Splunk Search

Community Activity

Is there a way to tell if a field is an index time field (vs a search time field)? Hi is there a way (in Splunk Web or from the CLI) to see if a field was extracted at search time or at index time? ... by chris Motivator in Splunk Search 01-23-2013 0 2	0	2
Diff on device Feature Request Would it be possible to alert on a device if the logs increase? Lets say you brought a new device into splunk, let it... by mbrose New Member in Splunk Search 01-23-2013 0 3	0	3
Perform a Lookup from results of another search I want to use the clientip field of an access_combined log to get the reported username from a bigfix search. The bi... by agodoy Communicator in Splunk Search 01-23-2013 0 2	0	2
how to default a key value if a reduce function "stats" does not return any results... I have the following query: index=hello field=0 client=vip\|stats dc(id) as no_event by client If there is not any ... by lpolo Motivator in Splunk Search 01-23-2013 0 9	0	9
Searching on time Hi, I have a search that shows the last time a server last had a virus update but how can I make the search so it on... by robK123 Explorer in Splunk Search 01-23-2013 0 3	0	3
Multi XML Field Extraction Given an entry like below, my goal is to pull all the "fieldName" parameters, essentially recreating the "where" clau... by tyronetv Communicator in Splunk Search 01-23-2013 0 3	0	3
Determining how many visits before an action is taken I am trying to determine the number of visits a user makes before a certain action takes place in a report. I have a ... by brettcave Builder in Splunk Search 01-23-2013 0 2	0	2
Character format conversion I search characters in the format you want to convert. Characters in the form of six-digit "0" "000000" and want to ... by jcisha Path Finder in Splunk Search 01-22-2013 0 2	0	2
Replace value of field A, when found in vlaue of field B I have events that contain multiple fields. For example field1=john field2=doe field3=johndoeaccounting What I woul... by rtadams89 Contributor in Splunk Search 01-22-2013 1 5	1	5
Need to search from a result without a particular value for a field I have a search defined as status=deny The search list the result correctly. From this result there is a field dst w... by uayub Path Finder in Splunk Search 01-22-2013 0 3	0	3
Splunk Query I'm trying to extract a single field from a log and perform some statistical calculations using stats. The log entri... by DTERM Contributor in Splunk Search 01-22-2013 1 4	1	4
problem with using of CASE results Hi everyone! Could you please tell me why my search doesn't work. It has variable click.value $offer_var$ that can b... by iKate Builder in Splunk Search 01-22-2013 0 1	0	1
Collection Rate Does anyone have collection rate experience they can share? Thanks! by agehring New Member in Splunk Search 01-22-2013 0 1	0	1
tr like command? Phone Numbers different format in 2 data sources and I want to Join them Is there anything like the UNIX tr command in splunk? In one data source I have phone numbers like (800) 555-4444 an... by rkirkw Path Finder in Splunk Search 01-22-2013 1 3	1	3
How can i break multiple lines of a log ? How can i break this lines ? I used this regex but i can't obtain multiple data of each event with lot uid: Regex: ... by nettrigger Explorer in Splunk Search 01-22-2013 0 2	0	2
Field extraction from an extracted field not working unless I pipe (\|) to "extract reload=t" I have a string in my log file that consists of a list of URL query parameters which are automatically extracted to n... by jklumpp_splunk Splunk Employee in Splunk Search 01-22-2013 0 1	0	1
Bitwise workaround I have a field StreamId=0x12da3b7514f19ce7 I want to do this: (StreamId >>  & 0xFFFFFFFF I know I can /256 to shift... by tincupchalice Path Finder in Splunk Search 01-22-2013 0 3	0	3
Trendline(as line chart ) on top of column chart hi I am trying to plot a trend line on top of column chart. But Splunk is drawing trends as column chart instead of l... by Aakanksha Path Finder in Splunk Search 01-22-2013 0 1	0	1
How to make a table with multiple multivalue fields? I need to make a table with some information from events. my event looks like: [timestamp][some info] [function_nam... by aadrian Engager in Splunk Search 01-22-2013 1 5	1	5
Join only giving fields from one of the two sourcetypes All, I have a join on the two sourcetypes setup like this -> sourcetype="alog" -> id_number sourcetype="blog" -> i... by asarolkar Builder in Splunk Search 01-21-2013 0 2	0	2
Performance Issues with a search command line Hello, I am beginning in Splunk and am told to resolve some calculation times issues using searches. The functionnali... by dmorio New Member in Splunk Search 01-21-2013 0 1	0	1
Find item that are not present in both set Hello, I try to find the better way in order to apply the search below: I have 2 set of data and I want to extract ... by righettod Engager in Splunk Search 01-21-2013 1 3	1	3
Difficult date time conversion Well it's a difficult conversion for me, anyway. Here's the field: dateTime=Fri Jan 18 17:11:55 GMT+00:00 2013 I wa... by timbitsandbytes Engager in Splunk Search 01-21-2013 0 4	0	4
Mapping IPs to netmask I got a list of network masks used in our company and would like to map the ip addresses in my logs to these netmasks... by FRoth Contributor in Splunk Search 01-21-2013 0 1	0	1
Extracting data out of fields correctly Hi, I have a dataset like this : field1=XXXX YYYYY-field2=ZZZZZZ:AAAAAA-field3=BBBBBB-field4=CCCCCC DDDDDDDD Now a... by abhayneilam Contributor in Splunk Search 01-21-2013 0 1	0	1