Splunk Search

Community Activity

search a subnet How do I specify a search on a certain subnet? by btnetsec New Member in Splunk Search 10-08-2013 0 3	0	3
Filtering Fields host=server sourcetype=iis src_ip=* NOT src_ip="x.x.x.x" This Search gives me some very helpful information - but r... by wrays New Member in Splunk Search 10-08-2013 0 4	0	4
email alert for time period that contains multiple items I want to send an email alert only when the last X minutes of a log contains "net1 down", "net2 down", "net3 down", a... by scr4tchfury Engager in Splunk Search 10-08-2013 0 4	0	4
How to display index time in table? I'm having a hard time displaying the event index time in a table. What is the field name for index time? by echojacques Builder in Splunk Search 10-08-2013 5 8	5	8
Add lookup to search head app - syntax question? Hello, I am working to put together an app which will be deployed to our search head. In the app, there is a lookup c... by msarro Builder in Splunk Search 10-08-2013 0 1	0	1
Get the specific string from the line Hi, I wanted to know is it possible to get a string at specific location from a line. for e.g. My line is: STEP LO... by harshal_chakran Builder in Splunk Search 10-08-2013 0 3	0	3
regex in subsearch Hi all, I am trying to join 2 tables using a subsearch. The searches work as single search but not in the following ... by flaviadonno Explorer in Splunk Search 10-08-2013 0 3	0	3
Need help with conditions I Have a db query that returns data as below. Now i want 1. to get a search result where all the rows where rank <1... by kavekon New Member in Splunk Search 10-08-2013 0 4	0	4
No fields to display for this search in GUI Customer reportsthat thet are running a search via the GUI. After displaying the results, they are seeing problems w... by dshakespeare_sp Splunk Employee in Splunk Search 10-07-2013 3 7	3	7
Are you extracting the controller field? I do not see it in the props.conf by aalapsharma Engager in Splunk Search 10-07-2013 0 3	0	3
Finding all instances of a field greater than the avg of that field during a 15 minute span Hi All, I have a field "TotalResponse" which is the total response time for a web request. I'm attempting to determi... by kultar Engager in Splunk Search 10-07-2013 0 4	0	4
replace found data with "fix" and no data with "NULL" I'm trying to perform a search where if there is data found in a specific field , then I want the report to replace t... by CharterBT Explorer in Splunk Search 10-07-2013 0 13	0	13
eval with mathematical calculations? I'm trying to do something a little wonky here, so please bear with me. The code below is the logical flow of what I'... by tfitzgerald15 Explorer in Splunk Search 10-07-2013 0 3	0	3
Convert seconds to MM:SS.ms Hi I am trying to convert seconds.milliseconds for ex 4.6566, 0.55,1.2 to Minutes:Second.milliseconds format I tried... by splunk_learner Explorer in Splunk Search 10-07-2013 1 6	1	6
Concatenate subsequent values of a field within a transaction I have a log with requests with an ordernumber and a response. The response is: 100 - success or 1400,1401,1402 - var... by uxYcF New Member in Splunk Search 10-07-2013 0 1	0	1
Use "Data Model" definitions to extract fields in Search I've already created a lot of field extractions in my Data Model definition to create Pivot views. Is there a way to... by FRoth Contributor in Splunk Search 10-07-2013 2 2	2	2
Search latest indexed file for different sourcetype Hi, I have 3 sources from which the files are loaded into Splunk, the time of arrival of files and frequency is diff... by meenal901 Communicator in Splunk Search 10-07-2013 0 1	0	1
Unidimensional histogram (chart without "by" clause) I have difficulties to create a simple, unidimentional histogram. Suppose you have a log similar to this: host=host1 ... by yoho Contributor in Splunk Search 10-07-2013 2 4	2	4
Exception when running a search in Hunk I see the following exception in search.log when running a Hunk search against my cluster: Exception in thread "main... by Ledion_Bitincka Splunk Employee in Splunk Search 10-06-2013 0 1	0	1
How to change the text box layout (not panel layout)? Hi Splunkers, I have a question about text box layout in dashboard or view. In simple XML, we can look at text box i... by sunrise Contributor in Splunk Search 10-06-2013 0 3	0	3
Create a table in my search when I enable/disable account but not when I create account. Hello guys, I have a question about a query search. I have two queries associated with Windows. My first query is... by dfigurello Communicator in Splunk Search 10-06-2013 1 2	1	2
Substitute a value in the search result I have a search result which returns me the following Username,TimeOnVPN user1,185.25 user2,1920.25 ... ... ... user... by ppurokit Path Finder in Splunk Search 10-06-2013 0 2	0	2
Count number of Transaction every hour 2013-09-20 16:53:04,723 INFO[Thread-3]EndTime=20/09/2013 16:53:04 TransactionID=A, Event=completed, Result=sent 2013... by thinksplunk Engager in Splunk Search 10-04-2013 0 2	0	2
Help for timechart display hi this is mt search index=tm_idx host="server" "finished executing normally" \| rex field=_raw "(?i)Process\s\"(?<P... by ChhayaV Communicator in Splunk Search 10-04-2013 0 4	0	4
insert the earliest and latest in the DBquery Hello I'm breaking my brain for make one thing. I recovery the data from External database, in this point no problem... by radomo Explorer in Splunk Search 10-03-2013 0 2	0	2