Splunk Search

Community Activity

Best way to create a search time field extraction I've spent a long time reading, but am not sure the best way to do this. I have events, which contain username-xxx,... by bowesmana SplunkTrust in Splunk Search 10-23-2013 0 4	0	4
splunk diag command doesn't work with --exclude in splunk version 6.0 The flags such as exclude as explained in http://docs.splunk.com/Documentation/Splunk/6.0/Troubleshooting/ContactSplu... by jdastmalchi_spl Splunk Employee in Splunk Search 10-23-2013 1 1	1	1
track users logging in via SSO Hello, we are using SSO with LDAP based users for authentication on our search heads. On our search head; how do we ... by kaddupa1 Explorer in Splunk Search 10-23-2013 1 2	1	2
sorting date I have a query as source="C:\Data\acctdata\snm4-logger.log" "Customer has successfully retrieved file"\| rex "::\s(?\S... by srajanbabu Explorer in Splunk Search 10-23-2013 0 2	0	2
Count of Occurence of Operating System(OS) Hi all, I have around 8 hosts in my splunk and i searching for a report which will list out operating systems type... by lohit Path Finder in Splunk Search 10-23-2013 0 8	0	8
Seprating null and empty fields Hi All, I have multiple cases with my date: some have empty src value: e.g, id=abc src= lr=2 some does not have src ... by gimbil Explorer in Splunk Search 10-22-2013 0 1	0	1
How to have eval use results of accum I have a chicken and egg issue here which I am having trouble resolving. I have a search which returns data for each... by phoenixdigital Builder in Splunk Search 10-22-2013 0 6	0	6
User accounts privledges So I've created a plain user account to just run searches. When I log in as that user and run a search, the events s... by chrisslagel New Member in Splunk Search 10-22-2013 0 1	0	1
average for sucessfully requests Hi, I hava data in the log like the following: userId url status time 123 /abc success 1000 12... by chialin New Member in Splunk Search 10-22-2013 0 2	0	2
"Unable to distribute to peer" -- adjustable timeout? I'm getting quite a few "Unable to distribute to peer..." messages when searching in splunk. The reasons given tend... by batzel Engager in Splunk Search 10-22-2013 4 7	4	7
"All time" works OK; "All time (realtime)" shows nothing, eventually 'Invalid SID'? (Splunk 6) Whilst leaving a Splunk 6 search page open tailing incoming syslogs (with the default * search query), I realised it ... by christopherwood Explorer in Splunk Search 10-22-2013 2 5	2	5
Simple XML: Stacked column chart not working I have very simple chart that shows time spent in a specific stage. The query behind it looks like below: source="/h... by SRIVATSAN_IYER Explorer in Splunk Search 10-22-2013 0 2	0	2
How to extract fields with values always on the same line and same row? Hi Splunkers, I tried a lot, but now I have no more idea. I would like to extract a log file like the following. It ... by eichfuss Path Finder in Splunk Search 10-22-2013 0 4	0	4
Chart visualization hi, this is my query index=tm_idx host="server" sourcetype="TM_Test_10" \| rex field=msg "(?i)TM1\sserver\sload\s... by ChhayaV Communicator in Splunk Search 10-22-2013 0 4	0	4
Search time range suddenly causes search to return zero results Hi Everyone, I'm running Splunk version 5.0.3, build 163460 on Suse Linux 3.0.13-0.27 I have a Splunk Dashboard Sea... by napomokoetle Communicator in Splunk Search 10-22-2013 0 9	0	9
Column order in statistics table created by chart is wrong I have a command host="daily" \| chart count by Company, date_mday which shows the fields Company, 1, 10, 11, 15, 2... by bowesmana SplunkTrust in Splunk Search 10-21-2013 0 2	0	2
pareto chart? hi, i have some data that i would like to display a bar chart with; however, i would like the x-axis items to be orde... by ytl Path Finder in Splunk Search 10-21-2013 0 3	0	3
How to perform math on single values Hello experts. After mining this site I figure its not possible to do math on distinct vales. I've seen answers that ... by tsmithsplunk Path Finder in Splunk Search 10-21-2013 0 3	0	3
Regex Extracting Phonehome client name Here are my _internal Phonehome logs for UF client connections: xxx.xxx.128.89 - - [21/Oct/2013:09:49:47.820 -0500] ... by hartfoml Motivator in Splunk Search 10-21-2013 0 5	0	5
Matching A vs AAAA rex help All, I'm stuck on a regex issue. Not sure how I can match A records vs AAAA records within windows dns logs. I cam... by dondky Path Finder in Splunk Search 10-21-2013 0 4	0	4
joining two searches with common field I'm not an advanced user of splunk, so I'm not even sure this is possible. I have two searches which have a common fi... by allen_edmondson Explorer in Splunk Search 10-21-2013 1 6	1	6
dbConnect sinkhole not working for dbmon directory I'm using dbConnect, and my $SPLUNK_HOME/var/spool/dbmon directory is filling up with old data. I've checked dbx/loca... by shou Explorer in Splunk Search 10-21-2013 1 2	1	2
Can an ausearch command be used in the search field? I am attempting to convert a audit script on my linux audit server into something manageable in Splunk. Can I use the... by amortiz Explorer in Splunk Search 10-21-2013 0 1	0	1
count on 2 fields Hello, The command Who returns me the log : USERNAME LINE HOSTNAME TIME root pts/1 PC1.domain.com Oct 21 14:17 root... by sgsplunk78 Engager in Splunk Search 10-21-2013 0 4	0	4
Using subsearch or transaction to correlate events from different sources? Hello, I have a set of events coming from a source that tell me if a user came from a certain page "Source". From thi... by flaviadonno Explorer in Splunk Search 10-21-2013 0 5	0	5