Splunk Search

Community Activity

Service Names Needed I'm in the process of creating compliance checks that will run in Tenable Nessus. These checks will audit and report... by wrap2tyt New Member in Splunk Search 02-15-2013 0 2	0	2
where can i set max_match option ? Hi .. For all the regular expression fields created using rex command , there is option called max_match to match al... by rakesh_498115 Motivator in Splunk Search 02-15-2013 2 6	2	6
Wildcard eval to divide multiple values with a constant number like 2 I have a search which gets timings across many Streets. But these times are in seconds and I want to convert to minut... by batcave Explorer in Splunk Search 02-15-2013 0 7	0	7
compare results of two searches to detect new activity How do I compare two searches to find values that exist in one search but not the other? For example, how do I repor... by dbylertbg Path Finder in Splunk Search 02-15-2013 0 3	0	3
Having a problem substituting value for earliest in a map command I am attempting to use the ‘map’ command with a sub search. In the subsearch I am using I wish to use the value of _... by timpgray Path Finder in Splunk Search 02-15-2013 1 2	1	2
regex question I have the following log snippet with a JSON payload that includes a newline. How do I extract the entire JSON payloa... by dbautist Explorer in Splunk Search 02-15-2013 0 3	0	3
Total Time in D:M:H:S- using appendpipe instead of totalseconds and display on Dashboard I am trying to somehow get a total sum of the "Total Time" column and have it be on a separate line rather the next l... by Xe03kfp Path Finder in Splunk Search 02-15-2013 0 3	0	3
Convert data only a field contains a specific pattern, otherwise let is as it is (if data_unity=bytes then ... else) Hi to Everyone, My question is ,i think, quite simple but i haven't found yet solution ^^ (i'm still quite new to Sp... by guilmxm Influencer in Splunk Search 02-15-2013 0 5	0	5
Verifying Configuration Through Splunk Web Hi Folks, I'm trying to see if I can verify the configuration of any deployment applications via Splunk web. Curren... by michaeloleary Path Finder in Splunk Search 02-15-2013 0 1	0	1
Top percentage out of total events When using the fields sidebar, I can see how often a field appears out of my total result set (ie Appears in 62% of r... by Yancy Path Finder in Splunk Search 02-14-2013 0 1	0	1
Where has the timeline gone? Why does the timeline go away when you aggregate the data with commands like stats? Can we get it back? It used to ... by todd0 New Member in Splunk Search 02-14-2013 0 1	0	1
Join two heavy tables I have a bunch of events in one index. The events are divided by sourcetype, for example: sourcetype=foo \| fields fr... by chakheevav Engager in Splunk Search 02-14-2013 0 2	0	2
compared to a threshold whose value varies depending on the value of another field I am processing packets drop log events and want to have a report that contains only those events with nopktDrop>= th... by myli12 Path Finder in Splunk Search 02-14-2013 0 1	0	1
How to block or remove sourcetype in windows I am testing Splunk on windows 2k8 R2. The sourcetype = "trc" (log file) is really huge in size and I want to block i... by armaanxman Engager in Splunk Search 02-14-2013 1 1	1	1
All Disk Drives in WIndows, One Chart, From Perfmon Data I'd like to have one column chart showing the percentage of drive space taken on each of the drives in the screenshot... by aferone Builder in Splunk Search 02-14-2013 0 8	0	8
timechart with calculated field I have two separate searches and I want to display the results in 1 timechart with a calculated field. "searchA" \| t... by dbautist Explorer in Splunk Search 02-14-2013 0 2	0	2
Postfix mail delay subsearch I need to correlate the delays in mail handling in postfix logs to the sender address. As you know, the line in mail... by masterpipo New Member in Splunk Search 02-14-2013 0 2	0	2
Help with REX rex "(?i)\(ms\):(?P<duration>.+)" Query: sourcetype="mylog" \| rex "(?i)\(ms\):(?P<duration>.+)" \| eval epochtim... by 1234testtest Path Finder in Splunk Search 02-14-2013 0 4	0	4
Splunk is breaking my events in to two events Hi, I have events with 360 lines of text. My problem is that Splunk 1. writes the first 257 lines of the event 2... by aleem SplunkTrust in Splunk Search 02-14-2013 0 2	0	2
Problem with Pie Chart Hi, I read through the pie chart docs in splunk. I am not able to customize it to my needs. My Search query is: fi... by strive Influencer in Splunk Search 02-14-2013 0 1	0	1
Including Indextime in Table I am a fairly new Splunk user..I have 5 different source types. Each sourcetype represents a unique txt file that ge... by dbastidas New Member in Splunk Search 02-14-2013 0 3	0	3
How to create a chart based on condition Hi, Am having the data contains below; Asset Time stamp Temperature LD-02 00:12.6 43 41 HT-02 00:26.3 45 5... by balajsoz Path Finder in Splunk Search 02-13-2013 0 1	0	1
no of events in show_source view hi, the default number of events displayed in show source are 25,50,100,200,500,1000. Can i change it so that i can s... by smolcj Builder in Splunk Search 02-13-2013 0 5	0	5
What happens to fields as they move down the pipeline? I have a search that has 3 joins. search1 \| join common_field1 [search2] \| join commonfield2 [search3] \| table field... by adrianathome Communicator in Splunk Search 02-13-2013 0 1	0	1
How to timechart nonnumeric field I may be overthinks this.There must be some way of doing it. I have a data like : How can I display values of Debug ... by disha Contributor in Splunk Search 02-13-2013 1 4	1	4