Splunk Search

Community Activity

Trimming the amount of data forwarded Background: We have an existing indexer, that we have added a lot of data to. We would like to cut down on the amount... by tnconners Explorer in Splunk Search 10-23-2013 0 3	0	3
Setting a field as a raw integer? This has been giving me headaches for a long time now, and it's pretty simple. So, for reference, this search works a... by tfitzgerald15 Explorer in Splunk Search 10-23-2013 0 3	0	3
Sorting Duration and Getting the Top 10 I have a duration field in seconds. I wanted the format to be D+hh:mm:ss, so I used this: eval dur_hhmmss=tostring(D... by splunknovice201 New Member in Splunk Search 10-23-2013 0 2	0	2
Filtering events out via props.conf and transforms.conf? The props.conf and transforms.conf files that should be modified are under /etc/system/local, correct? We have been ... by ejdavis Path Finder in Splunk Search 10-23-2013 0 13	0	13
How to count total hits by certain fields? I've been playing around with eval, transaction, and stats and I still can't figure this one out... so I'm asking for... by echojacques Builder in Splunk Search 10-23-2013 0 5	0	5
Error in 'join' command: Usage: join ()? [subsearch] I get the error "Error in 'join' command: Usage: join <options> (<join-fields>)? [subsearch]" when running the follow... by jeffreygaraygay Explorer in Splunk Search 10-23-2013 0 1	0	1
Best way to create a search time field extraction I've spent a long time reading, but am not sure the best way to do this. I have events, which contain username-xxx,... by bowesmana SplunkTrust in Splunk Search 10-23-2013 0 4	0	4
splunk diag command doesn't work with --exclude in splunk version 6.0 The flags such as exclude as explained in http://docs.splunk.com/Documentation/Splunk/6.0/Troubleshooting/ContactSplu... by jdastmalchi_spl Splunk Employee in Splunk Search 10-23-2013 1 1	1	1
track users logging in via SSO Hello, we are using SSO with LDAP based users for authentication on our search heads. On our search head; how do we ... by kaddupa1 Explorer in Splunk Search 10-23-2013 1 2	1	2
sorting date I have a query as source="C:\Data\acctdata\snm4-logger.log" "Customer has successfully retrieved file"\| rex "::\s(?\S... by srajanbabu Explorer in Splunk Search 10-23-2013 0 2	0	2
Count of Occurence of Operating System(OS) Hi all, I have around 8 hosts in my splunk and i searching for a report which will list out operating systems type... by lohit Path Finder in Splunk Search 10-23-2013 0 8	0	8
Seprating null and empty fields Hi All, I have multiple cases with my date: some have empty src value: e.g, id=abc src= lr=2 some does not have src ... by gimbil Explorer in Splunk Search 10-22-2013 0 1	0	1
How to have eval use results of accum I have a chicken and egg issue here which I am having trouble resolving. I have a search which returns data for each... by phoenixdigital Builder in Splunk Search 10-22-2013 0 6	0	6
User accounts privledges So I've created a plain user account to just run searches. When I log in as that user and run a search, the events s... by chrisslagel New Member in Splunk Search 10-22-2013 0 1	0	1
average for sucessfully requests Hi, I hava data in the log like the following: userId url status time 123 /abc success 1000 12... by chialin New Member in Splunk Search 10-22-2013 0 2	0	2
"Unable to distribute to peer" -- adjustable timeout? I'm getting quite a few "Unable to distribute to peer..." messages when searching in splunk. The reasons given tend... by batzel Engager in Splunk Search 10-22-2013 4 7	4	7
"All time" works OK; "All time (realtime)" shows nothing, eventually 'Invalid SID'? (Splunk 6) Whilst leaving a Splunk 6 search page open tailing incoming syslogs (with the default * search query), I realised it ... by christopherwood Explorer in Splunk Search 10-22-2013 2 5	2	5
Simple XML: Stacked column chart not working I have very simple chart that shows time spent in a specific stage. The query behind it looks like below: source="/h... by SRIVATSAN_IYER Explorer in Splunk Search 10-22-2013 0 2	0	2
How to extract fields with values always on the same line and same row? Hi Splunkers, I tried a lot, but now I have no more idea. I would like to extract a log file like the following. It ... by eichfuss Path Finder in Splunk Search 10-22-2013 0 4	0	4
Chart visualization hi, this is my query index=tm_idx host="server" sourcetype="TM_Test_10" \| rex field=msg "(?i)TM1\sserver\sload\s... by ChhayaV Communicator in Splunk Search 10-22-2013 0 4	0	4
Search time range suddenly causes search to return zero results Hi Everyone, I'm running Splunk version 5.0.3, build 163460 on Suse Linux 3.0.13-0.27 I have a Splunk Dashboard Sea... by napomokoetle Communicator in Splunk Search 10-22-2013 0 9	0	9
Column order in statistics table created by chart is wrong I have a command host="daily" \| chart count by Company, date_mday which shows the fields Company, 1, 10, 11, 15, 2... by bowesmana SplunkTrust in Splunk Search 10-21-2013 0 2	0	2
pareto chart? hi, i have some data that i would like to display a bar chart with; however, i would like the x-axis items to be orde... by ytl Path Finder in Splunk Search 10-21-2013 0 3	0	3
How to perform math on single values Hello experts. After mining this site I figure its not possible to do math on distinct vales. I've seen answers that ... by tsmithsplunk Path Finder in Splunk Search 10-21-2013 0 3	0	3
Regex Extracting Phonehome client name Here are my _internal Phonehome logs for UF client connections: xxx.xxx.128.89 - - [21/Oct/2013:09:49:47.820 -0500] ... by hartfoml Motivator in Splunk Search 10-21-2013 0 5	0	5