Splunk Search

Community Activity

Multiple occurrences of fields Hello, I have log lines that look like this [ some silly example but the idea is there  ] mm/dd/yyyy hh:mm:ss - fr... by lain179 Communicator in Splunk Search 02-27-2014 1 1	1	1
Distinct Events Days in Index I'm trying to write an efficient search to find out the distinct days of events that I have in an index. Basically, I... by fredclown Builder in Splunk Search 02-27-2014 0 3	0	3
How to keep the multivalue field values in ascending order when creating a transaction? I have the following query: ..... \| transaction CUSTOMER_KEY mvlist=t \| makemv delim="," moves Problem is when it ... by fere Path Finder in Splunk Search 02-27-2014 0 1	0	1
problem with streamstats command, using both window=N and a by clause. This is in regards to using the streamstats command with a "by" clause, and at the same time specifying window=N to ... by sideview SplunkTrust in Splunk Search 02-27-2014 2 4	2	4
Help with regex I have a log format that uses space as delim and "" as delim when we have space in between. How should i write the re... by pdash Path Finder in Splunk Search 02-27-2014 0 6	0	6
Dbquery and time_stamp Hi, I have a query like \| dbquery TEST_DB "select a.time_stamp, a.num_busy_engines, a.num_total_engines, a.num_tasks... by gudavasr Path Finder in Splunk Search 02-27-2014 0 9	0	9
How to keep leading zeros in a numeric field when converting it to string? I have this as part of my query: eval this_move=tostring(seq)."-."screen Only I need to make sure seq is treated as... by fere Path Finder in Splunk Search 02-27-2014 0 2	0	2
Search event logs that only accrue between 4PM to 11:59PM every day Looking to see if there is a way to search for only specific windows event logs that accrue after 4 pm up to 11:59 pm... by kpers Path Finder in Splunk Search 02-27-2014 0 5	0	5
single value background image Hello Everyone, Please suggest me how to place an images to extreme left in the single value box.This is what I have... by vikas_gopal Builder in Splunk Search 02-27-2014 0 3	0	3
Gap in chart data Hi, I have a chart that is produced by executing a search with a \| timechart command. As the search is executing, y... by Ant1D Motivator in Splunk Search 02-27-2014 0 2	0	2
Start/End time Displaying Same time I have a search where I'd like to show the duration of the order. My search below almost gives me that, but the star... by _gkollias Builder in Splunk Search 02-27-2014 0 1	0	1
サーチ結果をダッシュボードに載せると結果が変わる下記サーチをダッシュボードに載せると結果が変わってしまうのですが、原因はなんでしょうか。サーチ結果では前週比がでるはずが、ダッシュボードに載せるとその数が足された結果になってしまいます。 source=test id... by appleman Contributor in Splunk Search 02-27-2014 0 1	0	1
Changing timechart X axis Hello, I want to change X axis on timechart, so I created a dashboard, and added the following option. My search: ... by appleman Contributor in Splunk Search 02-27-2014 0 3	0	3
Exporting raw search results to clipboard? Hi, Exporting search results to a file is a bit too cumbersome for our current workflow. Is there any way to export ... by rotate Engager in Splunk Search 02-27-2014 3 1	3	1
Charting non indexed values I have a feed going into Splunk currently that follows a trend that looks like it starts at a very small number, then... by L064979 Engager in Splunk Search 02-27-2014 0 1	0	1
Discarding of Events based on some column value Hi, I have a JSON file which has a key value pair. I want to discard the events which contains "Name":"John" ( I mean... by abhayneilam Contributor in Splunk Search 02-27-2014 0 2	0	2
CASE() search option produces no results While using the CASE() feature of the search command (as per http://docs.splunk.com/Documentation/Splunk/6.0.2/Search... by sloshburch Ultra Champion in Splunk Search 02-26-2014 0 8	0	8
using custom JS rendering scripts I'm having a bit of a problem with using JS scripts in my dashboard panels. I've been using the Simple XML examples a... by yong_ly Path Finder in Splunk Search 02-26-2014 0 1	0	1
Calculating a total for use later to calculate a percentage I am trying to calculate an overall total value for use later in my pipeline in a percentage calculation. My data l... by lehrfeld Path Finder in Splunk Search 02-26-2014 0 1	0	1
Help with Rex or RegEx - Need Everything After a String Here is an example of a VPN log with an error. I want to create a field for "Reason", which includes everything found... by aferone Builder in Splunk Search 02-26-2014 0 2	0	2
Problem with HEADER_FIELD_REGEX in TMG Logs I am attempting to use the INDEXED_EXTRACTION = W3C configuration to pull logs from a Microsoft TMG server. I started... by delink Communicator in Splunk Search 02-26-2014 1 5	1	5
Getting 2 aggregate result for 2 searches My search string is host=ABC\| append [search host=DEF]\|stats sum(V) by "ER Code" Can I have a count function also wi... by jimjohn Path Finder in Splunk Search 02-26-2014 0 1	0	1
How do I extract last numbers in field Hello Splunkers, I Would like to create a new field with the last numbers in another field called logid For examp... by dfigurello Communicator in Splunk Search 02-26-2014 0 7	0	7
Issue in returning space from eval macro Hi, I am in need of an eval macro that takes in three values, examines them and returns the values for three separat... by keerthana_k Communicator in Splunk Search 02-26-2014 0 3	0	3
Using variable My search string is (host=ABC AND "Emp Code"=inputString) OR (host=joinHost AND "EMPLOYER_CODE"=inputString) Can I h... by jimjohn Path Finder in Splunk Search 02-26-2014 0 1	0	1