Splunk Search

Community Activity

regular expression for XML Log I have following log in xml format <tec><items><item><name>Status</name><value>Online</value></item><item><name>Comp... by jangid Builder in Splunk Search 10-30-2012 1 1	1	1
Can't extract fields names from tab delimited source Hi. I'm new to Splunk. I've got basic import and searching working on the windows install, but I want to get the fiel... by nosignal Explorer in Splunk Search 10-29-2012 0 1	0	1
fomation in pattern matching- please help urgently I have 2 keywords and I am running query : index="maa" \| table Name Age Location \| rex field="Location" (?(?i)"kol")... by abhayneilam Contributor in Splunk Search 10-29-2012 0 9	0	9
want 0 count if keyword does not match index="usb_weekly_data" \|rex field="src_file_name" (?(?i)"presentation") \| stats count as First by key_word above qu... by abhayneilam Contributor in Splunk Search 10-29-2012 0 2	0	2
bar chart with five search I want to create a bar chart with these following search eventtype="et_system_metrics" Stage=A* \| stats count(eval... by jangid Builder in Splunk Search 10-29-2012 0 6	0	6
What's wrong in this sub search ? What is the wrong in this sub search ? Individually both are working fine. eventtype="et_system_metrics" Stage=A* A... by jangid Builder in Splunk Search 10-29-2012 0 4	0	4
docs.splunk.com wrong link to answers Dear Doc Team, if one uses the link to Answers on top of the docs.splunk.com page, you end up at docs.splunk.com/Ans... by MuS SplunkTrust in Splunk Search 10-29-2012 5 1	5	1
problem with REX I am giving the following search : index="maa" \| table Name Age Location \| rex field="Location" (?(?i)"delhi") \| eva... by abhayneilam Contributor in Splunk Search 10-29-2012 0 10	0	10
how to merge multiple rex commands Hi, I have a query as follows : index="maa" \|rex field="Location" (?(?i)"delhi") \| eval ONE=lower(ONE) \|stats count... by abhayneilam Contributor in Splunk Search 10-29-2012 0 3	0	3
Search for items not matching values from a lookup Related to http://splunk-base.splunk.com/answers/7581/best-way-to-search-using-a-lookup-table I want this inverse sc... by gohar Explorer in Splunk Search 10-27-2012 1 2	1	2
Rex in If else ladder Hi, I am running the below query and want to print 0 for the keyword that is not matched , can this be possible to g... by abhayneilam Contributor in Splunk Search 10-27-2012 0 2	0	2
Alerting based on deviation on multi dimensional data I have a challenge that I'm hoping someone can help with. There are around 24,000,000 events being indexed per 24 ho... by hirsts Path Finder in Splunk Search 10-26-2012 0 2	0	2
Unabe to get the search result in text box using javascript inside html module Hi, Just have a look at this code < module name="HiddenSearch" layoutPanel="panel_row2_col1" autoRun="True"> <... by madanashok Path Finder in Splunk Search 10-26-2012 0 2	0	2
RegEx for variable message field extraction Hello, I have logs coming in that look like the following: (Tab between columns) server1.something.com ApacheLog ... by johnebgood Path Finder in Splunk Search 10-26-2012 1 4	1	4
Can i know the results retrieved for each search query ? Hi. I have search query that query returns certains fields . these information will vary according to the realtime d... by rakesh_498115 Motivator in Splunk Search 10-26-2012 0 2	0	2
Is it possible to use saved search RESULTS as a subsearch? My problem with this is that the saved search takes longer than 60 seconds to run, so I only get partial answers if I... by dspracklen Path Finder in Splunk Search 10-26-2012 1 3	1	3
what is the signifincance of $ symbol in splunk ?? Hi.. I know that the dolloar $ is used for variables . like $a or $b something like this.In splunk i have seen in fe... by rakesh_498115 Motivator in Splunk Search 10-26-2012 0 1	0	1
Extract domain from FQDN in Windows Event log I need to create a transform stanza that will seperate some events depending on which domain they originate from. ... by bkcarter Path Finder in Splunk Search 10-26-2012 0 1	0	1
Custom fields to be extracted from the Odata for splunk app This is a question on the OData App. I have a search that lists the output as a table, when I save this search and a... by giridhar_tm Engager in Splunk Search 10-26-2012 1 2	1	2
Getting a wrong answer for the calculation of mean in splunk Hello I am trying to calculate the mean of a field and it's strange that splunk cal the mean in a completely differe... by theouhuios Motivator in Splunk Search 10-26-2012 0 2	0	2
can i get the default _raw with out specificing it in the query ?? Hi.. I have search query which gives me a ouput of certain fields say A,B,C and we know that splunk has two default ... by rakesh_498115 Motivator in Splunk Search 10-26-2012 0 4	0	4
Sorting Months in a Field So I wasn't really sure how to do this after reading the documentation, but I'm running the following search: (host=... by henryt1 Path Finder in Splunk Search 10-26-2012 0 2	0	2
summation of row values I have a report like this : keyword "one" "two" "three" mumbai 5 3 2 kolkata 2 2 1 chennai ... by abhayneilam Contributor in Splunk Search 10-26-2012 0 3	0	3
stat count is not coming properly Hi I have a field called "src_file_name" in which I have only four values as follows: evaluation vehicle policy wor... by abhayneilam Contributor in Splunk Search 10-26-2012 0 3	0	3
Using Macro in savedsearches.conf Hi, I've following entry in my savedsearches.conf: [My_Summary_Query] action.email.inline = 1 action.email.reportSe... by freephoneid Path Finder in Splunk Search 10-25-2012 0 5	0	5