Splunk Search

Community Activity

multiple headers Hi, I have a couple of comma separated cisco log files which is suppose to have different set of headers or fields. T... by adomila Explorer in Splunk Search 03-11-2013 0 5	0	5
How can I generate alerts when your laptop battery level reaches down to 20%? I am just new with working with SPLUNK and I find it interesting to investigate this. by svvelzen New Member in Splunk Search 03-11-2013 0 3	0	3
Run single search multiple times with different timeframes I have a saved search named "myquery1". I want run this search 3 times (-60m@m, -4h@h and -12h@h). The above outputs... by p_basanth New Member in Splunk Search 03-11-2013 0 1	0	1
Merging two chart together Hi, I'm currently have 2 charts, one is the number of sms sent during office hour, the other is after office hour. i... by carrotball New Member in Splunk Search 03-10-2013 0 4	0	4
Lookup multiple values for one field My lookup table contains two columns: one for the input field and one for the value which will be populated into the ... by gauldridge Path Finder in Splunk Search 03-09-2013 0 2	0	2
Is it possible to rewrite the _time value for summary index events/ I'm using "collect" to send events to a summary index. Collect seems to put its execution time into the _time field ... by responsys_cm Builder in Splunk Search 03-09-2013 1 1	1	1
What is the Splunk ECCN classification ? I need to know the Export Control Classification Number (ECCN) for the Splunk software. by mataharry Communicator in Splunk Search 03-08-2013 0 1	0	1
subsearch help Not sure how to really explain this.... I would like to look in my windows logs for new installed products and list ... by mcbradford Contributor in Splunk Search 03-08-2013 0 2	0	2
pipe separated instead of csv I was wondering if it is possible to build a regex for a pipe separated file… Where the Header row carries the name ... by chetanvartak New Member in Splunk Search 03-08-2013 0 1	0	1
How to configure MV_ADD in the search language? Hi I am trying to figure out how to count 'abc' string in the following string field. 2012/07/21 16:18:30 string=bb... by melonman Motivator in Splunk Search 03-08-2013 0 6	0	6
Combining "stats dc(x)" with "stats dc(x) by y" in same search I am having a ton of trouble expressing this query. Suppose I have 1,000 distinct people, and 25 cities. Over a time... by bryanfe New Member in Splunk Search 03-08-2013 0 4	0	4
How do I adjust a time calculation for results being generated in multiple timezones I need to calculate the duration of time between events however my source does not adjust for timezones. In my exam... by bigtyma Communicator in Splunk Search 03-08-2013 0 2	0	2
Ignore pairs of "matching" (not identical) events I have a stream of events where a user has an activity={purchase, return, subscribe, unsubscribe} and product={prodA,... by woodcock Esteemed Legend in Splunk Search 03-08-2013 0 1	0	1
Timechart expression - No results found. I'm having trouble computing an aggregate performance indicator. The following expression (which has the goal to obta... by splunk_zen Builder in Splunk Search 03-08-2013 0 3	0	3
Timechart of open sessions per username. I have a file like this: Time,User-Name,Action Thu Mar 7 15:09:22,admin,login Thu Mar 7 17:46:21,admin,login Thu Mar... by MikhailArefiev Explorer in Splunk Search 03-08-2013 0 2	0	2
Problem with the number of column in a row Hi, I am running a query which would produce 29 column all total, but in my SPLUNK result set it is showing only up... by abhayneilam Contributor in Splunk Search 03-07-2013 0 4	0	4
List events from latest log indexed? I'm looking for help creating a search that returns all events from the last log indexed. This is what i've tried bu... by bfinney Engager in Splunk Search 03-07-2013 0 3	0	3
I need a wildcard in reg I have an event that I want to extract the inside/outside IP Addresses and Port numbers. Mar 6 13:59:59 192.168.140... by RNB Path Finder in Splunk Search 03-07-2013 0 4	0	4
Search-Time Field Extraction - Not Working Hello all, We are collecting Cisco firewall logs into Splunk and have installed the "Splunk for Cisco Firewalls" app... by vragosta Path Finder in Splunk Search 03-07-2013 0 3	0	3
Using field values as paramaters for macros bis Hi! I have the need to write a "macro" that takes field values as parameters. I have understood from this thread tha... by guilhem Contributor in Splunk Search 03-07-2013 0 4	0	4
Unable to extract IP Address and Port number with reg I have an event that I want to extract the IP Address and Port number. Mar 6 13:59:59 192.168.140.215 %ASA-4-106023... by RNB Path Finder in Splunk Search 03-07-2013 0 3	0	3
Use "Splunk" relative times for custom fields?@ Hi, i have records like this: 2013-03-05 01:02:03.456Z foo=bar value=key start="2013-03-05 05:00:00.000Z" end="2013... by JensT Communicator in Splunk Search 03-07-2013 0 2	0	2
Metadata Command Alerting Here's my command: \| metadata type=hosts index= \| sort lastTime \| convert ctime(lastTime) as Latest_Time \| sort -la... by ryangibson99 Explorer in Splunk Search 03-07-2013 0 1	0	1
addcoltotal name? Hi, I have a table that gives me connections, and I want to show those connections, plus a total. The search works, ... by a212830 Champion in Splunk Search 03-07-2013 0 3	0	3
Problem with the summation in chart command in SPLUNK Hi, I want to find out how what is the total number of "Exit" and "Entry" for the particular CARD_NUMBER for a parti... by abhayneilam Contributor in Splunk Search 03-07-2013 0 6	0	6