Splunk Search

Community Activity

improving lookup and inputlookup performance Hi, when trying to filter a high EPS feed with a lookup I am experiencing quite some performance issues. Are are kno... by Olli1919 Path Finder in Splunk Search 08-06-2013 0 5	0	5
chart drill down to table Hello, We have the following table with this search but would like to drill down to a table with just the ticket det... by aaronkorn Splunk Employee in Splunk Search 08-06-2013 0 2	0	2
Search Bucket ID Range Greetz, Is it possible to search a range of bucket ids? I have moved a lot of warm/cold buckets and scrubbed the id... by ephemeric Contributor in Splunk Search 08-06-2013 0 2	0	2
Lookups and non matching values One of our users has a lookup requirement that I'm struggling to find a workable solution. They want to have a numbe... by samhughe Path Finder in Splunk Search 08-06-2013 0 4	0	4
timechart with SLA value I would like to create a timechart with an SLA value. I have tried this search sourcetype=foo \| eval sla=50 \| timech... by hartfoml Motivator in Splunk Search 08-06-2013 0 4	0	4
Line breaking with custom regex Hi All I've got a very bad csv to index, which is basically a csv with 63 columns and tildes as separators, because ... by Simon Contributor in Splunk Search 08-05-2013 0 2	0	2
field extraction hi, I have a log files which are having columns that are not fixed. if first log entry has col1,col2,col3 then next ... by ChhayaV Communicator in Splunk Search 08-05-2013 0 2	0	2
Splunk search head CPU cores required for reporting command based search How would CPU core load or CPU core sizing be split between a search head and its peer indexer when "searches with re... by Mag2sub Path Finder in Splunk Search 08-05-2013 0 2	0	2
date sorting numerically not alphabetically Hello, We have the following search in a chart but the dates are sorting alphabetically rather than numerically. ie ... by aaronkorn Splunk Employee in Splunk Search 08-05-2013 0 2	0	2
Changing default field case sensitivity All, I'm wondering if there is a way to change my configuration files to ignore the capitalization of a field. For ... by bruceclarke Contributor in Splunk Search 08-05-2013 0 3	0	3
Omitting zero values when calculating stats avg()? What I want is: ... \| stats avg(eval(MyValue!=0)) as Avg It doesn't work that way (Avg is always 1.0). Of course... by greg Communicator in Splunk Search 08-05-2013 0 9	0	9
chart sorting by last field Hello, We have the following chart which displays current ticket counts over the last 7 days for different groups bu... by aaronkorn Splunk Employee in Splunk Search 08-05-2013 2 10	2	10
Custom Fields at index Time Hi I know that splunk automatically creates default fields like host,sourcetype,index at index time.And also the sp... by adityapavan18 Contributor in Splunk Search 08-05-2013 0 2	0	2
Uploading a CSV with multiline field value hi, I want to do a lookup to a CSV file which is having multi line field value when i upload a file for lookup its g... by ChhayaV Communicator in Splunk Search 08-05-2013 0 4	0	4
How to build a query that returns the hostname of the search head the query is running on? Hi, I have built an app that aggregates data into a summary index. The app also provides a query that searches for t... by cwacha Path Finder in Splunk Search 08-05-2013 0 1	0	1
regex extract capturing group value I would like to use function case and regex together and extract the value of capturing group in one field e.g. http_... by splunkuser2013 New Member in Splunk Search 08-05-2013 0 3	0	3
saved searches VS inline searches hi, Is there any performance impact if i use inline search instead of saved one? Thanks and Regards by ChhayaV Communicator in Splunk Search 08-05-2013 0 1	0	1
Analyzing connection times based on start time and end time Hey, quite a long post, but I'm going crazy here trying to solve this problem: I have a connection log of: id, userna... by pembleton Path Finder in Splunk Search 08-05-2013 1 2	1	2
Using Splunk as a real-time event detection engine Hi, I have a requirement for an event detection engine which is able to identify a string (e.g. username) in a parti... by jsash1 New Member in Splunk Search 08-04-2013 0 3	0	3
Summary index for rolling 30d count not working as expected I've just started using summary indexes - I have two searches that work as expected on querying data in just the prev... by craigcook New Member in Splunk Search 08-04-2013 0 1	0	1
join table outer search Hi all, I need to join two table up and do a count of rain. Below is my search query is there anything wrong ? I can'... by kailun92 Communicator in Splunk Search 08-03-2013 0 6	0	6
Custom search command: preop only works when retainevents is false? I have a questions about custom search commands and the streaming_preop option. Is there some reason why the preopt ... by Lowell Super Champion in Splunk Search 08-02-2013 1 1	1	1
How to Restrict search terms for role based on a dynamic parameter? We want to restrict certain usergroups possibility to search in Splunk based on a dynamic parameter For instance Me... by michartmann Engager in Splunk Search 08-02-2013 1 4	1	4
how to limit characters length in splunk result Is there a way to limit the length of the results for a particular field? For example, if the URL/ref field is 100cha... by ssehgal Explorer in Splunk Search 08-02-2013 1 1	1	1
help needed with splunk search hello i have a problem with splunk results. in some of the RAW logs i have a field called as "ref" and in some logs i... by ssehgal Explorer in Splunk Search 08-02-2013 0 1	0	1