Splunk Search

Community Activity

Ignore some duplicate events Hi There is a checkbox in my app that turns a comparison column to a set of data on or off. When the user enters th... by philallen1 Path Finder in Splunk Search 10-17-2013 0 2	0	2
Field extraction tested not appearing in search I am trying to extract a field from the below logging BBFH_SAPI=2012-10-16=11:13:14=I=05612=REQUESTS: 1220 Answered ... by lmachetman Explorer in Splunk Search 10-17-2013 0 2	0	2
Maximum number of historical searches reached I continually receive the error that I have reached the maximum number of historical searches (current=16 maximum=16)... by sc0tt Builder in Splunk Search 10-17-2013 0 2	0	2
Need Help to find duration of transaction Query used: index=[server]\| transaction Extract startswith="Value Extract Starting." endswith="extraction completed.... by sanyonhhh New Member in Splunk Search 10-16-2013 0 1	0	1
Return results that are in Index1 and NOT in Index2 I have two indexes one contains objects of interest and things I don't care about, all_results, and the other is a li... by tristanmatthews Path Finder in Splunk Search 10-16-2013 0 1	0	1
dedup only when values match in two fields Here's an interesting problem. I need to write a query where Splunk removes an event when two specific values in a f... by CharterBT Explorer in Splunk Search 10-16-2013 0 7	0	7
how to search how to search with keywords in C# after change "search *" to "search SQL Server", seems runs a long time by inventor2014 New Member in Splunk Search 10-16-2013 0 3	0	3
Merge near-identical field values I am new to Splunk but am loving what it can do with it! We use Splunk to track user activity on our webapp. It looks... by benefitcos Explorer in Splunk Search 10-16-2013 0 4	0	4
Using LOOKUP on a REGEX when parsin inputs to send to an index Hello, I have an input that come from one proxy equipment that logs several clients. It is just on big log with all ... by alexantao Path Finder in Splunk Search 10-16-2013 0 1	0	1
Hunk search problem: Cannot initialize Cluster. I've configured Hunk to run searches against my cluster however I keep running into this issue when I try to execute ... by Ledion_Bitincka Splunk Employee in Splunk Search 10-16-2013 0 1	0	1
Organizing-Filtering URL results host=server sourcetype=iis #Software NOT #Fields NOT /favicon.ico (method=GET OR method=POST) NOT eventtype="web-im... by wrays New Member in Splunk Search 10-16-2013 0 3	0	3
Is there a better way I can search for an index using a pulldown? Is there a better way I can search for an index using a pulldown? Thanks e.g. <module name="URLLoader" layoutPane... by rhayle Path Finder in Splunk Search 10-16-2013 1 6	1	6
Add a new count field to a table I have a log file of logins to a system by username. I can product a report of the logins by time host="daily" \| ta... by bowesmana SplunkTrust in Splunk Search 10-16-2013 0 3	0	3
how to correlate Application log and Server logs Hi, We are trying to create a chart containing application error logs and the logs of the corresponding server to re... by aaru New Member in Splunk Search 10-16-2013 0 5	0	5
Most of searches are getting deferred Hi all, We are using SoS app for monitoring our schedules. We are working on reducing the schedules which are being s... by Rukmani_Splunk Path Finder in Splunk Search 10-16-2013 2 3	2	3
Replace comma with the dot Hi, I have evaluated a field count with value 10000. Then I converted it with fieldformat to include a thousand sepa... by lrudolph Path Finder in Splunk Search 10-16-2013 1 3	1	3
How can I use the value of one field as name of another field? Splunk 5.0.2 Example: windows "Perfmon:Free Disk Space" Each check is actually two events, one with the free space ... by JoeIII Path Finder in Splunk Search 10-16-2013 0 6	0	6
how to limit _internal and _audit indexes capabilities in splunk ? why these indexes are taking large space compare to user index data ? how to limit _internal and _audit indexes capabilities in splunk ? why these indexes are taking large space compare ... by appensure New Member in Splunk Search 10-16-2013 0 2	0	2
Creating a simple chart from extracting specific string Hi This should be nice and easy for you lot. I have an application producing thousands of logs a day. In some of th... by philallen1 Path Finder in Splunk Search 10-16-2013 1 7	1	7
Can't make geostats return multiple locations Hi, I tried using the geostats feature. I got some logs where I have some network timings per client. I wanted to sh... by TroelsJensen New Member in Splunk Search 10-16-2013 0 8	0	8
Define a variable/constant in configuration/setup file for app I am building a few apps and have users requesting an easy way to change the default index name the app searches thro... by mikaelbje Motivator in Splunk Search 10-16-2013 0 4	0	4
Splitting eval results by week - can't get timechart or bucket to work for me Hi - I am measuring how many days in a week users are returning to our site, and calculating the ratio of users who r... by fuzzy_rocks Explorer in Splunk Search 10-15-2013 0 2	0	2
Combine counts from 2 separate searches using subsearches I'm trying to combine two separate searches using the join command, but it's not working. The inner search counts th... by john_byun Path Finder in Splunk Search 10-15-2013 0 11	0	11
How to chart a percentage from derived search result? I am new to splunka and have a question on charting percentage field that is derived from search/query result. Splun... by annalwins Engager in Splunk Search 10-15-2013 0 1	0	1
Clean the Dispatch Directory command error I am trying to clean out the dispatch directory on our search head. I am using the command: splunkd clean-dispatch ... by mookiie2005 Communicator in Splunk Search 10-15-2013 0 1	0	1