Splunk Search

Community Activity

Different result between tow users with the same search i have an search with two transaction index=myindex \| transaction queue_id sendmail_uid message_id maxspan=5s \| se... by jdoer Engager in Splunk Search 01-24-2014 0 2	0	2
Clarification required on Optimzed Search The log information contains say 10,000 lines which has status as "SUCCESS"or "MAJOR." Currently the query contains t... by Jananee_iNautix Path Finder in Splunk Search 01-24-2014 0 5	0	5
windows 7 issues on configurations Hi Splunkers! Is there an issue in making configurations using windows (7) platform. can someone help me in editing c... by shariinPH Contributor in Splunk Search 01-24-2014 0 2	0	2
Get latest 50 events in the search I need a statistic which show latest 50 events in the log, can we do this with splunk? by ndkhoiits Explorer in Splunk Search 01-24-2014 0 1	0	1
rex json field extraction Splunk newbie here. I need to extract fields from our JSON logs, sample _raw output below: 2014-01-22 21:25:33,802 ... by togmolodon Explorer in Splunk Search 01-23-2014 0 2	0	2
rex field limit Hi, I got the ff script working but putting in more rex field hangs splunk index=xxx \| rex field=_raw "tel:001001(?9... by theoneNeo New Member in Splunk Search 01-23-2014 0 8	0	8
How to monitor file like csv file Hello, I have a csv-liked file as: test.txt "Equipment","LNKEQP","METAST","METSER","MODSTA","METEOD" "HLL_POS_00098... by sieutruc Contributor in Splunk Search 01-23-2014 1 5	1	5
how can I do just the "filling in blank timebuckets" stuff that timechart does. Sometimes I want to run reports calculating things about timebuckets that have no data in them. the timechart comma... by sideview SplunkTrust in Splunk Search 01-23-2014 1 3	1	3
"The system is approaching the maximum number of historical searches" - how to fix/hide it? Is there any way to hide that information from the top of splunk screen? "The system is approaching the maximum numb... by bckq Path Finder in Splunk Search 01-23-2014 1 3	1	3
Exit during search? Hi! Is it possible to exit during the search ? For example, search index=xxx [ search xxxxx format ] If above sub... by yuwtennis Communicator in Splunk Search 01-23-2014 0 2	0	2
Sum of Field values Hi All, I'm using a query to get the total count of individual fields. Here is the search and chart being displayed:... by _gkollias Builder in Splunk Search 01-22-2014 1 4	1	4
Routing to 3rd party Hi, I need to route specific messages that come into Splunk to another destination via syslog. I have the props/tra... by a212830 Champion in Splunk Search 01-22-2014 0 1	0	1
IPLocation: is there a state field? Hello, The iplocation command has the City and Country fields, for example: sourcetype="IPS" \| iplocation src_ip \| ... by echojacques Builder in Splunk Search 01-22-2014 0 1	0	1
Exception matching Hi i'm currently using following regex to match different types of exception. (?i:[^.]+.)*(?P[a-zA-Z]+Exception) s... by prad18 Path Finder in Splunk Search 01-22-2014 1 11	1	11
Doubt in framing search There are different log files in different format. A log file is generated from the different log files and fed into ... by Jananee_iNautix Path Finder in Splunk Search 01-22-2014 0 2	0	2
Duplication of data in simple csv file Hi, new to Splunk. Had splunk engineer install simple set up of 3 csv files containing trading data (work in bank) o... by Lambertus New Member in Splunk Search 01-22-2014 0 1	0	1
DBConnect - Best way to join three tables Hi I've three tables with the following structure in the same Microsoft SQL database: ApplicationEvent - Columns: i... by UMoritz New Member in Splunk Search 01-22-2014 0 5	0	5
How can you pass the values of earliest and latest? I have a text date stamp called ACK_Time that I need to validate is between earliest=-1d@d AND latest=-0d@d. I can ... by sgrey007 New Member in Splunk Search 01-21-2014 0 5	0	5
security log search to categorize users by shift type I would like to categorize users by their shift type (day, evening, night, etc) by profiling their average logon hour... by dstaulcu Builder in Splunk Search 01-21-2014 0 1	0	1
One MAC multiple IP's Table View I have a search like this index="wireless" DHCP ACK \| table _time src_mac src_ip I would like to show a table of MA... by hartfoml Motivator in Splunk Search 01-21-2014 0 4	0	4
Trying to get all fields after a count I am searches data that looks like: violation name email manager I can do a search like: "earliest=-7d index=whatH... by rmorlen Splunk Employee in Splunk Search 01-21-2014 0 6	0	6
extracting fields Hi, I have the following log statements 1.Connected to [el2me@star-mf.grgk.com:22] 2.. Connected to [ftpsergr.gregn.c... by Jananee_iNautix Path Finder in Splunk Search 01-21-2014 0 3	0	3
Multi-Source Full Outer Join using Append All, As I understand it; The Splunk JOIN command does not have a 'full outer join' option. I was able to look-up an... by mcrawford44 Communicator in Splunk Search 01-21-2014 1 19	1	19
Eventstructure & "By" command / spath Hi, I've got an event that looks like this: rangeofproducts:{[-] products:[[-] {[-] ... by HeinzWaescher Motivator in Splunk Search 01-21-2014 0 3	0	3
Learning to use anomalies? The documentation has not been much help all I really want is to start learning how to use it. Every time I try to us... by passing Explorer in Splunk Search 01-21-2014 2 2	2	2