Splunk Search

Community Activity

Avg Counts in the Last Month hey all, im working on a network overview dashboard. what i currently have is a saved search showing the last 7 days ... by twistedsixty4 Path Finder in Splunk Search 06-14-2013 0 3	0	3
Search Very Large Data set I need to search my firewall logs for the past year and find unique source names I can do this search index=firewall... by hartfoml Motivator in Splunk Search 06-14-2013 0 2	0	2
Join time selector based on event of main search Is it possible to do a search with a join and the events from the join search be relative to the time of the events o... by agodoy Communicator in Splunk Search 06-14-2013 0 4	0	4
Sort the legend's display from chart Hi everyone! I would like to display several areas (stacked) or columns in a specific order. Here is my charting com... by BDAS Explorer in Splunk Search 06-14-2013 1 3	1	3
Newbie to Splunk - Feild Extraction I'm new to the Splunk Search and trying to learn it. I am not from Scripting BG so need help here. I have extraction ... by Ak_C New Member in Splunk Search 06-14-2013 0 1	0	1
Get pattern count in a log line Hi, I have log lines that looks like this Fetching documents "FileName1.doc", "FileName2.xls", "FileName10.jpg", ... by lain179 Communicator in Splunk Search 06-13-2013 0 1	0	1
Search performance and optimization when I search with below query sourcetype=my_log UUID="3fc5e6c2-57b4-4e59-a3c0-8115f5ec74a1" search result will a... by jangid Builder in Splunk Search 06-13-2013 0 5	0	5
How to calculate rate of change over time for an variable I have an input value that changes steadily (at constant rate, either increasing or decreasing), and Splunk is captur... by mflamerich Explorer in Splunk Search 06-13-2013 1 1	1	1
Finding overall login time for a user For a game, my logs log two times, a login event and a logoff event. What I want to do is calculate the total online ... by Loscil Explorer in Splunk Search 06-13-2013 0 2	0	2
Regex for getting slow query logs from mongodb I am new to SPL. I want to get all mongo queries from my mongo logs which take more than 5 ms to execute. My mongo lo... by rahuljayz New Member in Splunk Search 06-13-2013 0 2	0	2
Connect nullValueMode problems with FlashChart? Hi, I'm having some issues with the nullValueMode with FlashChart. It appears (at least with 4.3.3, have to test if... by bojanz Communicator in Splunk Search 06-13-2013 1 10	1	10
Non Clickable column in drill down table How to set non clickable columns audittrail, linux_audit and scheduler in drill down table like for column OTHER in p... by pero1234 Path Finder in Splunk Search 06-13-2013 0 2	0	2
extend a field value hello, i want to extend a number field to a defined length like: 1324 to 001234 45678 to 045678 How could i do that... by Oti47 Path Finder in Splunk Search 06-13-2013 0 2	0	2
I'm thinking index corruption, right? Search = index=index_root*\| stats first(_time) as latest last(_time) as earliest count(index) by index \| convert tim... by grijhwani Motivator in Splunk Search 06-12-2013 0 2	0	2
Add commas to Exchange Table Splunkers, I have been trying to add commas to all the default charts on the Exchange app. A few particular searches... by I-Man Communicator in Splunk Search 06-12-2013 0 1	0	1
Establishing a direction for a connection I have a table output that has a Source Address and a Destination Address. I would like to add a column to the table... by Akita881 New Member in Splunk Search 06-12-2013 0 3	0	3
bug with eval + isnull and field name with a numeric first character? hi, not sure if this is a bug or i am doing something wrong, I think it has something to do with a fieldname starting... by brettcave Builder in Splunk Search 06-12-2013 0 2	0	2
Mimicing groupby & join behavior to get group aggregates Referring to table below, If it started with only Col1 and Col2. In a relational DB I would do a groupby followed by ... by leecaf Explorer in Splunk Search 06-12-2013 0 8	0	8
Converting log time into a usable format I am trying to use Splunk to determine if there is a delay in processing from one of the logs being consumed. The de... by bcarr12 Path Finder in Splunk Search 06-12-2013 0 4	0	4
Is splunk counting key/value in referer too? Assuming I have an access log file with referer If I have 111.111.111.111 - - [.......] "GET /cart.do?action=check... by mplungjan Path Finder in Splunk Search 06-12-2013 0 4	0	4
Host state change We have 4 servers running. 2 active and 2 as offline. Doing a search similar to "hostname="MyServers*" sourcetype="... by rmorlen Splunk Employee in Splunk Search 06-12-2013 0 4	0	4
Historical Lookups Hi, I am encountering a problem in lookups. The problem is that whenever the lookup file gets updated with new data,... by saad_siddiqi Path Finder in Splunk Search 06-11-2013 0 2	0	2
how can i format the number field? Hi, Is it possible to format the output of the count field ?? sourcety="x" \| stats count as REQ REQ 11000 100 13... by rakesh_498115 Motivator in Splunk Search 06-11-2013 0 2	0	2
I want to see a table of the hosts that are in the first search but not in the second. We have firewalls sending SYSLOG into us. We also get traffic logs from the firewalls. What Im trying to do is first ... by ehastings1982 Explorer in Splunk Search 06-11-2013 0 5	0	5
End transaction somewhere in the middle. I have 20 records in a transaction. Each of those records has a status. Possible status are created, opened, closed,... by vanaepi Explorer in Splunk Search 06-11-2013 0 2	0	2