Splunk Search

Community Activity

Finding the earliest event by Splunk server & index I'm trying to come up with a query that shows me the earliest (oldest) event in each index on every server that I hav... by kogane Path Finder in Splunk Search 09-24-2012 0 1	0	1
search fails in xml file The following search works fine in the Splunk search: index=mydata \| rex "\s+IP\s+(?\d+.\d+.\d+.\d+).(?\S+)\s+>\s+(... by DTERM Contributor in Splunk Search 09-24-2012 0 2	0	2
Splunk Server in (windows 2008 r2) is not searching data Hi, Due to some issue the splunk server is not searching any data and getting bellow error. even I am not able to tel... by sachinkum New Member in Splunk Search 09-24-2012 0 1	0	1
how to get user system ip Hi , I am trying to track who all using splunk and ip address of there system.I found this query index=_audit action... by john Communicator in Splunk Search 09-24-2012 0 8	0	8
Add 'static' field to all events from a source (syslogs) I have a dedicated index for syslogs that I would like to add a 'static field' to: MonFunc=sysmsgs ### Add to all ... by tskimball New Member in Splunk Search 09-21-2012 0 5	0	5
Most/More efficient way of counting incomplete transactions? I'm using events from 2 sourcetypes to determine whether a transaction is complete. Quite simply, if there are 2 eve... by the_wolverine Champion in Splunk Search 09-21-2012 0 6	0	6
Abstract Lookup We have several applications that we monitor and have written dashboards for. We would like to have one lookup table ... by tadb New Member in Splunk Search 09-21-2012 0 6	0	6
How to use transaction Hi, User want to see 100 events after a particular event or String eg Id=987. I have used transaction for that.But a... by john Communicator in Splunk Search 09-21-2012 0 2	0	2
Return matching fields from two sources I have two different sources that I need to find and return all matching instances of a field. Unfortunately, the fie... by cpowell New Member in Splunk Search 09-21-2012 0 3	0	3
How do I know if a host is not sending me data? If I have a lookup table formatted like this: lookup_host,os host1,linux host2,linux host3,sunos And say I'm sen... by pkeller Contributor in Splunk Search 09-21-2012 1 6	1	6
Extract more values for the same item in one row Hello, I have the following output of a script: fcs1 0 0 0 1 0 1 0 1 1 1 fcs2 0 0 0 1 1 1 0 0 0 0 fcs3 0 0 0 1 1 1 1... by atelesca Explorer in Splunk Search 09-21-2012 1 5	1	5
Table of contents Can one make contents of all views that are used in application? It really makes sence to have such information on th... by iKate Builder in Splunk Search 09-21-2012 0 3	0	3
append two search result by # I want to append two (or more) search results by event number search1: # _raw 1 a 2 b 3 c search2: # _raw 1... by crazyeva Contributor in Splunk Search 09-21-2012 0 2	0	2
Timechart & Span Hi, I am collecting some disk performance stats via a Splunk Forwarder from a Windows Server. I am now trying to gr... by paulf Explorer in Splunk Search 09-20-2012 0 3	0	3
How to remove the VALUE attached to a word with _ before the name I have the following search string which I use to create a line chart: ....\| timechart span=1d sum(kb) by series T... by coleman07 Path Finder in Splunk Search 09-20-2012 0 3	0	3
using a inputlookup on string values - regex match? I am currently matching a list of "bad ips" with a search such as this index=someindex NOT uri="/dot_clear.gif" [\| i... by sonicZ Contributor in Splunk Search 09-20-2012 0 3	0	3
How do I extract timings from chained events using start and end times We have the following events (dots represent other events for clarity) and would like to extract on a per process bas... by pbunce1 Explorer in Splunk Search 09-20-2012 1 1	1	1
Can I set a specific link for a given field in a search table Hi there folks, I am building a custom alerts dashboard based on a search that returns a table (see demo screen belo... by Andrew_Banman Explorer in Splunk Search 09-20-2012 0 5	0	5
Summary search count of events We have our dnsdebuglog turned on and I want to create a summary search of # of events in descending order. Results ... by jtm7x2 Explorer in Splunk Search 09-20-2012 0 1	0	1
How to get count of a field per event? I am using a transaction to get the start/end/duration of jobs. This gives me back about 200 events. Something like: ... by jameshgibson Path Finder in Splunk Search 09-20-2012 2 4	2	4
Table data sort behaviour I have a search that outputs a table similar to the following. Month starting count 1-Sep-11 21424533 1-Oct-11 ... by Lucas_K Motivator in Splunk Search 09-19-2012 0 4	0	4
Extract raw data using rex I want to extract exception, key and message from a raw event in our logs. The event looks like: EXCEPTION - : Type... by ninadmnaik Explorer in Splunk Search 09-19-2012 0 1	0	1
Lookup csv May I know if there is any size limit of the csv file when performing a lookup? I'm doing a lookup to a csv with aro... by wj Engager in Splunk Search 09-19-2012 0 4	0	4
Regex for Windows username null values I have a Windows event below. This regex, (?ms)^\s+User Name:\s+(?\S+), is used to extract the value from the User Na... by tpowell12 Explorer in Splunk Search 09-19-2012 0 7	0	7
How do I make a multi-dimension timechart? I have a need to count up both failures and successes on a chart, split them by something, and then compare these val... by Jason Motivator in Splunk Search 09-19-2012 4 3	4	3