Splunk Search

Community Activity

How to find deltas for multiple fields generically Currently, the query ... \| timechart span=1hr count by term limit=10 gives me _time apple orange banana... by benobviate Explorer in Splunk Search 11-22-2012 0 2	0	2
eval function inside chart using a variable Hello the splunk community, I'm kinda new to splunk, and I'm trying to perform some charting using the eval function... by guilhem Contributor in Splunk Search 11-22-2012 0 1	0	1
timechart does not dis play the error hi all , I used the below query ..but i am not getting the timechart its shows field '_time' should have numerical... by splunkpoornima Communicator in Splunk Search 11-22-2012 0 6	0	6
Need to extract fields Hi, I have the following in my logs dataSetListCountInfo_HKG_generic=2 dataSetListCountInfoicm=72 dataSetListCount... by ashu_g50 Path Finder in Splunk Search 11-22-2012 0 8	0	8
set a value at search time I made a Union with APPEND betwenn to search : search1 APPEND [search2] I want to have a field "source" that has a ... by sbsbb Builder in Splunk Search 11-22-2012 0 2	0	2
Making a table from data with objects in an array I have data that looks like {<!-- --> event: "request", timers: [ {<!-- --> category : "serverA", dur... by benobviate Explorer in Splunk Search 11-21-2012 0 3	0	3
newb help creating an alert Hi there, i'm somewhat new to splunk and hoping some of the more seasoned veterans can assist me. I have a process ... by plastiiq Explorer in Splunk Search 11-21-2012 0 1	0	1
locating dead hosts I am trying to get a report of all hosts that have not reported any events in the last 2 hours. I am using: \| metad... by rbellini Explorer in Splunk Search 11-21-2012 0 5	0	5
Problems with props.conf and transforms.conf and similar hostnames I have 2 hostnames, let's call them "temp" and "temp001". Splunk is capturing "temp001" and placing it in the proper ... by aferone Builder in Splunk Search 11-21-2012 0 15	0	15
Lookup: Escaping quotation character in field value Hi SB, Playing around with lookup tables and it appears I can not have an escaped quotation character (e.g. ") withi... by MHibbin Influencer in Splunk Search 11-21-2012 0 1	0	1
Tracking user activity on website Hey, I have problem to determine the urls which lead a customer to a certain url "x". I have an apache-log in which I... by jtworzydlo Path Finder in Splunk Search 11-21-2012 0 2	0	2
Show Single Value Panels in a Table I have 66 single value panels to display in my dashboard. So far I am finding that I can only go three columns wide... by aleem SplunkTrust in Splunk Search 11-21-2012 2 3	2	3
Sequencing Saved Searches Hi, I have a saved search, which is currently scheduled, and creates a summary index. I have other saved searches t... by JovanMilosevic Path Finder in Splunk Search 11-21-2012 0 2	0	2
calculate time difference between 2 fields \| sum and group by month I have a log that looks like this: start_time="2011-11-19T13:32:59" end_time="2011-11-19T13:34:59" How do I create... by andyk Path Finder in Splunk Search 11-21-2012 2 2	2	2
multiple search output in a single table/list/something hi all, i am doing an splunk app to reduce the complexity in reading a log file. I am done with the field extractions... by smolcj Builder in Splunk Search 11-20-2012 1 6	1	6
how to retrive the values above and below the certain limit hi all , source="taskmanger_logs"\|transaction TaskAction startswith=START endswith=Succeeded\|table TaskAction durati... by splunkpoornima Communicator in Splunk Search 11-20-2012 0 1	0	1
regex for event type. Hi, is it not possible to use a regex to determine an event type. I would like to usee something like: \d{4}-\d{1,2... by brettcave Builder in Splunk Search 11-20-2012 0 7	0	7
Creating view result link Hi anyone have links to share with me on how can I create view button for my application. I displayed some single va... by elaine0102 Explorer in Splunk Search 11-20-2012 0 7	0	7
confused about wildcards in monitor in inputs.conf I have directories of logs organized as: /opt/logjam/logs/nonprod/<service>.<environment>/<logs> I am attempting t... by milkovic New Member in Splunk Search 11-20-2012 0 1	0	1
Timechart with multiple fields and calculating percentage My query is something like .. \| eval color_and_shape = color + "/" + shape \| timechart count as total, count(eval(he... by benobviate Explorer in Splunk Search 11-20-2012 1 1	1	1
Trying to schedule a search and save it in summary index, index=new Search peer denpda3log01 has the following message: received event for unconfigured/disabled index='new' with source=... by mike7860 Explorer in Splunk Search 11-20-2012 0 1	0	1
Regex for SAR data in UNIX Hello I need to create a timechart for the data below based on cpu's available and the utilization of that specific... by theouhuios Motivator in Splunk Search 11-20-2012 0 1	0	1
Calculation of area of a graph Hi there, today I have a special question. I am not sure how to realise this. I have on the one hand a lot of perfor... by nebel Communicator in Splunk Search 11-20-2012 0 2	0	2
Is there a way to manipulate time range picker using just a seach query? Since some days ago I was thinking a way to manipulate the "time range picker" or even the period to retrieve data fr... by wagnerbianchi Splunk Employee in Splunk Search 11-20-2012 0 5	0	5
how to change graph line color I have drawn one line graph by severity. and it has three types: Error,Warning,Notice. I want to Display Error line i... by geetanjali Path Finder in Splunk Search 11-20-2012 0 2	0	2