Splunk Search

Community Activity

How do I regex and include in field value? I'm monitoring DHCP logs and I'm trying to separate out known device types with the aim of looking for unknown device... by capilarity Path Finder in Splunk Search 11-14-2013 0 2	0	2
metadata search for tagged and untagged servers I'm trying to do a search for servers that have reported to verify their status (server up or server down). I have so... by pil321 Communicator in Splunk Search 11-14-2013 0 2	0	2
Hide Interesting Fields? Is it possible to hide certain fields from users based on roles or some other granularity? I'm interested in giving... by andrewkenth Communicator in Splunk Search 11-13-2013 2 2	2	2
How to configure Syslog on Wireless Router Team, Please guide me to configure my wireless router to send the data over to Splunk ( My laptop) How to validate ... by thiliphk New Member in Splunk Search 11-13-2013 0 4	0	4
Frequency correlation between different sourcetypes I have two sourcetypes, one containing alerts from users that we have a problem, and another one with server logs. In... by nl_cape Explorer in Splunk Search 11-13-2013 0 6	0	6
good regex (fast) I have a field called "user". I am looking for matches that contain 6 or 7 characters, and always end with "a" but do... by mcbradford Contributor in Splunk Search 11-13-2013 0 7	0	7
DBX not outputing SQL DateTime Timestamp I have a Splunk DB Connect input setup that simply runs a sql query to grab events from sql. I have a template as my... by aelliott Motivator in Splunk Search 11-13-2013 1 20	1	20
I upgraded to 6.0 and now my field extractions don't work at all. In fact I don't get any fields extracted when I run a search from the search bar. I upgraded to 6.0 and now my field extractions don't work at all. In fact I don't get any fields extracted when I run... by DerekB Splunk Employee in Splunk Search 11-13-2013 1 1	1	1
How do i write a query on SPL to have a flag when next value of an event is greater then the precedence value? How do i write a query on SPL to have a flag when next value on events is greater then the precedence value? Here... by royimad Builder in Splunk Search 11-13-2013 0 1	0	1
Can I set the earliest and latests statements in my search using an eval statement? (any other options?) I have been trying to complete a search whicj includes several ealiest and latest statements. I need to search betwe... by itgmidrange New Member in Splunk Search 11-13-2013 0 2	0	2
Lookup return same value if not found Hi is there any way to return same value if not found in lookup table? i.e. I have file users.csv code,name 100,jh... by sarumjanuch Path Finder in Splunk Search 11-13-2013 1 2	1	2
Strptime and mktime don't want to modify time string Hi! I have a lookup table with time srings like this: 2013.11 and I want splunk to understand it is a time and make ... by iKate Builder in Splunk Search 11-13-2013 0 8	0	8
How to get the assigned value of a macro with ":" (colon) as a seperator Hi, I need to find the value of PLANDATA_TYPE from the given string in my logs i.e. PLANDATA_TYPE: ASBFGH, PLANWORK... by harshal_chakran Builder in Splunk Search 11-13-2013 0 5	0	5
Merge Values from Two Fields into a New Field I have two fields, src_ip and dest_ip. These two fields show up in the same log. I am trying to merge all values of... by jodros Builder in Splunk Search 11-13-2013 1 19	1	19
Timechart is showing only first 50 results? I am using a timechart query to display data for each task(TASK_ID) and time taken for completing a task. It is plott... by toolsops New Member in Splunk Search 11-13-2013 0 3	0	3
Multivalued fields I have a problem concerming multivalued fields. i wanted to create a dashboard which shows failed logins per user wi... by ESIMatNeforce Path Finder in Splunk Search 11-13-2013 0 3	0	3
Replace map markers by piecharts Hey there! We just updated to Splunk 6 and I wanted to create a new panel with the new integrated maps. That was eas... by Dreads94 Explorer in Splunk Search 11-12-2013 0 2	0	2
Report Acceleration on subsearch Hi, I'm trying to apply some search acceleration on a subsearch (using the join command), but I can't seem to get it ... by ashleyherbert Communicator in Splunk Search 11-12-2013 2 1	2	1
using data model qualified names I have a data model with a fairly simple definition (see below), and I have accelerated it. When I get any informati... by rettops Path Finder in Splunk Search 11-12-2013 0 1	0	1
Getting Transaction Times Without Transaction Command Hi, I'm working on speeding up searches that I initially wrote using the transaction command. A transaction is defin... by RMartinezDTV Path Finder in Splunk Search 11-12-2013 0 3	0	3
trying to parse out a timestamp i have a log that looks something like this: terminate_type=VOICE timestamp=11/05 14:43 trunk=A044003 the format i... by ytl Path Finder in Splunk Search 11-12-2013 0 4	0	4
Does splunk suppress a scheduled search when it is being used to backfill? Pretty simple question - we have a search head pool, and one box is currently using the backfill script to run a sche... by msarro Builder in Splunk Search 11-12-2013 0 1	0	1
How much do you care about NTP? So I am considering how we implement NTP in a new environment. Time synchronization seems to be really important when... by muebel SplunkTrust in Splunk Search 11-12-2013 4 2	4	2
Subsearch with multiple field matching Everyday I bring in events (with a logon id, USER below) and a list of approved users. I want to compare the 2 lists ... by andrewkenth Communicator in Splunk Search 11-12-2013 0 2	0	2
How to Get Percentage with Case and Stats Good day! I am having trouble getting the percentages after grouping the data via case. Any help would greatly be a... by jepoyyyy Explorer in Splunk Search 11-12-2013 0 2	0	2