Splunk Search

Community Activity

Join and a Transaction with _time within minute? Ok folks, here's a doozy. Two sets of data, first set of data is needs to be evaluated by a transaction to group a l... by dgshue New Member in Splunk Search 03-21-2013 0 1	0	1
Joining Data I have two sets of data which have some similar columns. Table one has column: A B C D E and table two has column: B ... by dgadjov Explorer in Splunk Search 03-21-2013 0 2	0	2
Help with Lookup table I am attempting to display categories from websense logs in human readable form. Currently they display the category ... by pgissiner Engager in Splunk Search 03-21-2013 0 1	0	1
Problem with Tailing events from Splunk DB connect Hi guys, I have indexed a table from a DB using Splunk DB Connect. It's got 2 Million records, i have given a colum... by alenseb Communicator in Splunk Search 03-21-2013 0 3	0	3
Contact strptime date conversion is converted to,2013-03-1 strftime (_time, "%Y-%m-%W"). However, the and strptime (strftime (_time, "%Y-%m-%W"), "%Y-... by jcisha Path Finder in Splunk Search 03-21-2013 0 1	0	1
Extracting fields from look up file & calculating each field count Hi, I am having a lookup csv file, I have uploaded it in Automatic lookup's with Application=Application_Name & Serve... by marellasunil Communicator in Splunk Search 03-21-2013 0 1	0	1
Time Format Hi I have a file with fields CloseDateTime and StartDateTime, both the field have a format like "2013-03-08 16:26 PM... by vaibhavbeohar Path Finder in Splunk Search 03-21-2013 0 1	0	1
Dealing with timechart auto span feature whitout manually specfying span inside the search Hi, I am trying to find the best and reliable solution to get precise graphs using timechart command. In deed, tim... by guilmxm Influencer in Splunk Search 03-21-2013 1 3	1	3
Query on stats values \| stats values(Domain), count by Short_Host gives me overall count. But i need individual count of each Domain. \| st... by p_basanth New Member in Splunk Search 03-21-2013 0 3	0	3
Converting a sql case statement into different events Hi, I'm hoping someone can help me I currently have some queries I run that I can looking to automate into Splunk. ... by swilson91 New Member in Splunk Search 03-21-2013 0 2	0	2
Ordering events in transaction I have some logs arriving via syslog, that have a single event broken up into multiple syslog messages. Due to issues... by datasearchninja Communicator in Splunk Search 03-20-2013 0 2	0	2
Stacked timechart of accumulative count with missing values? Hi, I have the following search which generates the data below: some_search \| bucket _time span=1h \| stats count ... by noambz Explorer in Splunk Search 03-20-2013 0 3	0	3
Searching Clustered Indexes Can I cluster two Splunk nodes for data availability without having a search head node? In other words, use one or b... by jacs New Member in Splunk Search 03-20-2013 0 1	0	1
NAS in search head I have two search heads. I want that if a user logged in to SRCH1 and saved a search and logged off and then looged i... by Splunk_U Path Finder in Splunk Search 03-20-2013 0 2	0	2
Example of when using indexed fields can help with search performance? We have some fields with large unique string values, e.g. EMAIL_SUBJECT, where search performance (particularly on wi... by the_wolverine Champion in Splunk Search 03-20-2013 0 1	0	1
If then else compares All, I need to compare the results of two different searches and I am lost. Something like this. count( search st... by daniel333 Builder in Splunk Search 03-20-2013 0 2	0	2
rex help ?? props.conf EXTRACT-IPUBMESSAGEID = <L:MESSAGEID>(?<IPUBMESSAGEID>[^<]*)</L:MESSAGEID> EXTRACT-Parse_MESSAGEID = IPUB... by rakesh_498115 Motivator in Splunk Search 03-20-2013 0 3	0	3
combining 2 stats output into 1 I want to combine the below 2 ouputs into single line \| stats count by Domain \| stats values(Domain) by Short_Host ... by p_basanth New Member in Splunk Search 03-20-2013 0 4	0	4
Field extraction query Any pointers on how to extract the third field Event1: <> Event2: the third field is populated with double ... by p_basanth New Member in Splunk Search 03-20-2013 0 1	0	1
Save an 'eval'-based field extraction? I am extracting a field "ipaddr" which is the result of using "eval" to convert a previously extracted field "nwclien... by andyspusm Explorer in Splunk Search 03-19-2013 0 2	0	2
How to identify unique user count without duplicates I have a log files where it contains duplicates like "json from session" log duplicates .. so the log which contains ... by dilstn Explorer in Splunk Search 03-19-2013 0 4	0	4
Query regarding splunk field extraction Using the below regex I was able to extract first7 fields Need to extract the last 3 fields How to skip the blank <> ... by p_basanth New Member in Splunk Search 03-19-2013 0 4	0	4
mismatch '[' in search Running this through the Splunk search I get no errors. However when I put this search in my Advance XML I get: misma... by dgadjov Explorer in Splunk Search 03-19-2013 0 5	0	5
Count Occurrences of a string in all columns dynamically The goal is just to have the percentage pass rate at the bottom of a dynamically named column that contains "Passed" ... by dgadjov Explorer in Splunk Search 03-19-2013 0 3	0	3
Splunk Filtering through regex I am trying to filtering results based on hosts which are our hbase zookeepers and region servers. There are 3 hbase ... by machosplunker Explorer in Splunk Search 03-19-2013 0 3	0	3