Splunk Search

Community Activity

Using lookup tables and searching it twice We have a user lookup table that contains information such as username, email, and managername. I can do a lookup to... by rmorlen Splunk Employee in Splunk Search 12-26-2013 0 2	0	2
How to add percentage on statistic field? Hello, My search: index=test sourcetype=traffic \| stats sum(A) as A sum(B) as B sum(C) as C sum(D) as D \| transpose ... by appleman Contributor in Splunk Search 12-25-2013 0 2	0	2
Subsearch results display in different columns with same field by differenet timerange sourcetype=xxx earliest=-1d@d latest=-0d@d \| stats count by host \| append [search earliest=-2d@d latest=-1d@d \| stats... by rossikwan Path Finder in Splunk Search 12-25-2013 0 4	0	4
How to get index time in subseconds ? Hi Splunkers, I want to know the index time lag in subsecond order by following command. index=main \| eval index_la... by sunrise Contributor in Splunk Search 12-25-2013 0 2	0	2
What is pulldown_type? Hi! I would like to know what pulldown_type option (props.conf) affects in splunk. Are there any description in the ... by yuwtennis Communicator in Splunk Search 12-25-2013 1 1	1	1
V6 free splash page display bug Demonstrated below: Black text on dark grey background - totally useless from an accessibility perspective. What ha... by grijhwani Motivator in Splunk Search 12-24-2013 0 4	0	4
How do you 'Tag' based on a search? I'm almost certian I used the wrong lingo but I'd like to essentially create a field based on search or regex, but I ... by andrewkenth Communicator in Splunk Search 12-23-2013 0 1	0	1
Getting top values from two fields I have a index that contains both destination and source countries in each entry. I would like to get a list over top... by kennethp Engager in Splunk Search 12-23-2013 1 1	1	1
How to identify session from log based on request timestamp Hi Guys, My log message looks like below, Time message 10:00 AM “log message 1” 10:10 AM “log message... by moohkhol New Member in Splunk Search 12-23-2013 0 1	0	1
Formatting the digits Hi! I would like to do something similar to sprintf of perl. Which would be like, sprintf("%02d) put a 0 in front... by yuwtennis Communicator in Splunk Search 12-23-2013 0 2	0	2
Inhibiting alerts from saved searches that had search errors Is there a way to inhibit alerts from saved searches that had errors? Saved searches will sometimes fail with errors... by teedilo Path Finder in Splunk Search 12-23-2013 3 10	3	10
Display results only above a certain number Hi all, I am having trouble displaying search results when I specify that the returned results must be greater than ... by Snazter57 New Member in Splunk Search 12-23-2013 0 5	0	5
Predict: Can I show only the predicted events in the future? I like the predict clause, but how can I show only the prediction of the 'future'. For example: index=prd_stats earl... by mkelderm Path Finder in Splunk Search 12-23-2013 0 2	0	2
How to get the Source from one query and search specific variable in that source?? Hi, I have a sourcetype = ALLXMLDATA, where I have added multiple XML files as data inputs such XMLfile1, XMLfile2 a... by harshal_chakran Builder in Splunk Search 12-22-2013 0 3	0	3
How do I get the value of one field if the value of another field matches? Hi, I have 2 data logs "datasource1" and "datasource2", under same sourcetype name="DATALOGS", for e.g. datasource1... by harshal_chakran Builder in Splunk Search 12-22-2013 0 3	0	3
Get the output in double quotes. Hi, I have written a search query which shows a specific value from the datalog. what i want is to show the reult in... by harshal_chakran Builder in Splunk Search 12-22-2013 0 1	0	1
Trying to send WindowsEventlogs to different index Currently trying to limit logs out of the application, security, and system logs. I want to send only application an... by mileven Explorer in Splunk Search 12-20-2013 0 2	0	2
search query - iterations of search criteria I'm trying to search for multiple rule event hits in my historical data: Date 1, Rule A, NumAlerts 15 Date 1, Rule B... by david_rundle_fi Explorer in Splunk Search 12-20-2013 0 2	0	2
Correlate different id's and average out data Hello Splunky's, I'am working on a project and want to correlate a couple of id's on different logs and got the time... by BBakkenes Explorer in Splunk Search 12-20-2013 0 1	0	1
Parsing mutlivalued field I have two fields, say foo and bar. They both have the same format. An example of the fields could be foo="{a=3, b=4... by tbo Explorer in Splunk Search 12-19-2013 0 4	0	4
Watchlist Insertion Hi, I want put an alert witch detect non authorized connection. In order to do that I have integrate some workstatio... by julirodr New Member in Splunk Search 12-19-2013 0 3	0	3
Quoted escape characters when searching a field "2013-12-19 11:13:23", "[INFO]", "30927", "MainProcess", "SSMITH" My data is coming into Splunk in this format, and ... by JoeSco27 Communicator in Splunk Search 12-19-2013 0 4	0	4
Monitoring external config files for difference in content from its previously indexed version. Hi, I have a config file collected across a bunch of hosts. I started off with indexing the file as a single entry. ... by mrkumar New Member in Splunk Search 12-19-2013 0 1	0	1
IIS log user count My purpose is to count currently logged in user for a web site Easiest way to get this is something like \| stats dc(... by ashabc Contributor in Splunk Search 12-19-2013 0 3	0	3
Plotting points on a Splunk 6 map My data is already coming into splunk lat/lon encoded. I don't need to do any ip geo lookup or anything like that. Ea... by fredclown Builder in Splunk Search 12-19-2013 3 5	3	5