Splunk Search

Community Activity

Need help with regex Hello I am trying to get the browser information from the below raw data and haven't been able to do so. Can anyone ... by theouhuios Motivator in Splunk Search 11-26-2012 0 9	0	9
Event Options Menu lacks "show source" item if search has "fields" command in it. If you say "" as search, you see "show source" in the Event Options Menu by every event. If you say " \| fields sit... by droth333 Explorer in Splunk Search 11-26-2012 1 2	1	2
Extraction failure This seems like a straight forward config can someone spot where it's going wrong. I am unable to extract the "aaa" f... by tprzelom Path Finder in Splunk Search 11-26-2012 0 14	0	14
Field Extraction Default Delimiter I know that Splunk will automatically extract fields for field=xyz patterns in my data. How can I tell Splunk to also... by khodges_splunk Splunk Employee in Splunk Search 11-26-2012 0 1	0	1
Frequency of Universal forwarder I have installed Universal forwarder to send the log files to my Splunk storm project. My question is how frequently... by jimiparekh123 New Member in Splunk Search 11-26-2012 0 6	0	6
Simple regex I'm just trying to get the CN name from what looks like the fields below CN=John Smith,OU=Customer Service,OU=Users,O... by clymbouris Path Finder in Splunk Search 11-26-2012 0 2	0	2
Data format I have the data in this format where the value of the date_month changes how much data I select date_month DATASET... by ashu_g50 Path Finder in Splunk Search 11-26-2012 0 1	0	1
extracting multiple values for a field from one row(one event) Hi all, Regex is troubling me when i have to extract a field compared with previous line. My log is like Thread Eve... by smolcj Builder in Splunk Search 11-26-2012 0 30	0	30
similiar to chartTitle param do we have any way to give title to Table? I'm using panel_row2_col1_grp1 - panel_row2_col1_grp3 to collate 1 table and 2 charts. I need to group it since i use... by ma_anand1984 Contributor in Splunk Search 11-26-2012 0 1	0	1
REX not working in props.conf I am using this rex command \| rex max_match=100 "(?i)<severity>(?P<Severity>[^<]+)" When I add this to the props.c... by hartfoml Motivator in Splunk Search 11-26-2012 0 3	0	3
transformation : set a field value according to the host I'd like to set at search_time a new field, with a value according to the host : if host=abc.com then =test elseif h... by sbsbb Builder in Splunk Search 11-25-2012 0 2	0	2
sapninja data collection framework hi , can someone help me with sapninja data collection framework which is used for data collection for the app Splu... by nawneel Communicator in Splunk Search 11-24-2012 0 3	0	3
Joining two large datasets without a Join I have two data sources, one that is a very large file listing with *nix timestamps, and one that has a text descript... by splunk_eval Explorer in Splunk Search 11-23-2012 1 4	1	4
Fields extraction problem HI Experts. I did fields extraction in regexr, The fields matching in regexr is no problem. But, On splunk , we ca... by himang2c New Member in Splunk Search 11-23-2012 0 4	0	4
How to supress the x axis label in timechart I use a lot of timechart searches for a dashboard, each of them showing the "_time" label in the x-axis. As it is cl... by FRoth Contributor in Splunk Search 11-23-2012 3 6	3	6
Nav menu problem ??? Hi .. i have created a APP in splunk .and i have change its nav menu as below.. Google Now when i click on Googl... by rakesh_498115 Motivator in Splunk Search 11-23-2012 0 2	0	2
5 and above login failures I have managed to create a search that finds users that have failed to login within the last 24 hours but I want to o... by robK123 Explorer in Splunk Search 11-23-2012 0 2	0	2
no longer seeing all logs after clearing index I am no longer seeing all my logs on the indexer after clearing the index of all data. Is there something that needs ... by jonathanfalconi Explorer in Splunk Search 11-23-2012 0 10	0	10
Transactions which are overlapping Hourly Job 1245 started Hourly Job 1246 started Hourly Job 1246 completed -- Hourly Job 1245 completed How to... by 1234testtest Path Finder in Splunk Search 11-23-2012 0 1	0	1
Is there a way to timechat the number of open sessions given a login and logout event? Hi all, I have login and logout events and I'm trying to plot a graph showing the number of open sessions each minut... by DamianS Explorer in Splunk Search 11-23-2012 0 4	0	4
sum of average values based on two other columns hi, given the following data time, hub, port, unique ip count 12:11:01 a 1 23 12:11:02 b 2 34 12:... by stephen123 Path Finder in Splunk Search 11-23-2012 0 1	0	1
How to find deltas for multiple fields generically Currently, the query ... \| timechart span=1hr count by term limit=10 gives me _time apple orange banana... by benobviate Explorer in Splunk Search 11-22-2012 0 2	0	2
eval function inside chart using a variable Hello the splunk community, I'm kinda new to splunk, and I'm trying to perform some charting using the eval function... by guilhem Contributor in Splunk Search 11-22-2012 0 1	0	1
timechart does not dis play the error hi all , I used the below query ..but i am not getting the timechart its shows field '_time' should have numerical... by splunkpoornima Communicator in Splunk Search 11-22-2012 0 6	0	6
Need to extract fields Hi, I have the following in my logs dataSetListCountInfo_HKG_generic=2 dataSetListCountInfoicm=72 dataSetListCount... by ashu_g50 Path Finder in Splunk Search 11-22-2012 0 8	0	8