Splunk Search

Community Activity

"All time" works OK; "All time (realtime)" shows nothing, eventually 'Invalid SID'? (Splunk 6) Whilst leaving a Splunk 6 search page open tailing incoming syslogs (with the default * search query), I realised it ... by christopherwood Explorer in Splunk Search 10-22-2013 2 5	2	5
Simple XML: Stacked column chart not working I have very simple chart that shows time spent in a specific stage. The query behind it looks like below: source="/h... by SRIVATSAN_IYER Explorer in Splunk Search 10-22-2013 0 2	0	2
How to extract fields with values always on the same line and same row? Hi Splunkers, I tried a lot, but now I have no more idea. I would like to extract a log file like the following. It ... by eichfuss Path Finder in Splunk Search 10-22-2013 0 4	0	4
Chart visualization hi, this is my query index=tm_idx host="server" sourcetype="TM_Test_10" \| rex field=msg "(?i)TM1\sserver\sload\s... by ChhayaV Communicator in Splunk Search 10-22-2013 0 4	0	4
Search time range suddenly causes search to return zero results Hi Everyone, I'm running Splunk version 5.0.3, build 163460 on Suse Linux 3.0.13-0.27 I have a Splunk Dashboard Sea... by napomokoetle Communicator in Splunk Search 10-22-2013 0 9	0	9
Column order in statistics table created by chart is wrong I have a command host="daily" \| chart count by Company, date_mday which shows the fields Company, 1, 10, 11, 15, 2... by bowesmana SplunkTrust in Splunk Search 10-21-2013 0 2	0	2
pareto chart? hi, i have some data that i would like to display a bar chart with; however, i would like the x-axis items to be orde... by ytl Path Finder in Splunk Search 10-21-2013 0 3	0	3
How to perform math on single values Hello experts. After mining this site I figure its not possible to do math on distinct vales. I've seen answers that ... by tsmithsplunk Path Finder in Splunk Search 10-21-2013 0 3	0	3
Regex Extracting Phonehome client name Here are my _internal Phonehome logs for UF client connections: xxx.xxx.128.89 - - [21/Oct/2013:09:49:47.820 -0500] ... by hartfoml Motivator in Splunk Search 10-21-2013 0 5	0	5
Matching A vs AAAA rex help All, I'm stuck on a regex issue. Not sure how I can match A records vs AAAA records within windows dns logs. I cam... by dondky Path Finder in Splunk Search 10-21-2013 0 4	0	4
joining two searches with common field I'm not an advanced user of splunk, so I'm not even sure this is possible. I have two searches which have a common fi... by allen_edmondson Explorer in Splunk Search 10-21-2013 1 6	1	6
dbConnect sinkhole not working for dbmon directory I'm using dbConnect, and my $SPLUNK_HOME/var/spool/dbmon directory is filling up with old data. I've checked dbx/loca... by shou Explorer in Splunk Search 10-21-2013 1 2	1	2
Can an ausearch command be used in the search field? I am attempting to convert a audit script on my linux audit server into something manageable in Splunk. Can I use the... by amortiz Explorer in Splunk Search 10-21-2013 0 1	0	1
count on 2 fields Hello, The command Who returns me the log : USERNAME LINE HOSTNAME TIME root pts/1 PC1.domain.com Oct 21 14:17 root... by sgsplunk78 Engager in Splunk Search 10-21-2013 0 4	0	4
Using subsearch or transaction to correlate events from different sources? Hello, I have a set of events coming from a source that tell me if a user came from a certain page "Source". From thi... by flaviadonno Explorer in Splunk Search 10-21-2013 0 5	0	5
Update Summary Index Events There are 2 data sources A & B with common field common_field. Source A Common_Field A1-Field A2-Field C1 ... by sanjay_shrestha Contributor in Splunk Search 10-19-2013 0 6	0	6
Splunk v6: GeoIP usage without pivot Hi all In Splunk v6, when using datamodels, I can add GeoIP information to ipv4 attributes. Is it somehow possible, ... by Simon Contributor in Splunk Search 10-19-2013 0 4	0	4
lookup based on 2 fields not working i have created a lookup.csv file as below and uploaded the file. then i have created lookup definition with this part... by spyme72 Path Finder in Splunk Search 10-18-2013 0 1	0	1
Need to extract IP Address I am very new to splunk and still learning, but have a need to get some IP addresses from a very large log file. Bas... by orchapellico Explorer in Splunk Search 10-18-2013 1 4	1	4
Scheduler stop working I have about 150-200 scheduled searches that runs every minute. Most of searches look for data from 15 minutes till n... by bckq Path Finder in Splunk Search 10-18-2013 1 5	1	5
Transaction Totals Hello I'm trying to get the search to find a transaction and within that transaction is information like brokerID, l... by tkwaller Builder in Splunk Search 10-18-2013 0 2	0	2
regex question... Hi, I have an inputs.conf that has the following whitelist: whitelist = (?i)vpxd-\d{5}\.log The 5 was originally a... by a212830 Champion in Splunk Search 10-18-2013 0 1	0	1
FTP file staistics I am new to spluk, I have the below sample log and would like to arrive statistics on userwise how many files/Bytes r... by srajanbabu Explorer in Splunk Search 10-18-2013 0 12	0	12
transaction query I have a search as source="C:\\Data\\acctdata\\snm4-logger.log" \| transaction FILENAME_FIELD keepevicted=true\| where... by srajanbabu Explorer in Splunk Search 10-18-2013 0 1	0	1
splunk search and changed domaincontroller name Hello, I have recently changed the computername of my Domaincontroller. When I make a splunk search with "failed pass... by ESIMatNeforce Path Finder in Splunk Search 10-18-2013 0 2	0	2