Splunk Search

Community Activity

How to transfer Strftime TIME_FORMAT to a regular expression ? Log content (log4j) begin with a date that i will use it as TIME_FORMAT in my props.conf file. Fri Jan 04 2013 13:05... by royimad Builder in Splunk Search 03-27-2013 0 3	0	3
Why some Fields are extracted and some are not I have indexed memory log files for windows. I have done the required the configuration in props.conf and transforms.... by tkadale Path Finder in Splunk Search 03-27-2013 0 6	0	6
Relative search time off by an hour The clock on my server didn't adjust to the proper time for DST. I have updated the clock and restarted the server. ... by wpreston Motivator in Splunk Search 03-27-2013 0 1	0	1
Time duration Hi, 03/22/2013 05:27:59.603 Message 1 03/22/2013 05:27:59.920 Message 1 03/22/2013 05:28:00.245 Message 1 03/22/2013... by chaitu99 Explorer in Splunk Search 03-27-2013 0 5	0	5
SQL LIKE with an IN Please help me  I have two tables each with only one relevant column Table1.Paragraph 50,000 paragraphs of text T... by dAmoTa New Member in Splunk Search 03-27-2013 0 5	0	5
Regular Expression for log4j I need to know if i could extract the fields of the entire log using regular expression, I don't know how to use it? ... by royimad Builder in Splunk Search 03-27-2013 0 7	0	7
How to display two different logs through a search .... I have a two logs which i need to display them ... Mar 27, 2013 1:21:43 AM json from session : country name => "Ind... by dilstn Explorer in Splunk Search 03-27-2013 0 1	0	1
Alarm Condition Creation All, I have this search which when done displays the ipaddress of people and the number of hits they made against o... by daniel333 Builder in Splunk Search 03-26-2013 0 1	0	1
stats latest not returning a value Hello, I have a silly problem. I can't get stats latest(_time) to return a value. It's a basic search--just trying... by cphair Builder in Splunk Search 03-26-2013 2 7	2	7
ERROR HTTPClient - Should have gotten at least 3 tokens in status line, while getting response code. Only got 0. - what does it mean? I keep seeing this message in splunkd.log on my instance, what does it mean? My instance is used primarily as a sear... by Mick Splunk Employee in Splunk Search 03-26-2013 4 9	4	9
How do you invoke search acceleration for non-saved searches? Ideally, I'm looking for a way to apply the search acceleration function to a search in a dashboard that is not a "sa... by SK110176 Path Finder in Splunk Search 03-26-2013 1 2	1	2
Filter based on groups of keys I have logs which contains keys like this. Concept1 key=/UUID:uuid1/concept1:100 key=/UUID:uuid2/concept1:123 .. ke... by machosplunker Explorer in Splunk Search 03-26-2013 0 3	0	3
Basic search help I've got a custom source A and B, which I need to compute a weighted average over, each source has only 2 collums: da... by splunk_zen Builder in Splunk Search 03-26-2013 0 8	0	8
Search for Multiples Values and extract them into a single field? Can you please help me to figure out how can I extract multiple values in a source and extract them into a single fie... by ito27 New Member in Splunk Search 03-26-2013 0 6	0	6
Combine features from both stats and chart command My fields in this example are (row, column, data and count) I want to combine the features of this command: chart s... by cmak Contributor in Splunk Search 03-26-2013 0 2	0	2
Search with placeholder I would like to filter the following messages in a way that i would get only the events where "DISK "?" Status : Onli... by ammannpa New Member in Splunk Search 03-26-2013 0 1	0	1
Cumulative total "resets" with timechart and streamstats Hello, I can't for the life of me figure out what am I doing wrong here. I'm trying to keep track of total running t... by juraj Explorer in Splunk Search 03-26-2013 0 2	0	2
Not able to view my support cases I opened a support case at http://splunk.com/ but I am not able to view progress on the issue. I get following messag... by adminssplunknum New Member in Splunk Search 03-26-2013 0 1	0	1
Extracting Data from Website Hi, I have a requirement in a project of extracting the data from a website to make a metrics report. How do I extra... by abhayneilam Contributor in Splunk Search 03-26-2013 0 3	0	3
how to make eval to work for multivalued fields.. I have multivalued fields so if i use eval it picks and displays only one value for the multivalued field ... Can u s... by dilstn Explorer in Splunk Search 03-26-2013 0 1	0	1
フィールド抽出の正規表現の使用について正規表現を使って、サーチ時にフィールドを抽出していますが、この正規表現では日本語を使用できますか？ by cwl Contributor in Splunk Search 03-26-2013 1 1	1	1
Convert numbers to string Hi, My search formula returns a value in number. I want to check that number and if the number is below 50 a Word sh... by chamil3001 Explorer in Splunk Search 03-25-2013 0 3	0	3
Need help in stats for value-to-multivalue relationship in output My Search: index="_audit" [search index=_internal source="*web_access.log" user!="-" \| stats by user \| fields user] ... by wrangler2x Motivator in Splunk Search 03-25-2013 0 1	0	1
Trying to create a new field called hashtag I am a novice, experimenting with a free version of Splunk, and I have a twitter feed in a text file. A part of it lo... by sohampb Engager in Splunk Search 03-25-2013 0 4	0	4
transaction - solution for scheduling Is there a solution where a transactional query, run as a cron, can be forced to find all related events? As I see... by the_wolverine Champion in Splunk Search 03-25-2013 0 1	0	1