Splunk Search

Community Activity

timechart with calculated field I have two separate searches and I want to display the results in 1 timechart with a calculated field. "searchA" \| t... by dbautist Explorer in Splunk Search 02-14-2013 0 2	0	2
Postfix mail delay subsearch I need to correlate the delays in mail handling in postfix logs to the sender address. As you know, the line in mail... by masterpipo New Member in Splunk Search 02-14-2013 0 2	0	2
Help with REX rex "(?i)\(ms\):(?P<duration>.+)" Query: sourcetype="mylog" \| rex "(?i)\(ms\):(?P<duration>.+)" \| eval epochtim... by 1234testtest Path Finder in Splunk Search 02-14-2013 0 4	0	4
Splunk is breaking my events in to two events Hi, I have events with 360 lines of text. My problem is that Splunk 1. writes the first 257 lines of the event 2... by aleem SplunkTrust in Splunk Search 02-14-2013 0 2	0	2
Problem with Pie Chart Hi, I read through the pie chart docs in splunk. I am not able to customize it to my needs. My Search query is: fi... by strive Influencer in Splunk Search 02-14-2013 0 1	0	1
Including Indextime in Table I am a fairly new Splunk user..I have 5 different source types. Each sourcetype represents a unique txt file that ge... by dbastidas New Member in Splunk Search 02-14-2013 0 3	0	3
How to create a chart based on condition Hi, Am having the data contains below; Asset Time stamp Temperature LD-02 00:12.6 43 41 HT-02 00:26.3 45 5... by balajsoz Path Finder in Splunk Search 02-13-2013 0 1	0	1
no of events in show_source view hi, the default number of events displayed in show source are 25,50,100,200,500,1000. Can i change it so that i can s... by smolcj Builder in Splunk Search 02-13-2013 0 5	0	5
What happens to fields as they move down the pipeline? I have a search that has 3 joins. search1 \| join common_field1 [search2] \| join commonfield2 [search3] \| table field... by adrianathome Communicator in Splunk Search 02-13-2013 0 1	0	1
How to timechart nonnumeric field I may be overthinks this.There must be some way of doing it. I have a data like : How can I display values of Debug ... by disha Contributor in Splunk Search 02-13-2013 1 4	1	4
sending data from splunk to another splunk once the data reaches a certain age Hello, I would like to know how to set up Splunk to offload data from one Splunk indexer to another, once the data r... by dgavic Explorer in Splunk Search 02-13-2013 1 2	1	2
How to format non-_time field as relative time? I would like to format a field other than _time as relative time, like the reltime command does for _time (and only f... by Wilcooley Path Finder in Splunk Search 02-13-2013 1 3	1	3
Controlling multiple charts using one PulldownSwitcher Hi My requirement is to provide a drop down box in my dashboard. Based on the value selected in the drop down, I need... by keerthana_k Communicator in Splunk Search 02-13-2013 1 1	1	1
REX pipe to EVAL I have a search that is \| to REX then \| to EVAL that is not working. I'm sure it must be a timing issue something li... by hartfoml Motivator in Splunk Search 02-13-2013 1 6	1	6
Average execution lag increases over time I am having an issue with the average execution lag increasing over a period of 24 hours. This is pushing off the ti... by drussell88 Explorer in Splunk Search 02-13-2013 0 5	0	5
I have a chart with multiple lines and I want to "merge" them. Hi everyone! Here is my problem: Thanks to a search, I have multiple lines on the same graph. But now, I want to merg... by nugetchar Explorer in Splunk Search 02-13-2013 0 2	0	2
extracting fields field name: field value Is there a simple way to have splunk assign field names based on ":"? For example, Splunk does a good job of picking... by mcbradford Contributor in Splunk Search 02-13-2013 0 2	0	2
extract event field Hello, i would like to create a statistic about following events: example: [2013-xxxxx], INFO,xxxxx,user[xxxxx],se... by rechteklebe Path Finder in Splunk Search 02-13-2013 0 2	0	2
Use checkboxes to build a search query using AND or OR Is it possible to build a form with checkboxes to build a query? Something like: < input type="checkbox" token="some... by brettcave Builder in Splunk Search 02-12-2013 1 6	1	6
Using "NOT" in splunk ? How to use the NOT operator for combination of two words. In my log I need to eliminate the errors by considering th... by mkumarpisl New Member in Splunk Search 02-12-2013 0 3	0	3
Trying to do a search that requires a sub search Hey Guys, I have been stuck on the following for a few days and would love some help Trying to perform a search of ... by abishop195 New Member in Splunk Search 02-12-2013 0 2	0	2
Exclude from index I have a ton of event that contain SourceName="Symantec AntiVirus". How can I exclude these events fro being indexed? by MBerikcurtis Path Finder in Splunk Search 02-12-2013 0 1	0	1
Access Control for Splunk DB Connect Do I get it right that after the successful setup of the Splunk DB Connect every Splunk user can access the configure... by dabbank Path Finder in Splunk Search 02-12-2013 2 13	2	13
Dynamically change field name labels I have many fields that end with the regular expression _rate. Ex: Compile_rate Typing_rate I can get all my rates w... by cmak Contributor in Splunk Search 02-12-2013 1 5	1	5
Multiline field on a table Could anyone tell me how to modify the application.css to show multiline fields in multiline format (with CRLF) on a ... by Cris Explorer in Splunk Search 02-12-2013 0 1	0	1