Splunk Search

Community Activity

splunk dbx query error with non-admin - PARSER: Applying intentions failed Unknown search command 'dbinfo'. splunk dbx query error with non-admin Admin user can view the database info and query database. but non-admin user w... by jona_sc New Member in Splunk Search 04-17-2013 0 1	0	1
Field extraction on a delimited file Hi, I would like to assign fields to a delimited text file which does not contain a header. Lets say an event or ro... by rubinod Engager in Splunk Search 04-17-2013 1 1	1	1
Help with diff or eval? I have one search, for one event type, and a second search for a second event type. one is 'user login' and the other... by tmarlette Motivator in Splunk Search 04-17-2013 0 3	0	3
Comparing data from two log files and displaying results which are different . Hi, My need is to compare two log files of same pattern . sometimes the log files will be entirely different because ... by smolcj Builder in Splunk Search 04-17-2013 0 7	0	7
Specific Search not working after upgrade to Splunk 5.0 I've got a specific search, that generates two time ranges on a timechart, using the instructions found on this Splun... by tiny3001 Path Finder in Splunk Search 04-17-2013 1 4	1	4
Getting no events with Real Time searching vs getting events with Historical search. No new events appearing. I have some Windows perfmon events being indexed every 60s. When I perform a 15min historical search I see all the ev... by davidts Path Finder in Splunk Search 04-16-2013 1 3	1	3
Controlling web click sorting behaviour Is it possible to control how the web interface sorts table column data? It seems to just sort in ascii or lexical o... by Lucas_K Motivator in Splunk Search 04-16-2013 0 2	0	2
Compound Search with two sourcetypes I want to search for an IDS event like this sourcetype=IDS "MALWARE-CNC" Then I want to use the src_IP and dst_IP ... by hartfoml Motivator in Splunk Search 04-16-2013 0 10	0	10
Custom role cannot search Is there something like a diff command on roles? I am trying to grant as limited as possible access to a custom role... by ccsfdave Builder in Splunk Search 04-16-2013 0 1	0	1
Easy way to approach this? Calculating Busy hour across several time zones Hey everyone. We are trying to figure out call distributions for our network by time zone. The call records we are ta... by msarro Builder in Splunk Search 04-16-2013 0 4	0	4
Extracting date Hi, I have the challenge of pulling log files which come in m-d-yyyy format. Please advise how to advise the splunk... by rajdiddi New Member in Splunk Search 04-16-2013 0 5	0	5
Convert table (stats output) to fields for eval? How can I take table output like the above and convert it into key=value pairs, so I can eval them further? I came u... by batzel Engager in Splunk Search 04-16-2013 0 1	0	1
tstat and timechart tscollect was leveraged to put data into time series index files. I am able to use tstat to calculate statistics. H... by rizzo75 Path Finder in Splunk Search 04-16-2013 1 1	1	1
search in saved search result Hello! I have saved search for 8 days. I need upload search result to csv-file for several days. One day - one csv. I... by ryastrebov Communicator in Splunk Search 04-16-2013 0 2	0	2
How to rename XML field name into shorter name ? Hello, I get difficult when manipulating XML field name, if i use like: sourcetype="test_xml_as" \| table content_ta... by sieutruc Contributor in Splunk Search 04-16-2013 0 5	0	5
Order of search ops with eval vs fieldformat If I run a search such as the following: sourcetype=access_combined action=purchase \| stats sum(price) as Price by p... by bmgilmore Path Finder in Splunk Search 04-16-2013 1 1	1	1
Extract an information from a field Hi all, I'm working on an extraction of information into a SQL Server log. I've a field Message that looks like : L... by mikedavem New Member in Splunk Search 04-16-2013 0 3	0	3
jump to first event A search returned 7000 events within one second. By default splunk shows me the most recent events and allows me to n... by rstanonik Engager in Splunk Search 04-16-2013 0 3	0	3
String validation in chart eval For another query where I have to use not equal to in a query for string, even not equal to is not working properly i... by marellasunil Communicator in Splunk Search 04-15-2013 0 3	0	3
See all results that match a portion of a field? Hi, is it possible to broaden a search with something like this: \| dbquery "dbname" "SELECT fieldname_(*) FROM table... by kbcuait Explorer in Splunk Search 04-15-2013 0 4	0	4
Conditional Transaction Search Say I have two different logs, source=a.txt and source=b.txt and their format is as follows: Source=a.txt 09-Apr-20... by Wiggy Splunk Employee in Splunk Search 04-15-2013 0 1	0	1
Weight host using lookup table. I'm trying to get a weighted ratio of errors per server. I have a lookup table like this: host,percent server1,25 se... by jevenson Path Finder in Splunk Search 04-15-2013 0 1	0	1
Use lookup table to specify hosts to search Is there a way to use a lookup table to have a list of host, and use that list to only search logs for those hosts? ... by jevenson Path Finder in Splunk Search 04-15-2013 1 3	1	3
Is it possible to get duration in milliseconds when charting a transaction We are pushing in [json] events with a timestamp field that contains time since epoch in milliseconds, eg: {[-] nam... by tomhowe New Member in Splunk Search 04-15-2013 0 1	0	1
Which indexes count towards the 500mb daily limit? Hello, I was wondering which indexes are included in the daily 500mb limit of the free version? Is it just the main... by paycorp Engager in Splunk Search 04-15-2013 0 3	0	3