Splunk Search

Community Activity

Lookup Can't Find File I am in a clustered indexer environment and some but not all of my indexers are showing this error "The lookup table... by hartfoml Motivator in Splunk Search 02-22-2013 0 4	0	4
Complex subsearch: Need to extract value of field and pipe into another search So I’m trying to link a couple different fields together to get the data I’m looking for, but it involves a couple st... by whateverman Explorer in Splunk Search 02-21-2013 2 2	2	2
Use of "NOT" vs "!=" I'm working on a search which should return all events, except those where the "User_Name" or the "Account_Name" fiel... by rtadams89 Contributor in Splunk Search 02-21-2013 2 4	2	4
To remove a specific field from the pull-down list, what should I do? I found a field, b1, c1, d1, e1 a1 to the search field. What if you want to view the rest of the fields except for e1... by qfjp Explorer in Splunk Search 02-21-2013 0 1	0	1
How to detect if logs stopped from regular source Hi Support team, I just wanna check with you guys on how to detect if logs stopped from regular source? Best regard... by WilliamF Engager in Splunk Search 02-21-2013 0 1	0	1
subsearch returning an empty set causes unexpected results I am using a subsearch to qualify an outer search. Simplified, it looks something like this: Index =AAAA [index=AAA... by timpgray Path Finder in Splunk Search 02-21-2013 1 3	1	3
Search for event X and Y, but only Y during business hours? Hey Guys, This is my current search (It looks for SQL I/O delays) = sourcetype="WinEventLog:Application" MSSQLSERVER... by johnpof Path Finder in Splunk Search 02-21-2013 1 7	1	7
find broken events How to figure which events are broken or truncated by splunk. I know that the default is 256 lines for multiline even... by mataharry Communicator in Splunk Search 02-21-2013 1 3	1	3
Index an Event based on the results of a Splunk Query. I have an custom search command. It is scheduled to run every 5min. The results are indexed in a summary index. I ne... by lpolo Motivator in Splunk Search 02-21-2013 0 2	0	2
Using indexed DHCPD logs to find MAC address for IP I'm trying to leverage my indexed DHCPD logs to provide additional information about internal IP's that show up in ot... by Adam_Sealey Explorer in Splunk Search 02-21-2013 0 5	0	5
Splunk Regex Expression Below is the raw data that am getting. I want to extract the events where category is Error. For this am doing this i... by pdash Path Finder in Splunk Search 02-21-2013 0 6	0	6
Using a lookup to search values that are NOT in logs I've tried using info from the following 2 KB posts, but I am still having trouble: http://splunk-base.splunk.com/an... by aferone Builder in Splunk Search 02-21-2013 0 5	0	5
Auto Group Result Hi, I would like to group my product based on weight. Sample logs are: Product ID \| Weight 00368001a1 \| 1.4... by yap Explorer in Splunk Search 02-21-2013 0 2	0	2
Iterative fields with spaces in values I'm having trouble with the way Splunk parses some of my logs which has field=value pairs that have values with unquo... by michaelbrunetto New Member in Splunk Search 02-21-2013 0 1	0	1
add device dynamiclly what is the best way to add these devices dynamically ? We are using autoscale servers, how should we introduce new d... by sara_shafaei New Member in Splunk Search 02-20-2013 0 3	0	3
multivalue fields and fields.conf With the following data: mac_addr=01-02-03-04-05-06, 01-02-03-04-05-07, 01-02-03-04-05-08 Using this search will... by Ron_Naken Splunk Employee in Splunk Search 02-20-2013 2 6	2	6
mvfind for the last value It seems that mvfind will only return the index of the first matching value. I would like to return the index of the ... by pkashou Explorer in Splunk Search 02-20-2013 0 1	0	1
two different time modifiers in one search? The problem I'm facing is that I want a search that comes up with the possibility to set different time modifiers for... by p_splunk Engager in Splunk Search 02-20-2013 0 2	0	2
how to convert oracle function hello . i want to convert oracle function to splunk search. but i don't know this conversion . here's oracle functi... by rimururu01 New Member in Splunk Search 02-20-2013 0 5	0	5
Keeping field of subsearch How can I keep fields of a subsearch so I can add them to a table with the end result? I tried with no success ... [... by javo Explorer in Splunk Search 02-20-2013 0 5	0	5
do we have commad to trim new lines ?? HI.. I have seen the functions ltrim and rtrim to spaces ..do we have functions to trim new lines.. actually in my ... by rakesh_498115 Motivator in Splunk Search 02-20-2013 0 8	0	8
Field Extraction identification Is there a way to determine which field extraction (transforms or search rex) was used for a specific sourcetype? by mcm10285 Communicator in Splunk Search 02-20-2013 0 4	0	4
Setting a line in chart to represent as warning Hi, I want to draw two lines as warning boundaries in a line chart. The string goes "index="ong_poc_index" sourcetyp... by bhavna_jain Engager in Splunk Search 02-20-2013 0 2	0	2
Discarding specific event and keeping the rest Below is the raw data that am getting. I want to extract the events where category is Error. For this am doing this i... by pdash Path Finder in Splunk Search 02-19-2013 0 2	0	2
Display peak usage over time Hi  We are using Splunk 5.0.2 and have a requirement to show peak bandwidth usage over time. Here is the search th... by lukeh Contributor in Splunk Search 02-19-2013 0 2	0	2