Splunk Search

Community Activity

Getting no events with Real Time searching vs getting events with Historical search. No new events appearing. I have some Windows perfmon events being indexed every 60s. When I perform a 15min historical search I see all the ev... by davidts Path Finder in Splunk Search 04-16-2013 1 3	1	3
Controlling web click sorting behaviour Is it possible to control how the web interface sorts table column data? It seems to just sort in ascii or lexical o... by Lucas_K Motivator in Splunk Search 04-16-2013 0 2	0	2
Compound Search with two sourcetypes I want to search for an IDS event like this sourcetype=IDS "MALWARE-CNC" Then I want to use the src_IP and dst_IP ... by hartfoml Motivator in Splunk Search 04-16-2013 0 10	0	10
Custom role cannot search Is there something like a diff command on roles? I am trying to grant as limited as possible access to a custom role... by ccsfdave Builder in Splunk Search 04-16-2013 0 1	0	1
Easy way to approach this? Calculating Busy hour across several time zones Hey everyone. We are trying to figure out call distributions for our network by time zone. The call records we are ta... by msarro Builder in Splunk Search 04-16-2013 0 4	0	4
Extracting date Hi, I have the challenge of pulling log files which come in m-d-yyyy format. Please advise how to advise the splunk... by rajdiddi New Member in Splunk Search 04-16-2013 0 5	0	5
Convert table (stats output) to fields for eval? How can I take table output like the above and convert it into key=value pairs, so I can eval them further? I came u... by batzel Engager in Splunk Search 04-16-2013 0 1	0	1
tstat and timechart tscollect was leveraged to put data into time series index files. I am able to use tstat to calculate statistics. H... by rizzo75 Path Finder in Splunk Search 04-16-2013 1 1	1	1
search in saved search result Hello! I have saved search for 8 days. I need upload search result to csv-file for several days. One day - one csv. I... by ryastrebov Communicator in Splunk Search 04-16-2013 0 2	0	2
How to rename XML field name into shorter name ? Hello, I get difficult when manipulating XML field name, if i use like: sourcetype="test_xml_as" \| table content_ta... by sieutruc Contributor in Splunk Search 04-16-2013 0 5	0	5
Order of search ops with eval vs fieldformat If I run a search such as the following: sourcetype=access_combined action=purchase \| stats sum(price) as Price by p... by bmgilmore Path Finder in Splunk Search 04-16-2013 1 1	1	1
Extract an information from a field Hi all, I'm working on an extraction of information into a SQL Server log. I've a field Message that looks like : L... by mikedavem New Member in Splunk Search 04-16-2013 0 3	0	3
jump to first event A search returned 7000 events within one second. By default splunk shows me the most recent events and allows me to n... by rstanonik Engager in Splunk Search 04-16-2013 0 3	0	3
String validation in chart eval For another query where I have to use not equal to in a query for string, even not equal to is not working properly i... by marellasunil Communicator in Splunk Search 04-15-2013 0 3	0	3
See all results that match a portion of a field? Hi, is it possible to broaden a search with something like this: \| dbquery "dbname" "SELECT fieldname_(*) FROM table... by kbcuait Explorer in Splunk Search 04-15-2013 0 4	0	4
Conditional Transaction Search Say I have two different logs, source=a.txt and source=b.txt and their format is as follows: Source=a.txt 09-Apr-20... by Wiggy Splunk Employee in Splunk Search 04-15-2013 0 1	0	1
Weight host using lookup table. I'm trying to get a weighted ratio of errors per server. I have a lookup table like this: host,percent server1,25 se... by jevenson Path Finder in Splunk Search 04-15-2013 0 1	0	1
Use lookup table to specify hosts to search Is there a way to use a lookup table to have a list of host, and use that list to only search logs for those hosts? ... by jevenson Path Finder in Splunk Search 04-15-2013 1 3	1	3
Is it possible to get duration in milliseconds when charting a transaction We are pushing in [json] events with a timestamp field that contains time since epoch in milliseconds, eg: {[-] nam... by tomhowe New Member in Splunk Search 04-15-2013 0 1	0	1
Which indexes count towards the 500mb daily limit? Hello, I was wondering which indexes are included in the daily 500mb limit of the free version? Is it just the main... by paycorp Engager in Splunk Search 04-15-2013 0 3	0	3
Splunk indexing volume by index alert Hello, I would like to get an alert if the indexing volume for an index drops. I'm thinking something similar this... by splunkiscool1 Engager in Splunk Search 04-15-2013 0 5	0	5
Variables available in input app Hi, I need to reference a file distributed by an input app from within the app itself (outputs.conf). I need to conf... by echalex Builder in Splunk Search 04-15-2013 0 5	0	5
Fillnull not working on my search I've got a search that looks something like this: search \| eval Minutes=case(field<120,"0 to 2", field>=120 AND fiel... by jevenson Path Finder in Splunk Search 04-14-2013 1 3	1	3
Subsearch NOT in I have two sourcetypes A and B - each has a column SERIAL_NUMBER Sourcetype A has over 1000,000 records Sourcetype B... by asarolkar Builder in Splunk Search 04-14-2013 1 6	1	6
create table for each application by each service I am having 5 applications each having service names few are same. Ex : Application A - Services AA, AB, AC, Applicat... by marellasunil Communicator in Splunk Search 04-13-2013 0 1	0	1