Splunk Search

Community Activity

How to get datetime of file on basis of its generation not upload Hi, Generally splunk indexes the events on basis of upload date-time. I want to it to get indexed on basis of its gen... by harshal_chakran Builder in Splunk Search 01-20-2014 0 2	0	2
Search query is not fully resolved when using a "$" in a Hi Base, i´m encouter a problem when creating a dashboard with simple xml. I want to select a couple of events with ... by ndcl Path Finder in Splunk Search 01-20-2014 0 8	0	8
Splunk subsearch noresult Am trying to run a query where subsearch might return no results on some days. In such case i am trying to assign 0 v... by pdash Path Finder in Splunk Search 01-20-2014 0 1	0	1
How can I pass the results from one search as a field in another search? Hi ! I would like to have help with search. I would like to pass the results from one search search xxxxx\|xxxxx re... by yuwtennis Communicator in Splunk Search 01-19-2014 0 8	0	8
Using RegEx in Props.conf Hi All, I'm new to using regex, and I've recently made some changes that were pushed to our Splunk production which ... by _gkollias Builder in Splunk Search 01-18-2014 0 2	0	2
What's a good way to basically end up with more than 1 group-by field in the chart command So quite often I end up in a situation where I have four fields. Let's say they're _time, clientip, method and count... by sideview SplunkTrust in Splunk Search 01-17-2014 0 1	0	1
Can't See Newly Creating Fields I just created a new search field name going through the following process; 1. Run a simple search 2. Select “Extr... by OldManEd Builder in Splunk Search 01-17-2014 0 11	0	11
Tcp output pipeline blocked. Attempt '400' to insert data failed. We have recently upgraded the Splunk SearchHead and Indexer to Splunk V6. Since afternoon we are facing below error a... by nikhilagrawal Path Finder in Splunk Search 01-17-2014 0 2	0	2
Trying to change X axis description in a chart Hi , i am using this query to get the daily transaction for every hour for a day. sourcetype="*Leg324.log" tid\|rex... by wye054 New Member in Splunk Search 01-17-2014 0 1	0	1
Search using C# sdk is returning only 50000 events Hi, From Splunk web interface a saved search is returning around 300,000+ events. While calling the same saved searc... by ykmohank New Member in Splunk Search 01-17-2014 0 2	0	2
date conversion Hi, There's a problem in displaying abbreivated month and year when using the below search query source="RSBA_LOGS2"... by Jananee_iNautix Path Finder in Splunk Search 01-17-2014 0 13	0	13
Addtotals / Convert String To Number Hi, in my event the field Amount can appear several times. The value is an amount of products. Sometimes Splunk iden... by HeinzWaescher Motivator in Splunk Search 01-17-2014 1 8	1	8
Querying raw data point for 24hr window time chart not displaying all values? source= "KeyOfThis" \| table theRawValue, _time \| chart values(theRawValue) by _time So, when I run this query there ... by jaj Path Finder in Splunk Search 01-17-2014 0 1	0	1
Common regex I have log statement as follows as 1.20131220.server-0.log:2013-12-20 09:38:00,852 [fewfg424] SUCCESS: The FTP S... by Jananee_iNautix Path Finder in Splunk Search 01-16-2014 0 6	0	6
Losing duration in milliseconds when I add file size data... Hi, I have to calculate duration in milliseconds which is working, but when I add file size data to the query, the d... by juriggs Path Finder in Splunk Search 01-16-2014 0 4	0	4
Unusual date parsing. Is it possible to have splunk parse the following date format? Year-Day-Hour_minute_Second i.e. 2008-265-03:19:26 wo... by dcollette New Member in Splunk Search 01-16-2014 0 5	0	5
Clicking on "Open in Search" and graphs lead to 404 after upgrade to 6.0.1 Our custom apps' dashboard panels graphs and "open in search" lead to 404s. Dashboard + several panels http://splunk... by bsizemore Path Finder in Splunk Search 01-16-2014 0 1	0	1
check if current usage breached last highest value by a given percentage over multiple sources Hi. I'm a splunk newbie and I am trying to construct a query over multiple sources that will do a sum of points over ... by splunek Engager in Splunk Search 01-16-2014 0 8	0	8
ln is to exp, as log is to ___ ? I am using "bucket span=log1.1 Time" but it puts it bucket ranges, 1-1.1, 1.1-1.2, etc. so I tried to use log(Time,1... by fk319 Builder in Splunk Search 01-16-2014 0 2	0	2
How do I create searchable fields from a single raw string? Hi, I have syslogs that I would like to search for by ZONE (UNTRUST) and IP (12.12.12.1). Below is a sample of how ... by kluey Explorer in Splunk Search 01-16-2014 0 4	0	4
Add sum in new field Hi, in one single event, the field amount appears multiple times. What I need is a new field that includes the total... by HeinzWaescher Motivator in Splunk Search 01-16-2014 0 6	0	6
Field Aliases Hi, I want to configure some field aliases. I want to add an alias C for the fields A & B. I've done this in the se... by HeinzWaescher Motivator in Splunk Search 01-16-2014 0 14	0	14
is it possible to get the sum of a multivalued field within a transaction without a unique id?? Hi, I want to count the number or errors within two keywords say starttran and endtran. My log data would be like s... by vijai_thomas Engager in Splunk Search 01-15-2014 0 2	0	2
search by range & dashboard help i am trying to search by year i have a field like movie_year ( ex: 1991, 1999, 2000) and i want make a dashboard wh... by changwoo Communicator in Splunk Search 01-15-2014 0 3	0	3
Extraction of extension from filename and flagging them I have to do something like according to the extension of the filename that i extract from logs i want to flag them. ... by Jananee_iNautix Path Finder in Splunk Search 01-15-2014 0 4	0	4