Splunk Search

Community Activity

_time not showing up in data model I indexed some csv data which has a field called Open Time which winds up being selected as the _time and looks fine ... by jeremiahc4 Builder in Splunk Search 10-25-2013 1 2	1	2
dbconnect case insensitive query Using the dbconnect app without using advance(query), is there a way to make your lookup case insensitive by adding c... by rdownie Communicator in Splunk Search 10-25-2013 0 1	0	1
Is splunk command line tool packaged separately Hi, Is there splunk tool chain that simply sends splunk commands to the daemon (does not include daemon and web inte... by paragcisco Explorer in Splunk Search 10-25-2013 1 6	1	6
Find the percentage between two fields from two sourcetypes I have two sourcetypes - submitters, and recipient_group. I am looking to find the percentage of submitters that are... by lehrfeld Path Finder in Splunk Search 10-25-2013 0 3	0	3
Why isn't version 6 picking this up as a field? User: 2013-10-25 10:49:33,Major,REMOVED,Allowed, - Caller MD5=61b1dfb9703d0d678e108e0156fcbb69,Create Process,Begin: 2013-1... by cdupuis123 Path Finder in Splunk Search 10-25-2013 0 3	0	3
Two Y-axis graph: same line showing twice I'm building a dashboard using the techniques described here on Splunkbase, so that I have two Y axes. What I'm seein... by sowings Splunk Employee in Splunk Search 10-25-2013 1 4	1	4
lookups>lookup definition> price_lookup popup in tutorial does not match and can't find lookup file prices.csv I'm following the tutorial at your page 46. The popup menu that I see has a "Destination app" field with search above... by MikeSilady Explorer in Splunk Search 10-25-2013 0 3	0	3
Two row details into one row I have the below search index=main sourcetype=summa \| rex "::\s(?<timestamp>\S+)\s" \| rex "^\S+\s(?<userid>\S+)\."... by srajanbabu Explorer in Splunk Search 10-25-2013 0 6	0	6
create ticket in service now - arguments missing It’s worth noting that this issue is being tested under the Splunk application for OS X. The goal is to get Splunk cr... by multiverse Engager in Splunk Search 10-25-2013 0 2	0	2
Grouping similar field1 into a table where field2 is different Hello, I have the a search that is working and I get the desired output. Now I am trying to make the output "prett... by brywilk_umich Path Finder in Splunk Search 10-24-2013 1 2	1	2
Having trouble extracting these feilds... Can't seem to make this work.. using a " " delimter in my transforms didn't do the trick.. www-ber 10/18/2... by richnavis Contributor in Splunk Search 10-24-2013 0 3	0	3
Regex not finding what I'm looking for??? I have this event and I'm trying to send it to the nullQueue if it contains SYSTEM. 2013-10-24 15:02:34,Major,REMOVE... by cdupuis123 Path Finder in Splunk Search 10-24-2013 0 1	0	1
top with running totals i have events with two fields: origin and duration i would like to present a table with the count of each origin, al... by ytl Path Finder in Splunk Search 10-24-2013 0 1	0	1
How do I loop the results into another search and get the desired output? Hello, I am new to Splunk and trying to come up with a way that would grab the usernames in certain lines (21_ubl) o... by brywilk_umich Path Finder in Splunk Search 10-24-2013 0 4	0	4
DNS time stamp REGEX needed Here is my DNS raw data: Oct 17 19:47:09 ns1 named[15517]: 17-Oct-2013 19:47:09.314 queries: client xxx.xxx.xxx.xxx#... by hartfoml Motivator in Splunk Search 10-24-2013 1 4	1	4
peak time of log sources Hi , I have some forwarders installed in my environment and want to calculate the peak time in which log sources for... by lohit Path Finder in Splunk Search 10-24-2013 1 5	1	5
filtering errors based on two timestamps I have a site and errors on that site are being recorded in splunk. I basically need to filter out those error which ... by Nisha18789 Builder in Splunk Search 10-24-2013 0 6	0	6
Bug in convert ctime? Hi the following search eval test=7200 \| convert timeformat="%H:%M:%S" ctime(test) \| table test gives me 03:00:00 ... by nekb1958 Path Finder in Splunk Search 10-24-2013 0 4	0	4
Search to find Log Sources not reporting Hello everyone, I have around 20 forwarders (Universal) in my env and configued to forward data to Splunk Indexer. I... by lohit Path Finder in Splunk Search 10-24-2013 0 1	0	1
Problems indexing into zip files Hi All, I am monitoring files that land in the same directory that I wish to be considered as different source types... by tim9gray Explorer in Splunk Search 10-23-2013 0 13	0	13
Why am I unable to run dbinspect from cli for calculating compression? I'd like to run the following search on my indexer to calculate compression. It works in UI, but not in CLI. I have... by the_wolverine Champion in Splunk Search 10-23-2013 0 2	0	2
Character Encoding in log4j Setting up Splunk I'm getting rsyslog messages showing up fine but when I point a little test log4j app at it I start... by tscanlon Engager in Splunk Search 10-23-2013 0 2	0	2
Trimming the amount of data forwarded Background: We have an existing indexer, that we have added a lot of data to. We would like to cut down on the amount... by tnconners Explorer in Splunk Search 10-23-2013 0 3	0	3
Setting a field as a raw integer? This has been giving me headaches for a long time now, and it's pretty simple. So, for reference, this search works a... by tfitzgerald15 Explorer in Splunk Search 10-23-2013 0 3	0	3
Sorting Duration and Getting the Top 10 I have a duration field in seconds. I wanted the format to be D+hh:mm:ss, so I used this: eval dur_hhmmss=tostring(D... by splunknovice201 New Member in Splunk Search 10-23-2013 0 2	0	2