search 03-06-2014 1 5	1	5
Detecting expensive searches in enterprise environment Is there a search I can run that will identify expensive searches across our enterprise environment? We are finding ... by smudge797 Path Finder in Splunk Search 03-06-2014 0 2	0	2
Automatic Lookup not applying to scripted inputs I have implemented an automatic lookup by specifying the filename in transforms.conf: [host_info] filename = host_in... by jamesvz84 Communicator in Splunk Search 03-06-2014 0 1	0	1
Summary Field = "OK" or "DOWN" I am currently attempting to create a 'summary' type of view within a dashboard stating that this list of services (s... by tmarlette Motivator in Splunk Search 03-06-2014 0 7	0	7