Splunk Search

Community Activity

Attempt to workaround 10k subsearch limit -- how to combine multiple lookup files? I'm breaking up my search and outputting the results into separate files. How can I combine these files into a singl... by the_wolverine Champion in Splunk Search 01-28-2014 2 2	2	2
How to modify the retrun value of stats count by search using eval I am running a search query like this index=w3c host=web-a OR host=web-b ASP_NET_SessionId=* c_ip=x.x.x.* \| eval cur... by ashabc Contributor in Splunk Search 01-28-2014 0 6	0	6
dealing with duplicate variables after tranaction command I am working with IPFix data from a firewall. The first template returns the flow information. That is stuff like Sou... by jalfrey Communicator in Splunk Search 01-28-2014 0 3	0	3
Index time field extraction/re-write I currently have a custom sourcetype=vuln_scan that looks like this: response_datetime="2014-01-24 06:41:22" scan_da... by Adrian Path Finder in Splunk Search 01-28-2014 0 6	0	6
How can I specify specific lines within my lookup file to search against? I have a large resultset, lookupb.csv which consists of about 4 million lines, that I'm searching against that I need... by the_wolverine Champion in Splunk Search 01-28-2014 0 2	0	2
Alert if value is greater than 2xSTDEV Hi, I am trying to find outliers by using the idea of a Bell Curve. I have a search that provides stats on mean, st... by bcusick Communicator in Splunk Search 01-28-2014 0 4	0	4
Print number of returned results with data if > 10,000 I have a “stats” search that returns millions of results. Splunk can only show 10,000. That’s OK but what I would l... by OldManEd Builder in Splunk Search 01-28-2014 0 10	0	10
Latest/Earliest Timeformat using another timezone other than the default I need to create a search that uses the UTC timezone not my default which is Central time (UTC - 6h). Basically my... by benspader Explorer in Splunk Search 01-28-2014 0 2	0	2
timestamps are different in original log and splunk events Hi, My sample log which I've loaded in splunk. [9/12/13 12:42:44:988 EDT] 000000e1 SRTServletRes W WARNING: Canno... by prad18 Path Finder in Splunk Search 01-28-2014 0 3	0	3
Create a progress bar while the search commands loads Hi, I have a search command in Dashboard which takes couple of minutes to show output on screen. I have noticed that... by harshal_chakran Builder in Splunk Search 01-28-2014 0 1	0	1
Need help on rex Hi there, I have nagios events like these ones: [1390906919] SERVICE ALERT: hostname;Interface 10;CRITICAL;SOFT;2;C... by bzwick New Member in Splunk Search 01-28-2014 0 2	0	2
metadata (source age ) search over search string in sources Hello I am trying to create a search query like so: search for specific terms (searchterm#1 AND NOT completed succes... by vadsys Engager in Splunk Search 01-27-2014 0 1	0	1
How to use Source via Python SDK Hi, I am using python scripting to connect with splunk and my python script automatically uploads new files added in... by harshal_chakran Builder in Splunk Search 01-27-2014 0 1	0	1
Can DB Connect Run Multiple Queries At Once? I'm trying to run a few complex queries in order to render a single output using DB Connect. I cannot seem to get th... by proitllc New Member in Splunk Search 01-27-2014 0 5	0	5
Can we rename row, column when we use transpose function Hi, Can we rename row, column when we use transpose function by xvxt006 Contributor in Splunk Search 01-27-2014 0 2	0	2
Extracting fields from an existing Field I am working on some http_referer analysis from my proxy logs, seems like an interesting thing to do. I want to do an... by psheck117 New Member in Splunk Search 01-27-2014 0 6	0	6
Search-App Activity-DropDown-System-Activity only viewable by Administrator Hi, this is likely a noon question In V6, "Search & Reporting" App - the menu-bar contains an "Activity" drop-down (... by t9445 Path Finder in Splunk Search 01-27-2014 0 3	0	3
Can someone tell me how to count users by index please I was trying to keep track of how many users have access to each index. Any help would be much appreciated. by Rlemana New Member in Splunk Search 01-27-2014 0 1	0	1
What version of SSL does splunkd use? We have Splunk 4.2.3 installed on some Linux hardened servers. Our Security team recently ran some scans and expresse... by Mick Splunk Employee in Splunk Search 01-27-2014 3 7	3	7
Data Input not working for s3 plugin -- perhaps inputs.conf.spec is wrong? File /opt/splunk/etc/apps/s3/README/inputs.conf.spec: [s3://umi-mf-cdnlogs] key_id = AKIA secret_key = EOW5NUqjoJ ... by boris Path Finder in Splunk Search 01-27-2014 1 1	1	1
how to archive I am reading up on how to archive and set the frozen bucket. Do i need to create my own indexes.conf file ? One is no... by jmp13 Explorer in Splunk Search 01-27-2014 0 4	0	4
Using multiple Tokens in the same search Hello, Is it possible to use multiple tokens in the same input ? if yes, how can i do so ? I'm thinking it should l... by DavidHourani Super Champion in Splunk Search 01-27-2014 0 5	0	5
List top 3 forwarders by volume sent to each indexer I'd like to see for each indexer in my environment the top 3 forwarders that have sent data. I've created the followi... by Runals Motivator in Splunk Search 01-27-2014 0 3	0	3
Summing the row Colum A Column B 1 1 2 2 2 3 ... by vinay_ks04 New Member in Splunk Search 01-27-2014 0 3	0	3
Unique KeyValue search performance Hey Everyone, I'm having a bit of trouble with Splunk search performance, I currently have around 1 million rows of ... by splunkrg Explorer in Splunk Search 01-27-2014 0 3	0	3