Splunk Search

Discussions

Thread Info

Multivalued field mapping

Hi, I have events of the form ---- name ---- Drive: C: Free Space: 894.1 GB Total Space: 953.1 GB Drive: D: Fr...

by Communicator in

version of linux

I want to work with splunk in linux environment. I am using splunk version 5.0.3 and i have installed splunk app for ...

by Explorer in

Changing the Linux Scheduler for indexer filesystems

I've been thinking alot lately about the possibility of changing the Linux scheduler for the filesystems on my hot & ...

by Motivator in

x-axis to display 3hours interval

I had a x-axis displayed over date_hour. 00,01,02... Is is possible to change it to display on a 3hour basis (00,03,0...

by Explorer in

generate individual event to a granted index - from dashboard/search

Hi! I need some help, to build an app. How can I generate an event from search (or dashboard) and put it in spe...

by Path Finder in

Returning top 10 values of a unique field and then return top 3 values that accessed that unique field

I have a firewall log and I would like to get the top 10 ports of a unique field named SPT(source port). After retrie...

by Engager in

Problem in Search Command

Hi, Please take a look at my table below which i came up with using this search command sourcetype="json_onema...

by Path Finder in

Turn Around Time Report

So I have a bunch of data and somoene has decided they'd like to know the average turn around time for events. I c...

by New Member in

replace space in multi-value field with comma

Hi. i have field input_source_file and I need to make it a comma separated field so that I can group by that and s...

by Engager in

Replace space in multi-value filed with comma

Hi , Can we replace space in multi-value filed with comma ..? Ex : field : host current Values : server1 ser...

by Path Finder in

Lookups on multivalued fields

I've created a lookup table that has three fields, nessus_id,osvdb_id,cve_id. The osvdb_id and cve_id fields are mult...

by Communicator in

conditional searching

I am looking at firewall logs. The destination port appears twice in some log lines. I want a search that will show m...

by Communicator in

Managing a list of column headers in a single location for multiple purposes

What is the best method for managing a list of fields that will be used to populate (at least, but not limited to) a ...

by Motivator in

External Lookup script Never works

From the url http://blogs.splunk.com/2009/09/14/enriching-data-with-db-lookups-part-2/ i read the following excerp...

by Path Finder in

Call different saved searches based upon a pulldown menu in dashboard

I have a dashboard with pulldown menu and I want to call different saved searches depending upon the selection. Is th...

by Explorer in

Creating saved searches and custom dashboards with unique names across all apps

While creating a saved search or a custom dashboard through one of the apps, is there a way to make sure that the nam...

by Engager in

Calculate entropy (just entropy, not change in entropy like "associate")

Though "| eval myfield=entropy(somefield)" would be awesome, it doesn't exist (yet?). Is there a known method for thi...

by Path Finder in

Read Asterisk CDRs

I have Ubuntu 10.10 running Asterisk 1.6. I want to use Splunk to index the Asterisk CDRs. It's one of the automat...

by New Member in

Bucket Mover

Hi, I upgraded splunk version from 4.3.1 to 5.0.3 and I noticed indexes are moved to frozen state. And after Up...

by Path Finder in

Field extraction issue

A transaction log format as follows: ------Procedure[xxx]'s input paramaters: journalNo = 111111 custormerId = 222...

by Engager in

Setting time frame in dashboard search

I have saved a search in a dashboard and have it set to a specific data and time range. However, because I want the s...

by New Member in

MS Lync Conversation data in Splunk?

I am trying to bring in MS lync conversations into Splunk. We can get To: and From: data but the conversation data is...

by Path Finder in

Transactions and the endswidth option - how to include through a final matching endswith?

I have a working transaction query for which I need to use an 'endswith' to identify the last event of the transactio...

by Explorer in

Best way to highlight a table row that has been updated in the last N minutes

Im trying to figure out the best approach to using css(?) to highlight a row that has been updated in the last number...

by Path Finder in

Splunk Simulator

Hi All, I was wondering if any of you knew of a Splunk simulator (where I could upload a CSV and check my searches...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Multivalued field mapping

version of linux

Changing the Linux Scheduler for indexer filesystems

x-axis to display 3hours interval

generate individual event to a granted index - from dashboard/search

Returning top 10 values of a unique field and then return top 3 values that accessed that unique field

Problem in Search Command

Turn Around Time Report

replace space in multi-value field with comma

Replace space in multi-value filed with comma

Lookups on multivalued fields

conditional searching

Managing a list of column headers in a single location for multiple purposes

External Lookup script Never works

Call different saved searches based upon a pulldown menu in dashboard

Creating saved searches and custom dashboards with unique names across all apps

Calculate entropy (just entropy, not change in entropy like "associate")

Read Asterisk CDRs

Bucket Mover

Field extraction issue

Setting time frame in dashboard search

MS Lync Conversation data in Splunk?

Transactions and the endswidth option - how to include through a final matching endswith?

Best way to highlight a table row that has been updated in the last N minutes

Splunk Simulator

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...