Splunk Search

Community Activity

How to get certain fields from the logs Hi, I am brand new to splunk, sorry if i am asking very basic questions. i have data in the below format (I have put ... by xvxt006 Contributor in Splunk Search 09-27-2012 0 5	0	5
Replacing an IP with a set of usernames in a complex search I'm putting together a search which needs to cross correlate two data sources as well as run a nested search in order... by timbCFCA Path Finder in Splunk Search 09-27-2012 0 1	0	1
Chart showing additonal info Hi, I am trying to create a chart on the basis of difference of two fields same time on the right side it should sho... by john Communicator in Splunk Search 09-27-2012 0 3	0	3
how to calculate uptime based on below result, (total no of up events)*100/(total no of events) 8/27/12 10:24:04.000 AM server=Test and status=Up host=test1 8/27/12 10:24:04.000 AM server=test1 and status=Up host... by ajaysingh3 Explorer in Splunk Search 09-27-2012 1 8	1	8
Custom parsing I am rookie here. I have a log of type "2e 00000008 M 2050 nodemgr 09/10/21 20:01:11.860361 NODEMGR: Successfully ... by yhemaraj Engager in Splunk Search 09-26-2012 0 1	0	1
To use subsearch result in outersearch for > and < comparisons. I have a subsearch which is returning two fields and I am succesfully able to use that in the outer search for the eq... by asingla Communicator in Splunk Search 09-26-2012 1 6	1	6
show proper rate of a continually increasing value I have a script which collects the ldap stats of a series of ldap hosts and forward the values to splunk. Now natura... by dominiquevocat SplunkTrust in Splunk Search 09-26-2012 1 8	1	8
Counting a field for number of messages per unique value I have transactions being logged to Splunk, but I get multiple messages per transaction. We are in the middle tier an... by sysprg1 Explorer in Splunk Search 09-26-2012 0 2	0	2
why is addinfo not working in my search? I asked a few weeks ago how to get the total duration of my search timeframe and was told to use addinfo. Got it work... by auntyem Explorer in Splunk Search 09-25-2012 0 1	0	1
Calculate Percentage I've been going around in circles on this all day and at this point figured I would post my question here: sourcetyp... by gnovak Builder in Splunk Search 09-25-2012 0 3	0	3
Dynamic renaming of column header in a table How do I get timeColumnName to read as "July"? It needs to be dynamic. Keying off of the eval or something similar.... by chrismorris Explorer in Splunk Search 09-25-2012 2 1	2	1
How to get count of c-ip from IIS logs indexed by splunk Hi All, I am using Microsoft's Log Parser tool with which I can query my IIS logs. Now I have a query to select diff... by ajaykulkarni Engager in Splunk Search 09-25-2012 0 2	0	2
How to use external variables in search command? application.js value = Splunk.util.getParameter("name"); localStorage.setItem("name",value); I saved parameter val... by kjycls Engager in Splunk Search 09-24-2012 0 3	0	3
Correctly Script SQL Queries Hi I have a batch file that executes a sqlserver query using sqlcmd. The contents of the batch file are: sqlcmd -i ... by danurag Explorer in Splunk Search 09-24-2012 1 7	1	7
Field search not working? Hello, I have records that look like this: 2012-09-24T18:31:38: ^^ AAA ^^ BBB ^^ CCC ^^^ DDD ^^^ EEE The records ge... by acontarciego Explorer in Splunk Search 09-24-2012 0 1	0	1
Finding the earliest event by Splunk server & index I'm trying to come up with a query that shows me the earliest (oldest) event in each index on every server that I hav... by kogane Path Finder in Splunk Search 09-24-2012 0 1	0	1
search fails in xml file The following search works fine in the Splunk search: index=mydata \| rex "\s+IP\s+(?\d+.\d+.\d+.\d+).(?\S+)\s+>\s+(... by DTERM Contributor in Splunk Search 09-24-2012 0 2	0	2
Splunk Server in (windows 2008 r2) is not searching data Hi, Due to some issue the splunk server is not searching any data and getting bellow error. even I am not able to tel... by sachinkum New Member in Splunk Search 09-24-2012 0 1	0	1
how to get user system ip Hi , I am trying to track who all using splunk and ip address of there system.I found this query index=_audit action... by john Communicator in Splunk Search 09-24-2012 0 8	0	8
Add 'static' field to all events from a source (syslogs) I have a dedicated index for syslogs that I would like to add a 'static field' to: MonFunc=sysmsgs ### Add to all ... by tskimball New Member in Splunk Search 09-21-2012 0 5	0	5
Most/More efficient way of counting incomplete transactions? I'm using events from 2 sourcetypes to determine whether a transaction is complete. Quite simply, if there are 2 eve... by the_wolverine Champion in Splunk Search 09-21-2012 0 6	0	6
Abstract Lookup We have several applications that we monitor and have written dashboards for. We would like to have one lookup table ... by tadb New Member in Splunk Search 09-21-2012 0 6	0	6
How to use transaction Hi, User want to see 100 events after a particular event or String eg Id=987. I have used transaction for that.But a... by john Communicator in Splunk Search 09-21-2012 0 2	0	2
Return matching fields from two sources I have two different sources that I need to find and return all matching instances of a field. Unfortunately, the fie... by cpowell New Member in Splunk Search 09-21-2012 0 3	0	3
How do I know if a host is not sending me data? If I have a lookup table formatted like this: lookup_host,os host1,linux host2,linux host3,sunos And say I'm sen... by pkeller Contributor in Splunk Search 09-21-2012 1 6	1	6