Splunk Search

Community Activity

extraction fields Hello splunkers! I create sourcetype and I extract some fields by Field Extraction menu. I copy the props.conf file ... by ryastrebov Communicator in Splunk Search 08-16-2013 0 2	0	2
カスタム時間で指定した時間からさらに時間を指定する方法サーチをする際に、カスタム時間で時間を指定し（○月○日の断面等）、出た結果に対し、更にそれから1週間前のデータと比べるサーチ文をご教授下さい。 sourcetype=A \| stats count by host \| append ... by appleman Contributor in Splunk Search 08-16-2013 0 6	0	6
Sharing a dynamic lookup from an app I have a scripted lookup which is part of an app that I've written and it works perfectly. What's the proper way to ... by mw Splunk Employee in Splunk Search 08-15-2013 0 1	0	1
extract subject from maillog Hi, I want to extract the 'subjects' from my SMTP maillog but the regex I have built doesn't seem to work. I have bui... by dictudatacom New Member in Splunk Search 08-15-2013 0 6	0	6
How to extract data (email address, subject) between two blank spaces that are after the field identifier - eg From: Hi Our fields have a space between the field name and the information we want to . The two searches I have tried ar... by suepfarrell New Member in Splunk Search 08-15-2013 0 5	0	5
Counting how often the mode() value occurs in a result set I want to query my access logs to learn where the majority of my traffic is coming from in 1 second buckets. This is ... by moffitt Engager in Splunk Search 08-15-2013 1 4	1	4
Newbie struggling with removing "empty" lines for a search/report Hi there! Being new and still struggling mightily to master Splunk, I have an immediate need to create a search/repo... by vermicknid New Member in Splunk Search 08-15-2013 0 3	0	3
real-time search question Hi, Do real-time searches read events before they enter the indexer? by a212830 Champion in Splunk Search 08-15-2013 0 2	0	2
how to find difference between two "stats count" used in two different saved search So i have two saved search queries 1. sourcetype="x" "attempted" source="y" \| stats count 2. sourcetype="x" "Failed... by snabi Explorer in Splunk Search 08-15-2013 1 2	1	2
Add hidden search string to flashtimeline view Hi there, I'd like to modify the default search form of Splunk (flashtimeline view) for a new app. Therefore I'd lik... by christian_l Path Finder in Splunk Search 08-15-2013 0 1	0	1
extract fields not working Hi there, I have an errp log from aix that i want to process and determine on with side of the cluster we had proble... by skjelmose New Member in Splunk Search 08-15-2013 0 5	0	5
How to group fields using top OR use top inside of stats I'm playing with the Splunk tutorial data and I have this query that shows the top 5 customer per purchased product a... by hobbes3 Explorer in Splunk Search 08-15-2013 0 1	0	1
fill_summary_index.py how to locate and run this script in splunks file directory Hi together, I have found the following fill_summray_index.py script under: http://wiki.splunk.com/Community:Summary_... by dirkbaumann Explorer in Splunk Search 08-15-2013 0 1	0	1
How to ignore timestamp to group events and show # of occurences by ComputerName I need to run weekly reports that show all Error Messages that have occurred and have it split by the computernames a... by cmahan Path Finder in Splunk Search 08-15-2013 0 8	0	8
how can we add data to a lookup file thorugh form ??? Hi . I have using a form with a textbox and search button ? wat ever the data i given in textbox it should be added ... by rakesh_498115 Motivator in Splunk Search 08-15-2013 0 2	0	2
Issue with automatic field detection We have customized our internal applications to a custom key=value schema and it usually works well. Splunk usually r... by dominiquevocat SplunkTrust in Splunk Search 08-15-2013 0 4	0	4
union results in a table I am trying to display in one table a difference from a performance log to a specific service from 2 diffrent times (... by avishayh Explorer in Splunk Search 08-15-2013 0 2	0	2
splunk search to find who (ip's) connects to port 9997 Hi, I am looking for a splunk search to find which IP's are connecting to port 9997? index=sys_*prod source=netstat... by dbashyam Explorer in Splunk Search 08-15-2013 0 2	0	2
Using regex to replace letters in a search. Hi, I'm performing a search using advanced xml that returns a key/value pair (among other things). E.g. Filename=so... by kisa Explorer in Splunk Search 08-15-2013 0 10	0	10
Need chart for two values Hi I have a basic XML file returning, Date-time value and a value in seconds see example("GmtDateTime":"2013-08-14 0... by edrad80 New Member in Splunk Search 08-15-2013 0 2	0	2
how to snap to time unit of 5 minutes for example: if the current time 5:23:20 PM, how can i get the time 4:55:00 PM. and if the current time 5:26:12 PM, h... by taozi021 Explorer in Splunk Search 08-14-2013 1 5	1	5
Add a clock to the header Anyone have a suggestion on how I can add a digital clock or even a world clock to the header in the default view for... by hartfoml Motivator in Splunk Search 08-14-2013 0 2	0	2
Removing all numbers from _raw message I want regex to remove all numbers from _raw message. Right now I have the search * \|rex mode=sed "s/ \d{1,}//g" \|t... by cpeteman Contributor in Splunk Search 08-14-2013 0 1	0	1
How to include 2 search in one results? Hi, I have one problem here. I need to create a search with 2 groups, and create a chart with result. Example, ... by leznx Engager in Splunk Search 08-14-2013 0 6	0	6
Field extraction not working on distributed search I am trying to create a field extraction using the manger to extract the equivalent of: sourcetype=jsonLogs \| rex fi... by bdstark New Member in Splunk Search 08-14-2013 0 4	0	4