Splunk Search

Community Activity

subsearch semantics I was trying to figure out why my search with subsearch does not work and then I realized that exact semantics of th... by igorbukanov Engager in Splunk Search 08-08-2012 1 1	1	1
Can I increase the number of lines per event displayed in the UI by the EventsViewer module? Hi , I have created some many events ..my events consist of more then 500 lines...but when i click view more lines f... by rakesh_498115 Motivator in Splunk Search 08-08-2012 1 4	1	4
inputlookup and substring search We need to search if a part of URL in the log matches a string from an external file. As I can see, the method from h... by igorbukanov Engager in Splunk Search 08-08-2012 1 2	1	2
Discard specific events (Debug) and keep the rest Hi I want to discard all log which includes "DEBUG" and want to receive only with "INFO and ERROR". I am receiving h... by nikhilagrawal Path Finder in Splunk Search 08-08-2012 0 2	0	2
how to use timechart to to search Hi, i want split the login log by timechart span "30s" in the every "30s",if the login fail count by one ip is bigger... by perlish Communicator in Splunk Search 08-08-2012 1 3	1	3
Couldn't run script command Based on reference: http://www.splunk.com/base/Documentation/4.2/SearchReference/Script I created a perl file that j... by EdSplunk Explorer in Splunk Search 08-08-2012 2 4	2	4
extract from source path not working I tried to follow the directions here to extract a field from the source path of my directory -- but i cant seem to g... by kittle New Member in Splunk Search 08-07-2012 0 3	0	3
Why doesn't the upload image feature of answers work? I tried to answer another user's question with an image that showed where in the interface to click. However, the up... by jrodman Splunk Employee in Splunk Search 08-07-2012 3 3	3	3
Search join with filter I want to do the SQL in Splunk: SELECT TB1.* FROM TB1 JOIN TB2 ON TB2.ID = TB1.ID WHERE TB2.OPTION = "OPTION 1" ... by erick_costa Path Finder in Splunk Search 08-07-2012 0 4	0	4
Regex question I can't seem to figure this one out. I have a line in a log like this: 2012-08-07 12:35:49,138 [http-10.40.231.33-4... by gnovak Builder in Splunk Search 08-07-2012 0 7	0	7
Grouping eventcode Is there a way to group several eventcodes so I dont have to keep on repeating myself. I can not seem to get the righ... by Michael_Schyma1 Contributor in Splunk Search 08-07-2012 0 1	0	1
Ordering Columns Not Working http://splunk-base.splunk.com/answers/49712/can-we-sort-command-for-sorting-the-table-records-rowwise Hi All, I hav... by matthewcanty Communicator in Splunk Search 08-07-2012 0 4	0	4
Width of Single value field in 4.3.3 I've upgraded my Splunk from version 4.3 to version 4.3.3 and my dashboard view has changed. This is version from 4.... by bckq Path Finder in Splunk Search 08-06-2012 0 1	0	1
Complex query I need a query that will provide the average duration of tickets for severity levels 0-4. The individual ticket dura... by DTERM Contributor in Splunk Search 08-06-2012 0 8	0	8
How would I get these results by day I am attempting to write a license usage search and I would like to be able to see the usage for the last 7 days. He... by rmcdougal Path Finder in Splunk Search 08-06-2012 0 1	0	1
lookup table as a search criteria Hello, Still trying to find a way to manage false positives in a search, I am leaning more and more towards an exte... by wsw70 Communicator in Splunk Search 08-06-2012 1 3	1	3
Single value return N/A instead of 0 Hi. I have two field Single Value. First is using search: source="/var/log/online-alerts_splunk2.log" online_aname="... by bckq Path Finder in Splunk Search 08-06-2012 3 6	3	6
Having trouble grabbing Privileges I am trying to extract the privileges that are listed below, but i do not seem to be having luck with the rex that I ... by Michael_Schyma1 Contributor in Splunk Search 08-06-2012 0 1	0	1
Unable to delete search events I opened up the splunk search app and added this splunk search command : sourcetype="addedfields" wrap \| delete The... by misteryuku Communicator in Splunk Search 08-06-2012 5 9	5	9
Working with eventtypes I'm wondering if someone can provide me with a suggestion on how to handle this (probably straight-forward) scenario.... by Branden Builder in Splunk Search 08-06-2012 0 2	0	2
indexOf item in mv field Given an event something like: x\|y,x1\|y1 and an extraction that gives you the multi-valued fields a&b, effectively... by vbumgarner Contributor in Splunk Search 08-06-2012 1 2	1	2
Regex multiple fields extraction and graph Hi All, I have a website which produces statistics and it is shown like this(over 1K lines, so just pasting a few) Ea... by nirt Path Finder in Splunk Search 08-06-2012 0 4	0	4
searching multiple sources and concatenating results to one row per event Hi, first time trying to join several logsources in Splunk and it's been a nightmare ;)! Use-case: I got one logsour... by anderswesterber New Member in Splunk Search 08-06-2012 0 5	0	5
Multi Line Graph from Multiple Hosts I am looking to create a simple multiline graph from the following logs: Hostname=host1 cpu_percentage=X etc.. Hostn... by howelsmovingcas New Member in Splunk Search 08-05-2012 0 1	0	1
Display top 25 url_host's per Userid Hi all, I've been working for the last week or two with content keeper logs, they're csv based and contain the follo... by aaronnicoli Path Finder in Splunk Search 08-05-2012 1 4	1	4