Splunk Search

Community Activity

lookups>lookup definition> price_lookup popup in tutorial does not match and can't find lookup file prices.csv I'm following the tutorial at your page 46. The popup menu that I see has a "Destination app" field with search above... by MikeSilady Explorer in Splunk Search 10-25-2013 0 3	0	3
Two row details into one row I have the below search index=main sourcetype=summa \| rex "::\s(?<timestamp>\S+)\s" \| rex "^\S+\s(?<userid>\S+)\."... by srajanbabu Explorer in Splunk Search 10-25-2013 0 6	0	6
create ticket in service now - arguments missing It’s worth noting that this issue is being tested under the Splunk application for OS X. The goal is to get Splunk cr... by multiverse Engager in Splunk Search 10-25-2013 0 2	0	2
Grouping similar field1 into a table where field2 is different Hello, I have the a search that is working and I get the desired output. Now I am trying to make the output "prett... by brywilk_umich Path Finder in Splunk Search 10-24-2013 1 2	1	2
Having trouble extracting these feilds... Can't seem to make this work.. using a " " delimter in my transforms didn't do the trick.. www-ber 10/18/2... by richnavis Contributor in Splunk Search 10-24-2013 0 3	0	3
Regex not finding what I'm looking for??? I have this event and I'm trying to send it to the nullQueue if it contains SYSTEM. 2013-10-24 15:02:34,Major,REMOVE... by cdupuis123 Path Finder in Splunk Search 10-24-2013 0 1	0	1
top with running totals i have events with two fields: origin and duration i would like to present a table with the count of each origin, al... by ytl Path Finder in Splunk Search 10-24-2013 0 1	0	1
How do I loop the results into another search and get the desired output? Hello, I am new to Splunk and trying to come up with a way that would grab the usernames in certain lines (21_ubl) o... by brywilk_umich Path Finder in Splunk Search 10-24-2013 0 4	0	4
DNS time stamp REGEX needed Here is my DNS raw data: Oct 17 19:47:09 ns1 named[15517]: 17-Oct-2013 19:47:09.314 queries: client xxx.xxx.xxx.xxx#... by hartfoml Motivator in Splunk Search 10-24-2013 1 4	1	4
peak time of log sources Hi , I have some forwarders installed in my environment and want to calculate the peak time in which log sources for... by lohit Path Finder in Splunk Search 10-24-2013 1 5	1	5
filtering errors based on two timestamps I have a site and errors on that site are being recorded in splunk. I basically need to filter out those error which ... by Nisha18789 Builder in Splunk Search 10-24-2013 0 6	0	6
Bug in convert ctime? Hi the following search eval test=7200 \| convert timeformat="%H:%M:%S" ctime(test) \| table test gives me 03:00:00 ... by nekb1958 Path Finder in Splunk Search 10-24-2013 0 4	0	4
Search to find Log Sources not reporting Hello everyone, I have around 20 forwarders (Universal) in my env and configued to forward data to Splunk Indexer. I... by lohit Path Finder in Splunk Search 10-24-2013 0 1	0	1
Problems indexing into zip files Hi All, I am monitoring files that land in the same directory that I wish to be considered as different source types... by tim9gray Explorer in Splunk Search 10-23-2013 0 13	0	13
Why am I unable to run dbinspect from cli for calculating compression? I'd like to run the following search on my indexer to calculate compression. It works in UI, but not in CLI. I have... by the_wolverine Champion in Splunk Search 10-23-2013 0 2	0	2
Character Encoding in log4j Setting up Splunk I'm getting rsyslog messages showing up fine but when I point a little test log4j app at it I start... by tscanlon Engager in Splunk Search 10-23-2013 0 2	0	2
Trimming the amount of data forwarded Background: We have an existing indexer, that we have added a lot of data to. We would like to cut down on the amount... by tnconners Explorer in Splunk Search 10-23-2013 0 3	0	3
Setting a field as a raw integer? This has been giving me headaches for a long time now, and it's pretty simple. So, for reference, this search works a... by tfitzgerald15 Explorer in Splunk Search 10-23-2013 0 3	0	3
Sorting Duration and Getting the Top 10 I have a duration field in seconds. I wanted the format to be D+hh:mm:ss, so I used this: eval dur_hhmmss=tostring(D... by splunknovice201 New Member in Splunk Search 10-23-2013 0 2	0	2
Filtering events out via props.conf and transforms.conf? The props.conf and transforms.conf files that should be modified are under /etc/system/local, correct? We have been ... by ejdavis Path Finder in Splunk Search 10-23-2013 0 13	0	13
How to count total hits by certain fields? I've been playing around with eval, transaction, and stats and I still can't figure this one out... so I'm asking for... by echojacques Builder in Splunk Search 10-23-2013 0 5	0	5
Error in 'join' command: Usage: join ()? [subsearch] I get the error "Error in 'join' command: Usage: join <options> (<join-fields>)? [subsearch]" when running the follow... by jeffreygaraygay Explorer in Splunk Search 10-23-2013 0 1	0	1
Best way to create a search time field extraction I've spent a long time reading, but am not sure the best way to do this. I have events, which contain username-xxx,... by bowesmana SplunkTrust in Splunk Search 10-23-2013 0 4	0	4
splunk diag command doesn't work with --exclude in splunk version 6.0 The flags such as exclude as explained in http://docs.splunk.com/Documentation/Splunk/6.0/Troubleshooting/ContactSplu... by jdastmalchi_spl Splunk Employee in Splunk Search 10-23-2013 1 1	1	1
track users logging in via SSO Hello, we are using SSO with LDAP based users for authentication on our search heads. On our search head; how do we ... by kaddupa1 Explorer in Splunk Search 10-23-2013 1 2	1	2