Splunk Search

Community Activity

no of events in show_source view hi, the default number of events displayed in show source are 25,50,100,200,500,1000. Can i change it so that i can s... by smolcj Builder in Splunk Search 02-13-2013 0 5	0	5
What happens to fields as they move down the pipeline? I have a search that has 3 joins. search1 \| join common_field1 [search2] \| join commonfield2 [search3] \| table field... by adrianathome Communicator in Splunk Search 02-13-2013 0 1	0	1
How to timechart nonnumeric field I may be overthinks this.There must be some way of doing it. I have a data like : How can I display values of Debug ... by disha Contributor in Splunk Search 02-13-2013 1 4	1	4
sending data from splunk to another splunk once the data reaches a certain age Hello, I would like to know how to set up Splunk to offload data from one Splunk indexer to another, once the data r... by dgavic Explorer in Splunk Search 02-13-2013 1 2	1	2
How to format non-_time field as relative time? I would like to format a field other than _time as relative time, like the reltime command does for _time (and only f... by Wilcooley Path Finder in Splunk Search 02-13-2013 1 3	1	3
Controlling multiple charts using one PulldownSwitcher Hi My requirement is to provide a drop down box in my dashboard. Based on the value selected in the drop down, I need... by keerthana_k Communicator in Splunk Search 02-13-2013 1 1	1	1
REX pipe to EVAL I have a search that is \| to REX then \| to EVAL that is not working. I'm sure it must be a timing issue something li... by hartfoml Motivator in Splunk Search 02-13-2013 1 6	1	6
Average execution lag increases over time I am having an issue with the average execution lag increasing over a period of 24 hours. This is pushing off the ti... by drussell88 Explorer in Splunk Search 02-13-2013 0 5	0	5
I have a chart with multiple lines and I want to "merge" them. Hi everyone! Here is my problem: Thanks to a search, I have multiple lines on the same graph. But now, I want to merg... by nugetchar Explorer in Splunk Search 02-13-2013 0 2	0	2
extracting fields field name: field value Is there a simple way to have splunk assign field names based on ":"? For example, Splunk does a good job of picking... by mcbradford Contributor in Splunk Search 02-13-2013 0 2	0	2
extract event field Hello, i would like to create a statistic about following events: example: [2013-xxxxx], INFO,xxxxx,user[xxxxx],se... by rechteklebe Path Finder in Splunk Search 02-13-2013 0 2	0	2
Use checkboxes to build a search query using AND or OR Is it possible to build a form with checkboxes to build a query? Something like: < input type="checkbox" token="some... by brettcave Builder in Splunk Search 02-12-2013 1 6	1	6
Using "NOT" in splunk ? How to use the NOT operator for combination of two words. In my log I need to eliminate the errors by considering th... by mkumarpisl New Member in Splunk Search 02-12-2013 0 3	0	3
Trying to do a search that requires a sub search Hey Guys, I have been stuck on the following for a few days and would love some help Trying to perform a search of ... by abishop195 New Member in Splunk Search 02-12-2013 0 2	0	2
Exclude from index I have a ton of event that contain SourceName="Symantec AntiVirus". How can I exclude these events fro being indexed? by MBerikcurtis Path Finder in Splunk Search 02-12-2013 0 1	0	1
Access Control for Splunk DB Connect Do I get it right that after the successful setup of the Splunk DB Connect every Splunk user can access the configure... by dabbank Path Finder in Splunk Search 02-12-2013 2 13	2	13
Dynamically change field name labels I have many fields that end with the regular expression _rate. Ex: Compile_rate Typing_rate I can get all my rates w... by cmak Contributor in Splunk Search 02-12-2013 1 5	1	5
Multiline field on a table Could anyone tell me how to modify the application.css to show multiline fields in multiline format (with CRLF) on a ... by Cris Explorer in Splunk Search 02-12-2013 0 1	0	1
Using regex in source stanzas (props.conf) Hello! I have some log files with dynamic naming that I'm having trouble matching with props.conf stanzas. Here are... by emiller42 Motivator in Splunk Search 02-12-2013 1 7	1	7
Trying to add static date to time.conf I have tried to modify my time.conf to have a static set of dates I can select. I added the following to my time.conf... by toekneeh Engager in Splunk Search 02-12-2013 0 3	0	3
regex help I have the following log snippet with a JSON payload and I want to run a regex such that it extracts the JSON fields ... by dbautist Explorer in Splunk Search 02-12-2013 0 4	0	4
test ignore test test test by dshakespeare_sp Splunk Employee in Splunk Search 02-12-2013 8 4	8	4
Counting values Hi, i have a key value pair say FTYPE=VAL1 and FTYPE=VAL2 and create a timechart with earliest=-1d@d latest=now \| ti... by mkrauss1 Explorer in Splunk Search 02-12-2013 0 1	0	1
Get data from public pages like Brands, Companies etc Hi, I have installed Facebook App in my splunk set up.Currently i am able to get the user specific data using Facebo... by nawneel Communicator in Splunk Search 02-12-2013 0 1	0	1
How can I divide two variables in the same search? Here's an example of a string I'm looking for: 15:55:37.732 ( 5436:15032) G-MST: 2000001D "00020000-dff6-5032-e3c7-0... by byessayian New Member in Splunk Search 02-12-2013 0 2	0	2