Splunk Search

Community Activity

Creating a status graph - 0 or 1 - based only on "started" and "ended" messages I have a very similar question to this one: I have a dataset that tells me when a service starts (such as index=_int... by Jason Motivator in Splunk Search 11-29-2012 0 2	0	2
How to sum output of table command Hi I have a output of the table command as below : dataset datacount corp_zero 32 ebz_europe 6 icm 362 mbs ... by ashu_g50 Path Finder in Splunk Search 11-29-2012 0 12	0	12
top command with values I want top 10 values for a field based on the timer control. mysearch \| top 10 E_Time above command return top 10 r... by jangid Builder in Splunk Search 11-29-2012 1 5	1	5
eval & coalesce I'm trying to normalize various user fields within Windows logs. The fields I'm trying to combine are users Users and... by hagjos43 Contributor in Splunk Search 11-29-2012 1 3	1	3
unit along with fieldname Hi all is there any option in splunk, so that we can list the table contents and their units along with the table nam... by smolcj Builder in Splunk Search 11-29-2012 0 3	0	3
イベントから任意の文字列を置換する方法は？データを取り込んだ後に、イベントの中の文字を置換したり追加・削除することは可能ですか。例えば、イベント中に含まれるすべての"(ダブルクオート）を外してから検索を行う、など。 by Splunk_Shinobi Splunk Employee in Splunk Search 11-28-2012 0 1	0	1
How do I do a chart in splunk whereby I can forecast into the future? How do I do a chart in splunk whereby I can forecast into the future? Hi there appreciate any help here. Coming from... by HattrickNZ Motivator in Splunk Search 11-28-2012 0 4	0	4
Eval Question I am trying to translate a user, to an external IP address and be accurate within 5 seconds. I have to do this using ... by tmarlette Motivator in Splunk Search 11-28-2012 0 5	0	5
Trouble with Field Extraction I am attempting to pull information from multiple eventtypes into 1 field called ext_ip I can get two of them, but I ... by tmarlette Motivator in Splunk Search 11-28-2012 0 2	0	2
Need to Create Two Time Series in One Chart Answer below. by msettipane Splunk Employee in Splunk Search 11-28-2012 0 1	0	1
listing events directly from a table Hi all, is there any option to directly list the events for a particular table entry.. after a search in dashboard u... by smolcj Builder in Splunk Search 11-28-2012 0 3	0	3
index a file in a file system which can be mounted on different servers Hi I would like to index a file which is in a file system which can be mounted on different servers at different poi... by bob87 Explorer in Splunk Search 11-27-2012 0 1	0	1
Temporal Input lookups? We have been able to successfully use inputlookup with lookup files we have created. However, our lookup files have t... by bread555 Explorer in Splunk Search 11-27-2012 1 2	1	2
Sorting Charts I have the following search that returns a chart of response times for web pages by GET and POST. index=iis_PRODUC... by richnavis Contributor in Splunk Search 11-27-2012 0 2	0	2
How flexible use search if statement?How flexible use search if statement? To produce a single value dashboard, the utilization of the CPU and the MEN , and when any value exceeding the target... by lacusmax New Member in Splunk Search 11-27-2012 0 2	0	2
Possible bug - Deleting a saved search deletes all searches with the same name I believe I have found a possible bug. There is a condition that when you delete a saved search all saved searches wi... by ztom Explorer in Splunk Search 11-27-2012 0 1	0	1
eval fails if fields have a ":" in their name I have some data in the form of xml records. The fields extract fine using the xmlkv operator, but I can not perform ... by bnolen Path Finder in Splunk Search 11-27-2012 2 5	2	5
multiple values for single field in multiple lines of a single multi-lined event Below is my sample log. I'm trying to extract all the 'Pend Reason' codes and still maintain the host field which I'm... by sf-mike Splunk Employee in Splunk Search 11-27-2012 0 3	0	3
Regular expression help and error (Regex: unmatched parentheses ) The regular expression is correct according to RegExr, but i keep on getting this error Regex: unmatched parentheses... by Michael_Schyma1 Contributor in Splunk Search 11-27-2012 0 2	0	2
Oracle into Splunk I am trying to get the login/logoff and failed login of oracle 10.2.0.4 installed on windows to be seen by splunk. I ... by phelit New Member in Splunk Search 11-27-2012 0 8	0	8
stats by date_hour failing to return results Been scratching my head about this one... This search returns a value: index=os source=cpu host=myhost \| stats avg(... by anssntaco Path Finder in Splunk Search 11-26-2012 1 12	1	12
Using a lookup to grab a host's subnet and then list out all other hosts in that subnet. I have a lookup table that includes fields for hostname and subnet. I can easily view all hosts in a subnet by search... by pkeller Contributor in Splunk Search 11-26-2012 0 2	0	2
Need help with regex Hello I am trying to get the browser information from the below raw data and haven't been able to do so. Can anyone ... by theouhuios Motivator in Splunk Search 11-26-2012 0 9	0	9
Event Options Menu lacks "show source" item if search has "fields" command in it. If you say "" as search, you see "show source" in the Event Options Menu by every event. If you say " \| fields sit... by droth333 Explorer in Splunk Search 11-26-2012 1 2	1	2
Extraction failure This seems like a straight forward config can someone spot where it's going wrong. I am unable to extract the "aaa" f... by tprzelom Path Finder in Splunk Search 11-26-2012 0 14	0	14