Splunk Search

Community Activity

Possible bug with Field Extraction, regex works fine with search but not with Field extraction I have an index where I have indexed a csv file with 7 fields. Following is the format of csv file. (header row) tim... by somesoni2 Revered Legend in Splunk Search 11-07-2013 0 2	0	2
Can we create a gannt chart? I have data like below: time Username Status 2013/01/01 00:00:00 UserA Active 2013/01/... by walterleunghk Explorer in Splunk Search 11-07-2013 1 1	1	1
Differences between search results Hello, I have a lookup table called host-list which has a list of all the hosts present in a network. I want to have... by srinathd Contributor in Splunk Search 11-07-2013 1 2	1	2
Add priority to systems and setup alerts for critical systems Hi, I am trying to find automatic way of adding asset priority (Critical, High etc.) based on IP address and/or host... by spj2 New Member in Splunk Search 11-07-2013 0 2	0	2
Multiple key value pairs during search In order to reduce the amount of data being indexed, I am using a sed script to strip away all XML tags and to format... by sc0tt Builder in Splunk Search 11-07-2013 0 2	0	2
Restrict search to exclude events from today Hello, I would like to know how is it possible to narrow every search that a user can launch to exclude events comin ... by cafissimo Communicator in Splunk Search 11-07-2013 0 2	0	2
Parameters for search Hi, What would be the available options in order to parameterize a search in a Splunk view ? Let's say that all eve... by klausJohan Path Finder in Splunk Search 11-07-2013 0 3	0	3
How to format _time field and get rid of miliseconds? Hi, In the search results, I'd like to have _time displayed without ms at the end (06/11/2013 23:13:22.000 -> 06/11/... by lutel Explorer in Splunk Search 11-07-2013 0 3	0	3
Trigger Search Restart Hi, I have a dashboard that contains an IFrameInclude module and a HiddenSearch module . The IFrameInclude points to... by klausJohan Path Finder in Splunk Search 11-06-2013 1 2	1	2
best approach for sub search with total Hi, I've the ff search main search for getting total ... \| join type=outer _time [ search main search for getting ... by adomila Explorer in Splunk Search 11-06-2013 0 8	0	8
Path Analysis in Splunk Hi, I use iis server logs and in each hit I have the flowing parameters. cs_uri_stem= Page user is on cs_Referer=Pr... by DanielFordWA Contributor in Splunk Search 11-06-2013 1 13	1	13
combining multiple events (LEG1 & LEG2) and putting as a macro hi Folks, I'm fairly new to splunk. I've written a script to get logs from F5 using SNMP. The events retrieved are ... by koshyk Super Champion in Splunk Search 11-06-2013 0 3	0	3
Lookup table with two primary keys My company uses ConnectDirect (C:D) as a tool for file transfer. Within the connect direct logs the hosts are referr... by tyronetv Communicator in Splunk Search 11-06-2013 0 8	0	8
Linegraph with Datestring / Convert Timestamp to _time Hi, I've got a lookupfile with a timestamp (in seconds) and other entries. I've converted the timestamp into a dates... by HeinzWaescher Motivator in Splunk Search 11-06-2013 0 3	0	3
How to use Splunk Reports in SAP Business Objects? Did someone ever tried to use a Splunk Dashboard or single Report in SAP Business Objects? Is this even possible? Wh... by tpaulsen Contributor in Splunk Search 11-06-2013 0 1	0	1
Custom Variables \ eVars in Splunk – Segment all data on a user event. I use iis server logs, each user has a unique ID (cs_username) as authentication is required on the site. Does Splun... by DanielFordWA Contributor in Splunk Search 11-06-2013 0 4	0	4
Search for mutiple values using rex and store them in a same single field Im looking to achieve the following using Rex. Below is the search query which im trying to run sourcetype=XXXXXX (... by ppurokit Path Finder in Splunk Search 11-06-2013 0 3	0	3
Nested search Hi all, I have 2 dump files and put separate them into 2 sourcetypes, sourcetype=transaction_status and sourcetype=t... by frankagustinus Explorer in Splunk Search 11-05-2013 0 3	0	3
Basic OR statement question So I have this search and it works just fine: dest="10." OR dest="172.16." OR dest="192.168.*" AND action=failure ... by echojacques Builder in Splunk Search 11-05-2013 1 3	1	3
Extraction Precedence If you have index time extractions configured will search time extractions override them? by tprzelom Path Finder in Splunk Search 11-05-2013 0 2	0	2
Buffer overflow for field? Hi ! I would like to know if there are any restricted size value for fields. I have tried to create a fields consis... by yuwtennis Communicator in Splunk Search 11-05-2013 1 1	1	1
Is there a way to set the label on the y axis of a chart in simple xml? I have the following chart defined in a view: <chart> <searchString> index=summary report=hw_use_by_jobs... by travis_bear Explorer in Splunk Search 11-05-2013 0 2	0	2
Events with null fields being discarded in results? Hello, in my search below, events with null fields are being discarded/excluded from the results. Specifically, any ... by echojacques Builder in Splunk Search 11-05-2013 0 2	0	2
save search results? Once a search has been created and saved, how does one change the amount of time (number of days, for example) that t... by jlawsonmers New Member in Splunk Search 11-05-2013 0 5	0	5
earliest and latest times for each hour of a day ? Hi How can give earliest and latest times for each hour of day of previous day . i.e first hour , second hour ,thir... by rakesh_498115 Motivator in Splunk Search 11-05-2013 0 1	0	1