Splunk Search

Community Activity

Possible bug - Deleting a saved search deletes all searches with the same name I believe I have found a possible bug. There is a condition that when you delete a saved search all saved searches wi... by ztom Explorer in Splunk Search 11-27-2012 0 1	0	1
eval fails if fields have a ":" in their name I have some data in the form of xml records. The fields extract fine using the xmlkv operator, but I can not perform ... by bnolen Path Finder in Splunk Search 11-27-2012 2 5	2	5
multiple values for single field in multiple lines of a single multi-lined event Below is my sample log. I'm trying to extract all the 'Pend Reason' codes and still maintain the host field which I'm... by sf-mike Splunk Employee in Splunk Search 11-27-2012 0 3	0	3
Regular expression help and error (Regex: unmatched parentheses ) The regular expression is correct according to RegExr, but i keep on getting this error Regex: unmatched parentheses... by Michael_Schyma1 Contributor in Splunk Search 11-27-2012 0 2	0	2
Oracle into Splunk I am trying to get the login/logoff and failed login of oracle 10.2.0.4 installed on windows to be seen by splunk. I ... by phelit New Member in Splunk Search 11-27-2012 0 8	0	8
stats by date_hour failing to return results Been scratching my head about this one... This search returns a value: index=os source=cpu host=myhost \| stats avg(... by anssntaco Path Finder in Splunk Search 11-26-2012 1 12	1	12
Using a lookup to grab a host's subnet and then list out all other hosts in that subnet. I have a lookup table that includes fields for hostname and subnet. I can easily view all hosts in a subnet by search... by pkeller Contributor in Splunk Search 11-26-2012 0 2	0	2
Need help with regex Hello I am trying to get the browser information from the below raw data and haven't been able to do so. Can anyone ... by theouhuios Motivator in Splunk Search 11-26-2012 0 9	0	9
Event Options Menu lacks "show source" item if search has "fields" command in it. If you say "" as search, you see "show source" in the Event Options Menu by every event. If you say " \| fields sit... by droth333 Explorer in Splunk Search 11-26-2012 1 2	1	2
Extraction failure This seems like a straight forward config can someone spot where it's going wrong. I am unable to extract the "aaa" f... by tprzelom Path Finder in Splunk Search 11-26-2012 0 14	0	14
Field Extraction Default Delimiter I know that Splunk will automatically extract fields for field=xyz patterns in my data. How can I tell Splunk to also... by khodges_splunk Splunk Employee in Splunk Search 11-26-2012 0 1	0	1
Frequency of Universal forwarder I have installed Universal forwarder to send the log files to my Splunk storm project. My question is how frequently... by jimiparekh123 New Member in Splunk Search 11-26-2012 0 6	0	6
Simple regex I'm just trying to get the CN name from what looks like the fields below CN=John Smith,OU=Customer Service,OU=Users,O... by clymbouris Path Finder in Splunk Search 11-26-2012 0 2	0	2
Data format I have the data in this format where the value of the date_month changes how much data I select date_month DATASET... by ashu_g50 Path Finder in Splunk Search 11-26-2012 0 1	0	1
extracting multiple values for a field from one row(one event) Hi all, Regex is troubling me when i have to extract a field compared with previous line. My log is like Thread Eve... by smolcj Builder in Splunk Search 11-26-2012 0 30	0	30
similiar to chartTitle param do we have any way to give title to Table? I'm using panel_row2_col1_grp1 - panel_row2_col1_grp3 to collate 1 table and 2 charts. I need to group it since i use... by ma_anand1984 Contributor in Splunk Search 11-26-2012 0 1	0	1
REX not working in props.conf I am using this rex command \| rex max_match=100 "(?i)<severity>(?P<Severity>[^<]+)" When I add this to the props.c... by hartfoml Motivator in Splunk Search 11-26-2012 0 3	0	3
transformation : set a field value according to the host I'd like to set at search_time a new field, with a value according to the host : if host=abc.com then =test elseif h... by sbsbb Builder in Splunk Search 11-25-2012 0 2	0	2
sapninja data collection framework hi , can someone help me with sapninja data collection framework which is used for data collection for the app Splu... by nawneel Communicator in Splunk Search 11-24-2012 0 3	0	3
Joining two large datasets without a Join I have two data sources, one that is a very large file listing with *nix timestamps, and one that has a text descript... by splunk_eval Explorer in Splunk Search 11-23-2012 1 4	1	4
Fields extraction problem HI Experts. I did fields extraction in regexr, The fields matching in regexr is no problem. But, On splunk , we ca... by himang2c New Member in Splunk Search 11-23-2012 0 4	0	4
How to supress the x axis label in timechart I use a lot of timechart searches for a dashboard, each of them showing the "_time" label in the x-axis. As it is cl... by FRoth Contributor in Splunk Search 11-23-2012 3 6	3	6
Nav menu problem ??? Hi .. i have created a APP in splunk .and i have change its nav menu as below.. Google Now when i click on Googl... by rakesh_498115 Motivator in Splunk Search 11-23-2012 0 2	0	2
5 and above login failures I have managed to create a search that finds users that have failed to login within the last 24 hours but I want to o... by robK123 Explorer in Splunk Search 11-23-2012 0 2	0	2
no longer seeing all logs after clearing index I am no longer seeing all my logs on the indexer after clearing the index of all data. Is there something that needs ... by jonathanfalconi Explorer in Splunk Search 11-23-2012 0 10	0	10