Splunk Search

Community Activity

How to convert a lookup date field to epoch Hello I have a lookup table which has a Datetime field like 1/20/2013 or 4/29/2013. Now I need to convert it to epoc... by theouhuios Motivator in Splunk Search 08-26-2013 0 1	0	1
Turning a search into a new field The following search removes usernames, host names, all time information, any digits, and turns all strings of white ... by cpeteman Contributor in Splunk Search 08-26-2013 0 5	0	5
Throughput calculation over last "n" number of days I have following query which calculates and charts(hourly) file conversion throughput over last 24 hours however i am... by snabi Explorer in Splunk Search 08-26-2013 0 3	0	3
Splunks date_* fields not in all records Hi, Splunk 4.3.6 (UF, HF, Idx and Srh) Why are the date_* fields not in all records? Regards, Jens by JensT Communicator in Splunk Search 08-26-2013 0 3	0	3
Adding strings from 2 fields into 1 Hello! I am trying to combine 2 fields into 1 field. One of my field is named date_mday, which stores all the days i... by Zyon Engager in Splunk Search 08-26-2013 0 6	0	6
Line breaking does not work for events with the same timestamp Help please! Our data looks like the one below.... 1377190800,ANAQUA_VMs,52940532,987100964550,Normal,0,161792,50,18... by jgaraygay Explorer in Splunk Search 08-26-2013 0 8	0	8
How to correlate the current period count with last week value and average of last x weeks I need help with a correlation query where the aim is to find a particular type of event count in last 1 hour , the ... by kpuunwire Explorer in Splunk Search 08-26-2013 0 5	0	5
IPv6 subnet as search parameter does not work (but IPv4 does!) Hello, Let's say I'm trying to search for events where src_ip field matches some subnet: search index=myindex src_i... by npichugin Path Finder in Splunk Search 08-25-2013 2 4	2	4
many results in subsearch? Hello, newbie here... index="prd_stats" sourcetype=appman:linux host=foo* attribute=CPUUtilization earliest=-1month@... by BertKraan Engager in Splunk Search 08-25-2013 0 3	0	3
Can search sytax use the notation of network mask like /24 Dear all, i wanna filter the specific ip range for one country, can search sytax use the notation of network mask lik... by hjwang Contributor in Splunk Search 08-24-2013 0 4	0	4
Problem with time extraction with date from year 2000 I have an odd problem with time extraction from some CSV files. I specify the time format using the following: TIME... by tim9gray Explorer in Splunk Search 08-24-2013 0 1	0	1
EXTRACTing a field from a src_field defined in a transform using "in" In transforms.conf, I have a transform defined like this: [mytransform-fromlist] REGEX = from=(?<fromlist>\w+) I w... by bcavagnolo Explorer in Splunk Search 08-23-2013 0 1	0	1
How should i do SEDCMD filter URL? I have use Heave Forward and modify props.conf source:... SEDCMD-nourl = s/\surl=("\w+"\|"\w+\[./\]"\|)\s/ /g R... by chengyu Path Finder in Splunk Search 08-23-2013 0 4	0	4
Cannot track a case Login ErrorYour login attempt using single sign-on with an identity provider certificate has failed. Please contact y... by Akili Path Finder in Splunk Search 08-23-2013 1 3	1	3
Why is the chart so large I have notice lately that the charts on my browser are showing up too large. is this a browser problem? what can I ... by hartfoml Motivator in Splunk Search 08-23-2013 0 3	0	3
Convert timechart to table I need to convert the search output from using timechart to a table so I can have only a three column display output ... by jtrucks Splunk Employee in Splunk Search 08-23-2013 1 3	1	3
A Chart with Total values and then an average Value So I have a some data that I've put into a chart. For the purposes of this question lets say the data is in the form... by malcolmtkelly Explorer in Splunk Search 08-22-2013 0 4	0	4
Where can I get the Web Intelligence documentation Hi there, Could anyone tell me where can I get the Web Intelligence documentation? Thanks, Alice by alee123 New Member in Splunk Search 08-22-2013 0 1	0	1
How can i retreive only some fields ? Hi i'm using this app and i have some trouble to reduce the indexed volume i will reduce the flow selecting only som... by tony_alibelli New Member in Splunk Search 08-22-2013 0 6	0	6
Create report for different fields Hi, I have a search: source="/var/log/mail.log" to="mail.com" OR from="@mail.com" How can i build report where... by ttrumm New Member in Splunk Search 08-22-2013 0 1	0	1
Multiple-lines fields extraction from an already extracted field Hello, I have a text extracted in a field called MessageBody , the text contains multilines not a single lines and f... by royimad Builder in Splunk Search 08-22-2013 0 2	0	2
How to specify x-axis intervals on timechart Hi When doing a query like so * \| timechart span=1d count I would expect the intervals on the x-axis to be 1 day p... by jel_splunk Explorer in Splunk Search 08-22-2013 1 7	1	7
Cisco Firewalls/IPS apps update, now I get lookup table error I recently updated Cisco Firewalls and Cisco IPS apps to the latest versions (2.0 and 2.0.0). Now when I perform a se... by awsdcuser Explorer in Splunk Search 08-21-2013 1 7	1	7
Regex to log will not contain anything Hello. Appreciate your support, in the file transforms.conf REGEX try to make a log of all without "webfilter" and se... by jrodriguezap Contributor in Splunk Search 08-21-2013 0 10	0	10
regex syntax clarification The following search returns results: "context" But this one does not: regex "context" And neither does thi... by drapkin11 Explorer in Splunk Search 08-21-2013 0 3	0	3