Splunk Search

Community Activity

help with apache access searching LogFormat "%h %l %u %t %P \"%r\" %>s %X %b %I %O %D \"%{Referer}i\" \"%{User-Agent}i\" \"%{Host}i\" \"%{X-Forwarded-F... by splunkmeuser New Member in Splunk Search 08-07-2013 0 6	0	6
field extractor help Hi, I need to extract some fields via field extractor. I got most of them, but it is ignoring the ones that have dec... by a212830 Champion in Splunk Search 08-07-2013 0 4	0	4
Get a Time Series in between The Event Times Hello Everyone, I was doing some aggregation with stats, i had to show all the events between 15 minutes interval. Th... by linu1988 Champion in Splunk Search 08-07-2013 0 3	0	3
DB Connect Tail Command not updating I am using a tail db command to pull events from a Oracle database every hour. I was able to pull in all of the data... by knewter Engager in Splunk Search 08-06-2013 0 8	0	8
Searching _fishbucket I'm trying to figure out how to analyze and manage specific records in the _fishbucket index. I have big directorie... by pembleton Path Finder in Splunk Search 08-06-2013 1 3	1	3
Splunk-perfmon failing: InitQuery failed in PeriodicDataCollector::tick Hi all, I'm pulling some logs in from Windows perfmon. All was going well, but now I am seeing the following error... by BenjaminWyatt Communicator in Splunk Search 08-06-2013 0 3	0	3
The lookup table 'nix_action_lookup' does not exist. It is referenced by configuration 'IDS Arg this is so frustrating. I cant find the nix_action_lookup and I can't find the IDS config. How do i troubleshoo... by hartfoml Motivator in Splunk Search 08-06-2013 0 4	0	4
Bad timestamps in DB Connect query results I am running a query via a created dashboard on one of my production databases. I defined this in the DB Connect app,... by Karunamon Explorer in Splunk Search 08-06-2013 0 4	0	4
why does this form search work Can anybody enlighten me on why the form below (shortened) works when it's designed exactly this way, but not in any ... by usd0872 Path Finder in Splunk Search 08-06-2013 1 2	1	2
Having issues with Subquery when comparing two searches of same source at different points in time We're trying to compare searches from our Security source, trying to see if someone hasn't logged in within the last ... by mhamill Engager in Splunk Search 08-06-2013 0 2	0	2
improving lookup and inputlookup performance Hi, when trying to filter a high EPS feed with a lookup I am experiencing quite some performance issues. Are are kno... by Olli1919 Path Finder in Splunk Search 08-06-2013 0 5	0	5
chart drill down to table Hello, We have the following table with this search but would like to drill down to a table with just the ticket det... by aaronkorn Splunk Employee in Splunk Search 08-06-2013 0 2	0	2
Search Bucket ID Range Greetz, Is it possible to search a range of bucket ids? I have moved a lot of warm/cold buckets and scrubbed the id... by ephemeric Contributor in Splunk Search 08-06-2013 0 2	0	2
Lookups and non matching values One of our users has a lookup requirement that I'm struggling to find a workable solution. They want to have a numbe... by samhughe Path Finder in Splunk Search 08-06-2013 0 4	0	4
timechart with SLA value I would like to create a timechart with an SLA value. I have tried this search sourcetype=foo \| eval sla=50 \| timech... by hartfoml Motivator in Splunk Search 08-06-2013 0 4	0	4
Line breaking with custom regex Hi All I've got a very bad csv to index, which is basically a csv with 63 columns and tildes as separators, because ... by Simon Contributor in Splunk Search 08-05-2013 0 2	0	2
field extraction hi, I have a log files which are having columns that are not fixed. if first log entry has col1,col2,col3 then next ... by ChhayaV Communicator in Splunk Search 08-05-2013 0 2	0	2
Splunk search head CPU cores required for reporting command based search How would CPU core load or CPU core sizing be split between a search head and its peer indexer when "searches with re... by Mag2sub Path Finder in Splunk Search 08-05-2013 0 2	0	2
date sorting numerically not alphabetically Hello, We have the following search in a chart but the dates are sorting alphabetically rather than numerically. ie ... by aaronkorn Splunk Employee in Splunk Search 08-05-2013 0 2	0	2
Changing default field case sensitivity All, I'm wondering if there is a way to change my configuration files to ignore the capitalization of a field. For ... by bruceclarke Contributor in Splunk Search 08-05-2013 0 3	0	3
Omitting zero values when calculating stats avg()? What I want is: ... \| stats avg(eval(MyValue!=0)) as Avg It doesn't work that way (Avg is always 1.0). Of course... by greg Communicator in Splunk Search 08-05-2013 0 9	0	9
chart sorting by last field Hello, We have the following chart which displays current ticket counts over the last 7 days for different groups bu... by aaronkorn Splunk Employee in Splunk Search 08-05-2013 2 10	2	10
Custom Fields at index Time Hi I know that splunk automatically creates default fields like host,sourcetype,index at index time.And also the sp... by adityapavan18 Contributor in Splunk Search 08-05-2013 0 2	0	2
Uploading a CSV with multiline field value hi, I want to do a lookup to a CSV file which is having multi line field value when i upload a file for lookup its g... by ChhayaV Communicator in Splunk Search 08-05-2013 0 4	0	4
How to build a query that returns the hostname of the search head the query is running on? Hi, I have built an app that aggregates data into a summary index. The app also provides a query that searches for t... by cwacha Path Finder in Splunk Search 08-05-2013 0 1	0	1