Splunk Search

Community Activity

Error in 'lookup' command: Could not find all of the specified lookup fields in the lookup table. I created a look up table that does return all the fields if I use the search command: \|inputlookup lookuptable But... by lpolo Motivator in Splunk Search 10-16-2012 2 5	2	5
What are possible search strategies to find most recent values of one or more fields? Hi All I'm looking at the possible approaches to obtain events that contain the most recent values for one or more f... by Marinus Communicator in Splunk Search 10-16-2012 0 9	0	9
STATS function Hi, Is there a way to find out the max response time during a 30-minute bucket and its associated url from the web se... by shangshin Builder in Splunk Search 10-16-2012 0 3	0	3
How do I get mvcount to display 0 when no field exists? Hi all, I have a search that looks something like this: foo \| extract pairdelim="\|;]}" kvdelim="=:" mv_add=true \| e... by DamianS Explorer in Splunk Search 10-16-2012 0 3	0	3
Lookup query hi for this ..\|lookup keywords match output keyword where keywords.csv is my lookup whwre i need to put in in mycompu... by Tridi123 New Member in Splunk Search 10-16-2012 0 2	0	2
How to add time from drop down in GUI to search string automatically In order to establish the search timeframe for Splunk there are 3 options that I know of. Use the dropdown to the ri... by brantramey Explorer in Splunk Search 10-16-2012 0 1	0	1
Where to search my monitored indexed log Hey guys, I have written some stuff in the inputs.conf file and the fschange stuff works but I can't find the logs ... by SplunkUser5888 Path Finder in Splunk Search 10-16-2012 0 7	0	7
Building new events based on transactions at index time Howdy, I've a load balancer which is happily sending event logs when certain events happen in a web app flow. It wil... by acidkewpie Path Finder in Splunk Search 10-16-2012 0 3	0	3
Subtraction of the time duration I used the below query and i got the following result source="ADFER"\|transaction Taskaction startswith="START" endsw... by splunkpoornima Communicator in Splunk Search 10-16-2012 0 3	0	3
Newbie Splunk Field Extraction Question I have a log entry that looks like this. I am talked with coming up with a quick-and-dirty financial report to repor... by jcman01 Engager in Splunk Search 10-16-2012 0 3	0	3
Question on basic subtraction in time charts Per below- my Total Configured_Space & Free_Space work great. timechart eval(sum(Logical_Capacity_Blocks) / 20971520... by clintla Contributor in Splunk Search 10-16-2012 0 5	0	5
How to identify a raw events splunk instance origin Does anyone know how to identify the splunk instance from which a raw event was forwarded? Note: this could either be... by Lucas_K Motivator in Splunk Search 10-15-2012 0 1	0	1
Scheduled searches question I have a dashboard with 10 single value boxes and I refresh it every minute. Every single value box search my indexes... by bckq Path Finder in Splunk Search 10-15-2012 0 3	0	3
How to Calculate the sum of values from a chart and create a field specifying that total of those values Hello I am trying to create a total of values in different fields and add it to the output as a different field. I a... by theouhuios Motivator in Splunk Search 10-15-2012 0 5	0	5
Does Splunk support CUDA? Hello, It seems our demands for parallel and real-time queries in Splunk are increasing exponentially the more busin... by kengilmour Path Finder in Splunk Search 10-15-2012 0 1	0	1
combine xml log, two search and value to field My two xml log looks like this <items><item><name>Registered Users</name><value>139</value></item><item><name>Regis... by jangid Builder in Splunk Search 10-15-2012 0 2	0	2
When is Splunk 5 released? Hi all, Just wondering if anyone knows the release date for the next major version of Splunk? I've heard that it's i... by watsm10 Communicator in Splunk Search 10-15-2012 0 3	0	3
concatenating more than one field Hi, I have three fields : field1 field2 field3 delhi delhi kol delhi mum... by abhayneilam Contributor in Splunk Search 10-15-2012 0 3	0	3
how to compare multiple fields i have key words like project,plan ,lease now if any file name if these key word hits i need to find which keywords ... by Tridi123 New Member in Splunk Search 10-14-2012 0 2	0	2
how to search multiple patterns in named group I am using the following command to search : index="real" \| rex field="Location" (?mumbai) can anyone tell me how... by abhayneilam Contributor in Splunk Search 10-14-2012 0 2	0	2
how can I make search much faster ? I want to search a string xxx in the field with 21G data using sourcetype="datafile" id="xxx" how can I make sear... by perlish Communicator in Splunk Search 10-14-2012 0 2	0	2
How would I get stats on the fieldname (not value)? I'm working with multiple logs which have different field naming conventions for the same date. Is there a way to li... by the_wolverine Champion in Splunk Search 10-12-2012 0 1	0	1
merge two searches without available fields Hello, i have two searches where the text expressions are different(without fields) (Login Successful and Unsuccess... by rechteklebe Path Finder in Splunk Search 10-12-2012 0 5	0	5
How to associate related fields in different log files to form a statistic table I have two different data sources: log 1 include field 'a' and 'b' log 2 include field 'b'and 'c' Now i want to c... by akdake Explorer in Splunk Search 10-12-2012 0 2	0	2
why does the regex not work? Why does the following regex not both records: (?i)(?:MEthod: ) \| (?:Metode: )(?P<FIELDNAME>\w+) Records: 2012-10... by kennmunklarsen New Member in Splunk Search 10-12-2012 0 5	0	5