Splunk Search

Community Activity

Doubt in framing search There are different log files in different format. A log file is generated from the different log files and fed into ... by Jananee_iNautix Path Finder in Splunk Search 01-22-2014 0 2	0	2
Duplication of data in simple csv file Hi, new to Splunk. Had splunk engineer install simple set up of 3 csv files containing trading data (work in bank) o... by Lambertus New Member in Splunk Search 01-22-2014 0 1	0	1
DBConnect - Best way to join three tables Hi I've three tables with the following structure in the same Microsoft SQL database: ApplicationEvent - Columns: i... by UMoritz New Member in Splunk Search 01-22-2014 0 5	0	5
How can you pass the values of earliest and latest? I have a text date stamp called ACK_Time that I need to validate is between earliest=-1d@d AND latest=-0d@d. I can ... by sgrey007 New Member in Splunk Search 01-21-2014 0 5	0	5
security log search to categorize users by shift type I would like to categorize users by their shift type (day, evening, night, etc) by profiling their average logon hour... by dstaulcu Builder in Splunk Search 01-21-2014 0 1	0	1
One MAC multiple IP's Table View I have a search like this index="wireless" DHCP ACK \| table _time src_mac src_ip I would like to show a table of MA... by hartfoml Motivator in Splunk Search 01-21-2014 0 4	0	4
Trying to get all fields after a count I am searches data that looks like: violation name email manager I can do a search like: "earliest=-7d index=whatH... by rmorlen Splunk Employee in Splunk Search 01-21-2014 0 6	0	6
extracting fields Hi, I have the following log statements 1.Connected to [el2me@star-mf.grgk.com:22] 2.. Connected to [ftpsergr.gregn.c... by Jananee_iNautix Path Finder in Splunk Search 01-21-2014 0 3	0	3
Multi-Source Full Outer Join using Append All, As I understand it; The Splunk JOIN command does not have a 'full outer join' option. I was able to look-up an... by mcrawford44 Communicator in Splunk Search 01-21-2014 1 19	1	19
Eventstructure & "By" command / spath Hi, I've got an event that looks like this: rangeofproducts:{[-] products:[[-] {[-] ... by HeinzWaescher Motivator in Splunk Search 01-21-2014 0 3	0	3
Learning to use anomalies? The documentation has not been much help all I really want is to start learning how to use it. Every time I try to us... by passing Explorer in Splunk Search 01-21-2014 2 2	2	2
distinct count users timechart Hello, We are trying to track distinct current users logged in and running transactions in a particular application ... by aaronkorn Splunk Employee in Splunk Search 01-20-2014 1 3	1	3
display the charts in slideshow in webframework I want to display the the charts/views in slideshow manner wher i one chart should display after other in particular ... by lahariveerlapat Explorer in Splunk Search 01-20-2014 0 1	0	1
How to calculate percentages for multi valued search Hi, I am getting requests by host (if we have 20 hosts) then i have 20 values. Now i want to calculate the percenta... by xvxt006 Contributor in Splunk Search 01-20-2014 1 2	1	2
How to get datetime of file on basis of its generation not upload Hi, Generally splunk indexes the events on basis of upload date-time. I want to it to get indexed on basis of its gen... by harshal_chakran Builder in Splunk Search 01-20-2014 0 2	0	2
Search query is not fully resolved when using a "$" in a Hi Base, i´m encouter a problem when creating a dashboard with simple xml. I want to select a couple of events with ... by ndcl Path Finder in Splunk Search 01-20-2014 0 8	0	8
Splunk subsearch noresult Am trying to run a query where subsearch might return no results on some days. In such case i am trying to assign 0 v... by pdash Path Finder in Splunk Search 01-20-2014 0 1	0	1
How can I pass the results from one search as a field in another search? Hi ! I would like to have help with search. I would like to pass the results from one search search xxxxx\|xxxxx re... by yuwtennis Communicator in Splunk Search 01-19-2014 0 8	0	8
Using RegEx in Props.conf Hi All, I'm new to using regex, and I've recently made some changes that were pushed to our Splunk production which ... by _gkollias Builder in Splunk Search 01-18-2014 0 2	0	2
What's a good way to basically end up with more than 1 group-by field in the chart command So quite often I end up in a situation where I have four fields. Let's say they're _time, clientip, method and count... by sideview SplunkTrust in Splunk Search 01-17-2014 0 1	0	1
Can't See Newly Creating Fields I just created a new search field name going through the following process; 1. Run a simple search 2. Select “Extr... by OldManEd Builder in Splunk Search 01-17-2014 0 11	0	11
Tcp output pipeline blocked. Attempt '400' to insert data failed. We have recently upgraded the Splunk SearchHead and Indexer to Splunk V6. Since afternoon we are facing below error a... by nikhilagrawal Path Finder in Splunk Search 01-17-2014 0 2	0	2
Trying to change X axis description in a chart Hi , i am using this query to get the daily transaction for every hour for a day. sourcetype="*Leg324.log" tid\|rex... by wye054 New Member in Splunk Search 01-17-2014 0 1	0	1
Search using C# sdk is returning only 50000 events Hi, From Splunk web interface a saved search is returning around 300,000+ events. While calling the same saved searc... by ykmohank New Member in Splunk Search 01-17-2014 0 2	0	2
date conversion Hi, There's a problem in displaying abbreivated month and year when using the below search query source="RSBA_LOGS2"... by Jananee_iNautix Path Finder in Splunk Search 01-17-2014 0 13	0	13