Splunk Search

Community Activity

Join search with multi-values I have a join on two searches, from the first search, the data return is the same as the following table (equivalent ... by pbarford Explorer in Splunk Search 10-09-2013 0 3	0	3
Randomly inconsistent search result Hi, I am executing a search on Splunk through my java application. The search query is executed through the followin... by Salim_Uddin Engager in Splunk Search 10-09-2013 0 3	0	3
how to set time distance between operations in search? Hello! i need to find clients who had operation "registration" and within 24 hours operation "payment" how can I set ... by zoyaO New Member in Splunk Search 10-09-2013 0 4	0	4
Time Difference in the transaction Below is a sample log, i want to find time difference. By this query index=[search] \| transaction startswith="A star... by sanyonhhh New Member in Splunk Search 10-09-2013 0 11	0	11
Title inside a dasboard Hi, I've to create dashborad with two section in it. How should i give title for these sections inside dashboard. C... by ChhayaV Communicator in Splunk Search 10-09-2013 0 4	0	4
Extract values from all matches in regex I have a line in my log like this 013-09-30 23:55:32,954 [pool-13-thread-18655] INFO c.p.d.r.c.release.MessageReleas... by pbarford Explorer in Splunk Search 10-09-2013 1 3	1	3
I want to search on another Splunk instance We have two separate instances of Splunk 6 (A & B) installed on two different servers that are set up independently f... by sc0tt Builder in Splunk Search 10-08-2013 1 5	1	5
did something change in 4.3.3 or recently around setup.xml? I haven't tested the setup.xml workflows in my apps in a while but for some reason they all seem to be broken now, ev... by sideview SplunkTrust in Splunk Search 10-08-2013 2 4	2	4
search a subnet How do I specify a search on a certain subnet? by btnetsec New Member in Splunk Search 10-08-2013 0 3	0	3
Filtering Fields host=server sourcetype=iis src_ip=* NOT src_ip="x.x.x.x" This Search gives me some very helpful information - but r... by wrays New Member in Splunk Search 10-08-2013 0 4	0	4
email alert for time period that contains multiple items I want to send an email alert only when the last X minutes of a log contains "net1 down", "net2 down", "net3 down", a... by scr4tchfury Engager in Splunk Search 10-08-2013 0 4	0	4
How to display index time in table? I'm having a hard time displaying the event index time in a table. What is the field name for index time? by echojacques Builder in Splunk Search 10-08-2013 5 8	5	8
Add lookup to search head app - syntax question? Hello, I am working to put together an app which will be deployed to our search head. In the app, there is a lookup c... by msarro Builder in Splunk Search 10-08-2013 0 1	0	1
Get the specific string from the line Hi, I wanted to know is it possible to get a string at specific location from a line. for e.g. My line is: STEP LO... by harshal_chakran Builder in Splunk Search 10-08-2013 0 3	0	3
regex in subsearch Hi all, I am trying to join 2 tables using a subsearch. The searches work as single search but not in the following ... by flaviadonno Explorer in Splunk Search 10-08-2013 0 3	0	3
Need help with conditions I Have a db query that returns data as below. Now i want 1. to get a search result where all the rows where rank <1... by kavekon New Member in Splunk Search 10-08-2013 0 4	0	4
No fields to display for this search in GUI Customer reportsthat thet are running a search via the GUI. After displaying the results, they are seeing problems w... by dshakespeare_sp Splunk Employee in Splunk Search 10-07-2013 3 7	3	7
Are you extracting the controller field? I do not see it in the props.conf by aalapsharma Engager in Splunk Search 10-07-2013 0 3	0	3
Finding all instances of a field greater than the avg of that field during a 15 minute span Hi All, I have a field "TotalResponse" which is the total response time for a web request. I'm attempting to determi... by kultar Engager in Splunk Search 10-07-2013 0 4	0	4
replace found data with "fix" and no data with "NULL" I'm trying to perform a search where if there is data found in a specific field , then I want the report to replace t... by CharterBT Explorer in Splunk Search 10-07-2013 0 13	0	13
eval with mathematical calculations? I'm trying to do something a little wonky here, so please bear with me. The code below is the logical flow of what I'... by tfitzgerald15 Explorer in Splunk Search 10-07-2013 0 3	0	3
Convert seconds to MM:SS.ms Hi I am trying to convert seconds.milliseconds for ex 4.6566, 0.55,1.2 to Minutes:Second.milliseconds format I tried... by splunk_learner Explorer in Splunk Search 10-07-2013 1 6	1	6
Concatenate subsequent values of a field within a transaction I have a log with requests with an ordernumber and a response. The response is: 100 - success or 1400,1401,1402 - var... by uxYcF New Member in Splunk Search 10-07-2013 0 1	0	1
Use "Data Model" definitions to extract fields in Search I've already created a lot of field extractions in my Data Model definition to create Pivot views. Is there a way to... by FRoth Contributor in Splunk Search 10-07-2013 2 2	2	2
Search latest indexed file for different sourcetype Hi, I have 3 sources from which the files are loaded into Splunk, the time of arrival of files and frequency is diff... by meenal901 Communicator in Splunk Search 10-07-2013 0 1	0	1