Splunk Search

Community Activity

Field Extraction (Regex) When Column Is Sometimes Absent Hi, I'm working on a Regex for field extractions of an alert log. The log has 1 line per alert in the following forma... by RMartinezDTV Path Finder in Splunk Search 11-26-2013 0 7	0	7
DB connect not loading data database connection added successfully. have given the sql query in that Data Inputs for a database source create ab... by yasarforu Loves-to-Learn in Splunk Search 11-26-2013 0 1	0	1
New Field From a Current Field Up to a Certain Character (In a Search) I have a field named FieldA. It looks like this: 10.10.10.10->10.11.11.11 I want to create a new field (FieldB) th... by aferone Builder in Splunk Search 11-26-2013 0 14	0	14
Comparing two fields from different sources Dear all, I would like to compare two fields on a sequential way coming from different sourcetypes already indexed a... by cirrusfa Explorer in Splunk Search 11-26-2013 0 9	0	9
Transaction Duration Duplicated due to multiple same event Hello, I'm trying to get the duration of a transaction starting with "green" and stopping with "red" : The problem i... by YoussefB Engager in Splunk Search 11-26-2013 0 3	0	3
Chronological Eventcount Per User Hi, is it possible to a add field to each event and add a value to this field, that shows the chronological count of... by HeinzWaescher Motivator in Splunk Search 11-26-2013 0 4	0	4
Native Chart Format Limitations I'm trying to build a timechart (line graph) over 13 years using a 12 month span. My search to generate the visualis... by himynamesdave Contributor in Splunk Search 11-26-2013 0 3	0	3
Converting a timestamp, but the hour always becomes: 00 Hi, I was hoping for help on this. I want to reformat a date as follows (and if there is an easier--more condense wa... by RB5 Path Finder in Splunk Search 11-26-2013 1 7	1	7
Changing sourcetype with regex I try this in transforms.conf : [Hirschmann] DEST_KEY = MetaData:Sourcetype REGEX = "\S[A-Z]+\s[0-9]+\s[0-9]+:[0-9]... by ddarmand Communicator in Splunk Search 11-26-2013 0 3	0	3
define and search on space delimited fields Hi, I have the following data: (time x y word1 word2 ) 20131116-162406.698 569 609 burbled his 20131116-162407.59... by TimInSplunkAcc New Member in Splunk Search 11-26-2013 0 4	0	4
Multi-value Field extraction Hello, I would like to create a multi-value field for my data, how can i do that? here's a sample of my data (Start... by tallasky Explorer in Splunk Search 11-26-2013 0 6	0	6
how to create slide charts based on time in splunk using simple xml Hi all, how to create charts slide show based on time in splunk using simple xml,can u plz help me...... by mvaradarajam Path Finder in Splunk Search 11-25-2013 0 2	0	2
Correlating results from different searches I am trying to generate a report that returns a number of different account activities, specifically when new account... by JWBailey Communicator in Splunk Search 11-25-2013 0 5	0	5
How to search for a field whose value is * Hi I have a field whose value is "*", When i use that field value pair splunk is assuming it as a wildcard and retur... by mohankesireddy Path Finder in Splunk Search 11-25-2013 1 10	1	10
How can I color fields in a table based on date? Requirements: I have a dashboard to display a table containing a list of my sourcetypes with the first date last date... by digital_alchemy Path Finder in Splunk Search 11-25-2013 0 2	0	2
cron in decimal I use Splunk 5.0.1 I want a scheduled search to run by 2.5 hours. Does the search accept decimal values? like from:... by aniketb Path Finder in Splunk Search 11-25-2013 1 6	1	6
Count filled rows in multiple columns I have a table that has three columns. Normally the columns will have different numbers of entries, for example Col1 ... by kmattern Builder in Splunk Search 11-25-2013 0 5	0	5
Is it possible to increment values time after time ? Hi there, Because of some product limitations on a SMTP server, I need to desactivate snmp polling but I have to kee... by RomainH New Member in Splunk Search 11-25-2013 0 3	0	3
Search time Time-fields Hello, I have defined a search macro which is taking 3 arguments: starttime, endtime, (starttime-1y). This works ver... by psobisch Path Finder in Splunk Search 11-25-2013 0 3	0	3
How do i capture login ID as the same field across two differently-formatted logs? Hi, Looking for ideas on how to attack a problem... I have a couple of different systems (servers and vpn's) and I ... by a212830 Champion in Splunk Search 11-25-2013 0 8	0	8
Can we call different saved searches based on systemtime automatically in a dashboard? Hi I want to display different graphs within a single panel in adashboard based on system time or elase I want to dis... by lahariveerlapat Explorer in Splunk Search 11-24-2013 0 6	0	6
Data from large search deleting during search. How do I override? I have a user that is reporting that data is dropping out from a large search in splunk after a time. The user report... by gtspacegirl New Member in Splunk Search 11-24-2013 0 1	0	1
Count Events, Group by date field I have data that looks like this that I'm pulling from a db. Each row is pulling in as one event: trxn_id create... by hogan24 Path Finder in Splunk Search 11-24-2013 0 3	0	3
Adding results, fields from two different queries I have two completely different queries which of them output fields like below The output of the fields will be just... by pradeepkumarg Influencer in Splunk Search 11-23-2013 0 3	0	3
Color in a table based on cell values on 6.0 Does anybody know how to configure the necessary .js and .css in an app to color the backgrounds of cells in a table ... by aholzer Motivator in Splunk Search 11-23-2013 0 1	0	1