Splunk Search

Community Activity

good regex (fast) I have a field called "user". I am looking for matches that contain 6 or 7 characters, and always end with "a" but do... by mcbradford Contributor in Splunk Search 11-13-2013 0 7	0	7
DBX not outputing SQL DateTime Timestamp I have a Splunk DB Connect input setup that simply runs a sql query to grab events from sql. I have a template as my... by aelliott Motivator in Splunk Search 11-13-2013 1 20	1	20
I upgraded to 6.0 and now my field extractions don't work at all. In fact I don't get any fields extracted when I run a search from the search bar. I upgraded to 6.0 and now my field extractions don't work at all. In fact I don't get any fields extracted when I run... by DerekB Splunk Employee in Splunk Search 11-13-2013 1 1	1	1
How do i write a query on SPL to have a flag when next value of an event is greater then the precedence value? How do i write a query on SPL to have a flag when next value on events is greater then the precedence value? Here... by royimad Builder in Splunk Search 11-13-2013 0 1	0	1
Can I set the earliest and latests statements in my search using an eval statement? (any other options?) I have been trying to complete a search whicj includes several ealiest and latest statements. I need to search betwe... by itgmidrange New Member in Splunk Search 11-13-2013 0 2	0	2
Lookup return same value if not found Hi is there any way to return same value if not found in lookup table? i.e. I have file users.csv code,name 100,jh... by sarumjanuch Path Finder in Splunk Search 11-13-2013 1 2	1	2
Strptime and mktime don't want to modify time string Hi! I have a lookup table with time srings like this: 2013.11 and I want splunk to understand it is a time and make ... by iKate Builder in Splunk Search 11-13-2013 0 8	0	8
How to get the assigned value of a macro with ":" (colon) as a seperator Hi, I need to find the value of PLANDATA_TYPE from the given string in my logs i.e. PLANDATA_TYPE: ASBFGH, PLANWORK... by harshal_chakran Builder in Splunk Search 11-13-2013 0 5	0	5
Merge Values from Two Fields into a New Field I have two fields, src_ip and dest_ip. These two fields show up in the same log. I am trying to merge all values of... by jodros Builder in Splunk Search 11-13-2013 1 19	1	19
Timechart is showing only first 50 results? I am using a timechart query to display data for each task(TASK_ID) and time taken for completing a task. It is plott... by toolsops New Member in Splunk Search 11-13-2013 0 3	0	3
Multivalued fields I have a problem concerming multivalued fields. i wanted to create a dashboard which shows failed logins per user wi... by ESIMatNeforce Path Finder in Splunk Search 11-13-2013 0 3	0	3
Replace map markers by piecharts Hey there! We just updated to Splunk 6 and I wanted to create a new panel with the new integrated maps. That was eas... by Dreads94 Explorer in Splunk Search 11-12-2013 0 2	0	2
Report Acceleration on subsearch Hi, I'm trying to apply some search acceleration on a subsearch (using the join command), but I can't seem to get it ... by ashleyherbert Communicator in Splunk Search 11-12-2013 2 1	2	1
using data model qualified names I have a data model with a fairly simple definition (see below), and I have accelerated it. When I get any informati... by rettops Path Finder in Splunk Search 11-12-2013 0 1	0	1
Getting Transaction Times Without Transaction Command Hi, I'm working on speeding up searches that I initially wrote using the transaction command. A transaction is defin... by RMartinezDTV Path Finder in Splunk Search 11-12-2013 0 3	0	3
trying to parse out a timestamp i have a log that looks something like this: terminate_type=VOICE timestamp=11/05 14:43 trunk=A044003 the format i... by ytl Path Finder in Splunk Search 11-12-2013 0 4	0	4
Does splunk suppress a scheduled search when it is being used to backfill? Pretty simple question - we have a search head pool, and one box is currently using the backfill script to run a sche... by msarro Builder in Splunk Search 11-12-2013 0 1	0	1
How much do you care about NTP? So I am considering how we implement NTP in a new environment. Time synchronization seems to be really important when... by muebel SplunkTrust in Splunk Search 11-12-2013 4 2	4	2
Subsearch with multiple field matching Everyday I bring in events (with a logon id, USER below) and a list of approved users. I want to compare the 2 lists ... by andrewkenth Communicator in Splunk Search 11-12-2013 0 2	0	2
How to Get Percentage with Case and Stats Good day! I am having trouble getting the percentages after grouping the data via case. Any help would greatly be a... by jepoyyyy Explorer in Splunk Search 11-12-2013 0 2	0	2
Search for n number of instances I'm wondering if this is possible. I have a field from our ASA formatted like the following: 5/16/13 11:26:28.000 AM... by johnblakley Explorer in Splunk Search 11-11-2013 0 3	0	3
Specifying y Axis range I want to specify the range of the Y Axis on my graph i tried the below with no luck  <param name="charting.chart.a... by samlaw Explorer in Splunk Search 11-11-2013 0 3	0	3
Data reports are only 10 months long and reports with same month in 2 years When I ask for a report that is longer than 10 months, the last month in the report (say November) disappears when th... by kelly6453 New Member in Splunk Search 11-11-2013 0 1	0	1
How does correlate command work? Hi! I would like to know how the correlation percentage between fields is obtained and so on. Is it possible? I kno... by emaccaferri Communicator in Splunk Search 11-11-2013 0 1	0	1
Get rows from the intermediate table by max value of a column I have an intermediate table from some query: ... \| table Stock_price_difference, start_time, end_time, company Sto... by harrychen Explorer in Splunk Search 11-11-2013 0 4	0	4