Splunk Search

Community Activity

twice as many counts as matching events? I need help figuring out this one This is the search: host="myhost" \| spath \| top agent.browser I get 311 matchi... by malukisses Engager in Splunk Search 12-05-2013 1 6	1	6
\| pivot and eval Hi there, is there any way to combine table creation using an eval expression in combination with the accelerated pi... by anjafischer Path Finder in Splunk Search 12-05-2013 2 6	2	6
copy sourcetype and regex from one index to other index how i can copy sourcetype and regex from one index to other index? by felipesewaybric Contributor in Splunk Search 12-05-2013 0 2	0	2
Append showing result in new row If I understood correctly append returns the result in the same row as the previous query. Anyone knows why I get 2 s... by mcamilleri Path Finder in Splunk Search 12-05-2013 0 3	0	3
Percentage change in event counts I need to calculate the percentage increase/decrease in the number of events in the last 5 minutes compared to the pr... by mcamilleri Path Finder in Splunk Search 12-05-2013 1 4	1	4
Count Command Hi, I'm experiencing some difficulties when using count, the below search query works by listing sip (source ip) aga... by sukhgillz Explorer in Splunk Search 12-05-2013 0 6	0	6
Can timestamp be conditional according to data content My csv data contains a number of timestamps. I want the timestamp field to be conditional on the result of another f... by bowesmana SplunkTrust in Splunk Search 12-05-2013 0 10	0	10
Filtering with dedup depending on number of results I got a search that monitores my Netbackup jobs in real time. search = index=Infra_NB sourcetype="NbJobs" site=$site... by timmalos Communicator in Splunk Search 12-04-2013 0 5	0	5
Filter fields per role access? Hi! I would like to ask question whether its possible to filter certain fields per role. For example, If I have a ... by yuwtennis Communicator in Splunk Search 12-04-2013 0 3	0	3
Webknight Field Extractions and Header Exclusions If anybody uses WebKnight ISAPA filter in your environment you will probably have spotted that the log file formal ca... by hughroberts Explorer in Splunk Search 12-04-2013 0 1	0	1
Search is truncating results to a smaller result set after completion Hello, I'm running a fairly complex search using transactions in order to identify an error occurring in a distinct ... by erikross Explorer in Splunk Search 12-04-2013 0 2	0	2
Indexing internals Hi, I'm planning the event sources for Splunk and I'd like to know (if someone could give an answer) how does splun... by egutesman Engager in Splunk Search 12-04-2013 0 2	0	2
dbx query timeout Is there a flag in the dbx app that times out a query if it exceeds a certain time? We have an SLA that our queries c... by aaronkorn Splunk Employee in Splunk Search 12-04-2013 2 1	2	1
Duration with just days (2) source="J:\\B6 Files\\Web Logs\\Vegas\\access_logs\\star.log" INFO star \| rex field=_raw "INFO (?<report>star) - (?... by Oisin77 Explorer in Splunk Search 12-04-2013 0 3	0	3
How to create multiple radial gauges from a singel query? I have a query that produces 4 field values. I am looking for a way to use thae gauge command to create multiple gaug... by v920998 New Member in Splunk Search 12-03-2013 0 1	0	1
Creating Chart Overlays in Splunk 6 All, I'm trying to implement overlays for the dashboard panel I am working on. I want the exactly the same chart a... by bruceclarke Contributor in Splunk Search 12-03-2013 0 1	0	1
Time of Day on Y Axis I'm trying to create a chart that has the time of day on the y axis. I have a results table that looks like this: D... by jstockamp Communicator in Splunk Search 12-03-2013 0 3	0	3
Chart Android over Iphone apache logs so I have index=apache useragent=android \| timechart etc etc index=apache useragent=iphone \| timechart etc etc but... by daniel333 Builder in Splunk Search 12-03-2013 1 1	1	1
How to get total for line count then subtotal for another field in the same query? Hi - Very new to splunk. I have the following query that gives me total count for a specific log: LOGGING string: "... by jaj Path Finder in Splunk Search 12-03-2013 0 2	0	2
How do you reference the value of a transaction Does anyone know if it is possible to reference the value of a transaction? For instance transaction account start... by adylent Path Finder in Splunk Search 12-03-2013 0 1	0	1
Extract information via regex Hi guys, I need some help to split the field below: xyu_0987\|123456:123456\|123456:123456, before the first pipelin... by rafamss Contributor in Splunk Search 12-03-2013 1 10	1	10
searchtime field extraction, ignore event prefix Hi all, I'm using props and transforms to extract fields, all the fields are extracted properly, except the first on... by atat23 Path Finder in Splunk Search 12-03-2013 0 7	0	7
Sum max(count) from multiple hosts Hi I have 4 hosts. Each host collects error logs. Each log consists of a Counter, like so: 2013-12-02 11:23:26,512 ... by philallen1 Path Finder in Splunk Search 12-03-2013 0 8	0	8
How to increment counter field with a by clause Given events Group MultiValue A 7,2,9 B 8,1 I'm using makemv to pivot the results to below, but I also want a new In... by e_sherlock Explorer in Splunk Search 12-03-2013 1 2	1	2
Joining two data sets using time windows I have two data sets that I want to join: Set A: _time, field1, field2, field3... via search: eventtype=mystats \| f... by mmanfred Explorer in Splunk Search 12-03-2013 0 3	0	3