Splunk Search

Community Activity

search to find gaps in data? I have had some data reporting in from event logs from approx 30-40 windows servers. There were some issues on some ... by r999 Path Finder in Splunk Search 12-19-2012 1 1	1	1
can we fill the Field Values basing on the Other Field Value ? Hi.. I have sample log events as follows : event 1 : 12-10-24:0:0:1 RequestOrder OrderNo=107 Product=Samsung... ..... by rakesh_498115 Motivator in Splunk Search 12-19-2012 1 1	1	1
Timechart's Table Column Header - Sorted in Descending Order Hi, I'm using version 4.2.2 with the search query: host = "JA8" AND eventtype="firewall" earliest=7/1/2011:0:0:0... by syslogap New Member in Splunk Search 12-19-2012 0 4	0	4
Field Extraction - Multiple Matches same line Hello, How can I make a field extraction match multiple times on a given line? here's an example: datetime=1355871... by BP9906 Builder in Splunk Search 12-18-2012 0 2	0	2
Hourly breakdown of data with math operation I have a log file that always has the same structure of: time1,time2,groupNumber eg: 355350224,338837556,2 135535022... by chablist New Member in Splunk Search 12-18-2012 0 1	0	1
Understanding regex used in LINE_BREAKER Using Splunk 4.3 - My data input file is in JSON format with multiple events in each file stored in an events array. ... by bshamsian Path Finder in Splunk Search 12-18-2012 0 5	0	5
I want to calculate the Standard Deviation for the raw values that make a up the Average I calculated an Average for a list of values AVG(numbers), I now have a list of those Averaged numbers with the numbe... by Dark_Ichigo Builder in Splunk Search 12-18-2012 0 1	0	1
Field Creation ? Hi. I have created a rex for my field say . MSGID . can this be saved in splunk using Fields Manager. my rex is r... by rakesh_498115 Motivator in Splunk Search 12-18-2012 0 1	0	1
Data deletion upon start problem Hi, I'm using free edition of splunk server, the problem is that every time I start the splunk server, the data is de... by yanivoren New Member in Splunk Search 12-18-2012 0 1	0	1
Regex after delimited field extraction After a delimited field extraction in transforms.conf, I have a field called Gateway_Name that contains, for example,... by tnkoehn Path Finder in Splunk Search 12-18-2012 1 4	1	4
Extracted field as variable Hi everyone, A simple question about the field extractions. Suppose I've got 12 logs with basically some recurrent i... by quatral Explorer in Splunk Search 12-18-2012 1 3	1	3
Why comparision not working when field is having value "" fieldA is the extracted field already available fieldB is eval field \| eval fieldB= \| where fieldA=fieldB Here im... by ma_anand1984 Contributor in Splunk Search 12-18-2012 0 4	0	4
Separate Fields Hi, I'm new to splunk, so please excuse the basic question. I have some data in the following format: Field1=abcdef... by jaykay New Member in Splunk Search 12-18-2012 0 4	0	4
Create unique field counts from comma deliminated line I have a log file that always has the same structure of: time1,time2,groupNumber eg: 355350224,338837556,2 135535022... by chablist New Member in Splunk Search 12-18-2012 0 1	0	1
Create unique field counts from comma deliminated line I have a log file that always has the same structure of: time1,time2,groupNumber eg: 355350224,338837556,2 135535022... by chablist New Member in Splunk Search 12-17-2012 0 1	0	1
macro with 2 arguments and a where clause hi, i have a search query like index=main a=* OR b=* 'macroname("a","b")' \|table b b1 b2 b3 my macro is like macr... by smolcj Builder in Splunk Search 12-17-2012 1 4	1	4
Determine time value based on count and Average duration This may not be possible but I work at a SAAS company and we want to start evaluating which of our web methods that a... by jericksonpf Path Finder in Splunk Search 12-17-2012 0 5	0	5
Comparing data from two files and showing the results. I have two files with a simple list of filenames in each. What I'd like to do is to compare one file to the other and... by malag_doval Engager in Splunk Search 12-17-2012 0 8	0	8
Timeformat not sorting properly I am using this search: sourcetype="foo" name="foobar*" \| convert timeformat="%m/%d/%Y - %a" ctime(_time) AS Date \| ... by hartfoml Motivator in Splunk Search 12-17-2012 0 4	0	4
How to do this below? Hi all, Am new to splunk tool and i have downloaded to use my project for reporting,analysis,charts and alerts notif... by balajsoz Path Finder in Splunk Search 12-17-2012 0 1	0	1
Multikv not extracting data Hello I am trying to input data of free -tm in splunk. The raw data would look like total used ... by theouhuios Motivator in Splunk Search 12-17-2012 0 4	0	4
Problem with set command I'm trying to get use the set command to monitor differences between two sets of DNS records. I've looked through th... by megancarney Explorer in Splunk Search 12-16-2012 0 3	0	3
extract from calculated field I can't find anything that says you can't do a field extraction from a calculated field, but I found that this works ... by pwattssplunk Splunk Employee in Splunk Search 12-15-2012 0 2	0	2
Main differences between a saved report and a saved search I wonder if there is any site in splunk Docs that clearly define the distinct differences between the two of them. I ... by e82than Communicator in Splunk Search 12-15-2012 1 2	1	2
OR (\|) condition in regular expression I am missing something in my regular expression I am having similar log and I can do with two regex but I want to com... by jangid Builder in Splunk Search 12-14-2012 0 3	0	3