Splunk Search

Community Activity

Does wildeward search in source attribute work? I assume that searching with source=* should work? What could be the reason that this query works: index=prd_stats s... by mkelderm Path Finder in Splunk Search 03-12-2013 0 1	0	1
dedup on values of a field that match certain regular expressions I have a few different values for a Status field that match a certain regular expression that I would like to dedup o... by cmak Contributor in Splunk Search 03-12-2013 0 4	0	4
how to identify unique user entry Log 11:34:23 http://www.rohm.com , customername="Hamilton",uuid="245209820udwdef34", customer id 5 Log 11:37:39 htt... by dilstn Explorer in Splunk Search 03-12-2013 0 1	0	1
Calculating fields by groups of events Hello, I need to group events by 3 filelds ip,login and city (one group with same login,same ip and same city), somet... by andrey2007 Contributor in Splunk Search 03-11-2013 0 2	0	2
How much of the time is... I'm collecting lots of data about a large amount of machines with the linux and unix ta (but that's a bit irrelevant ... by martindalum Engager in Splunk Search 03-11-2013 1 3	1	3
Hot Spot Data Just started using a mobile hot spot from a phone carrier, will I be able to monitor my data usage on the hot spot by... by brown1e New Member in Splunk Search 03-11-2013 0 1	0	1
Calculate a percentage from three events Hi, I'm hoping you can help me I currently have a graph that have 3 events lets call them event1, event2 and event3.... by swilson91 New Member in Splunk Search 03-11-2013 0 5	0	5
transaction group by two IDs I have data that has two IDs for each transaction. Of course most logs have one or the other and only one has both. ... by fk319 Builder in Splunk Search 03-11-2013 1 8	1	8
Create charts by combining 2 different search outputs I have 2 saved searches which returns single value output each index=app_1 sourcetype=app1 \| stats count of errors ... by p_basanth New Member in Splunk Search 03-11-2013 0 1	0	1
multiple headers Hi, I have a couple of comma separated cisco log files which is suppose to have different set of headers or fields. T... by adomila Explorer in Splunk Search 03-11-2013 0 5	0	5
How can I generate alerts when your laptop battery level reaches down to 20%? I am just new with working with SPLUNK and I find it interesting to investigate this. by svvelzen New Member in Splunk Search 03-11-2013 0 3	0	3
Run single search multiple times with different timeframes I have a saved search named "myquery1". I want run this search 3 times (-60m@m, -4h@h and -12h@h). The above outputs... by p_basanth New Member in Splunk Search 03-11-2013 0 1	0	1
Merging two chart together Hi, I'm currently have 2 charts, one is the number of sms sent during office hour, the other is after office hour. i... by carrotball New Member in Splunk Search 03-10-2013 0 4	0	4
Lookup multiple values for one field My lookup table contains two columns: one for the input field and one for the value which will be populated into the ... by gauldridge Path Finder in Splunk Search 03-09-2013 0 2	0	2
Is it possible to rewrite the _time value for summary index events/ I'm using "collect" to send events to a summary index. Collect seems to put its execution time into the _time field ... by responsys_cm Builder in Splunk Search 03-09-2013 1 1	1	1
What is the Splunk ECCN classification ? I need to know the Export Control Classification Number (ECCN) for the Splunk software. by mataharry Communicator in Splunk Search 03-08-2013 0 1	0	1
subsearch help Not sure how to really explain this.... I would like to look in my windows logs for new installed products and list ... by mcbradford Contributor in Splunk Search 03-08-2013 0 2	0	2
pipe separated instead of csv I was wondering if it is possible to build a regex for a pipe separated file… Where the Header row carries the name ... by chetanvartak New Member in Splunk Search 03-08-2013 0 1	0	1
How to configure MV_ADD in the search language? Hi I am trying to figure out how to count 'abc' string in the following string field. 2012/07/21 16:18:30 string=bb... by melonman Motivator in Splunk Search 03-08-2013 0 6	0	6
Combining "stats dc(x)" with "stats dc(x) by y" in same search I am having a ton of trouble expressing this query. Suppose I have 1,000 distinct people, and 25 cities. Over a time... by bryanfe New Member in Splunk Search 03-08-2013 0 4	0	4
How do I adjust a time calculation for results being generated in multiple timezones I need to calculate the duration of time between events however my source does not adjust for timezones. In my exam... by bigtyma Communicator in Splunk Search 03-08-2013 0 2	0	2
Ignore pairs of "matching" (not identical) events I have a stream of events where a user has an activity={purchase, return, subscribe, unsubscribe} and product={prodA,... by woodcock Esteemed Legend in Splunk Search 03-08-2013 0 1	0	1
Timechart expression - No results found. I'm having trouble computing an aggregate performance indicator. The following expression (which has the goal to obta... by splunk_zen Builder in Splunk Search 03-08-2013 0 3	0	3
Timechart of open sessions per username. I have a file like this: Time,User-Name,Action Thu Mar 7 15:09:22,admin,login Thu Mar 7 17:46:21,admin,login Thu Mar... by MikhailArefiev Explorer in Splunk Search 03-08-2013 0 2	0	2
Problem with the number of column in a row Hi, I am running a query which would produce 29 column all total, but in my SPLUNK result set it is showing only up... by abhayneilam Contributor in Splunk Search 03-07-2013 0 4	0	4