Splunk Search

Community Activity

Data models: how to use a wildcard for field names? Some of my events have an unknown number of field names with a common naming scheme. In my searches I use a wildcard ... by helge Builder in Splunk Search 10-31-2013 1 6	1	6
Extract data via rest api I have some sample data generated from curl -k -u admin:password https://localhost:8089/services/search/jobs/export ... by preben12 Communicator in Splunk Search 10-31-2013 0 1	0	1
Number of events indexed yesterday for an index Simple one that I cannot find an answer to. I would like to know the number of events indexed yesterday for the inde... by peter_gianusso Communicator in Splunk Search 10-31-2013 0 1	0	1
Help on construct rex expression Hello All, From a search in Splunk I get this output from the _raw field: (I have modified a bit the output for pri... by mariaerh New Member in Splunk Search 10-31-2013 0 7	0	7
Timechart with overall count Hello Answers-Base, I have a timechart where i see the statistics over some softwareversions --> see example searc... by yAlff Path Finder in Splunk Search 10-31-2013 0 5	0	5
Expanding rows to certain number of rows Hi! I would like to get some help with search commands. I have a result like, string dT count ... by yuwtennis Communicator in Splunk Search 10-31-2013 0 1	0	1
regex help - only check first occurrence I've been attempting to create a regex in transforms.conf that will keep events that have Value1 or Value2 and send a... by sc0tt Builder in Splunk Search 10-31-2013 0 7	0	7
Timechart: Unique User of the Last 7 Days Hello, I would like to create a (time-)chart, that always counts the unique users of the last 7 Days. For Instance t... by HeinzWaescher Motivator in Splunk Search 10-31-2013 0 5	0	5
For each result in a search, make a second search to extract a couple of fields from other records? I have two types of data input login records containing at least Userid, Name, LoginDateuser records containing at l... by bowesmana SplunkTrust in Splunk Search 10-31-2013 0 3	0	3
timechart span offset I have a working chart that uses "timechart span=1w". Is there any way to make the week span go from Monday-Sunday ... by AI_Wizard New Member in Splunk Search 10-31-2013 0 5	0	5
"sort _time" is losing days/events for timechart Hi, i would like to sort the events by _time and create a timechart. \| timechart span=1d dc(user) Here the displaye... by HeinzWaescher Motivator in Splunk Search 10-31-2013 0 4	0	4
Timecharting a Ratio All, So I have this search, whick works fine. It shows me the unique users in apache vs errors vs checkouts. Perfec... by daniel333 Builder in Splunk Search 10-31-2013 0 1	0	1
plot a graph Hi, For the following search results i need to ploa a graph with starttime in y-axis and Host in x-axis. How to do t... by srinathd Contributor in Splunk Search 10-30-2013 0 8	0	8
Software application best practice for logging sets of tuples for Splunk When you have control of the logging in an application, what is the recommendation to make things as easy as possible... by gregbujak Path Finder in Splunk Search 10-30-2013 0 3	0	3
trouble using regex to find a timestamp Hi, I'm trying to use regex to define where my stamp stamp is in the data below. I have it working for some of the ... by jgautreau Explorer in Splunk Search 10-30-2013 0 10	0	10
Timeout error in ResultsReaderXML c# SDK example search program When I invoke the C# SDK example search() program to retrieve the same test data I submitted, I get some of my result... by afd0174 Explorer in Splunk Search 10-30-2013 3 21	3	21
Dynamic Chart from Summary Index I'm looking to create a dynamic chart from a summary index, but I'm not sure how to go about it. Basically, I need t... by mbuschle Explorer in Splunk Search 10-30-2013 0 3	0	3
Two searches combined including transaction The below gives me the correct number of hits per external user sourcetype="iis-2" \| extract auto=true \| search CORE... by DanielFordWA Contributor in Splunk Search 10-30-2013 0 2	0	2
correct regex for whitelisting files I have files that have names like this: appflow-0017c569f354.syslog-dynamic-96 appflow-0017c569f354.syslog-dynamic-97... by jalfrey Communicator in Splunk Search 10-30-2013 0 3	0	3
Need Assistance with Search to Display Machines with Reoccurring Infections - Delta or Diff Command Assistance I need some assistance with constructing a search to help identify machines with reoccurring infections. I thought t... by jodros Builder in Splunk Search 10-30-2013 0 1	0	1
How do I use inputlookup to search a list of domains? I have a .csv list of domains I would like to search and I've uploaded it as a lookup table file. The table is for... by digital_alchemy Path Finder in Splunk Search 10-30-2013 0 1	0	1
eval searchmatch with OR I am trying to do a search match based on a number of different criteria. The below does not work. sourcetype="iis-... by DanielFordWA Contributor in Splunk Search 10-30-2013 0 11	0	11
Comparing fields with previous events A logon script generates an event every time a user logs into the desktop. Here are the sample events in Splunk from ... by sudhir_gandhe Explorer in Splunk Search 10-30-2013 1 5	1	5
Timechart: Returning Users Hello, I want to achieve a timechart with a stat for returning Users, which means the number of unique users who hav... by HeinzWaescher Motivator in Splunk Search 10-30-2013 0 5	0	5
Stats for exception reporting Hi  I am trying to setup some exception reports for our capacity planners and I can construct a search that generat... by lukeh Contributor in Splunk Search 10-29-2013 1 2	1	2