Splunk Search

Community Activity

REGEX for nullQueue in transforms.conf We have a certain logfile (tied to sourcetype: syslog) inbound from a forwarder which has THIS line in it: 2012-07-... by asarolkar Builder in Splunk Search 07-02-2012 1 2	1	2
Help with stats for troubleshooting different result sets I have a table with the following fields: table qualys_id,exploit_cve_id,exploit_name,exploit_source,exploit_url Do... by responsys_cm Builder in Splunk Search 07-02-2012 0 1	0	1
Can't get lookups to work I am just using some test data that I generated to try to get lookups to work. First, my log (completely manually ge... by timmy13 Communicator in Splunk Search 07-02-2012 0 4	0	4
Custom _time extraction I would like to use a field in my event data for the _time field. It looks like: <LAST_UPDATE><![CDATA[2012-06-14T2... by responsys_cm Builder in Splunk Search 07-01-2012 0 3	0	3
can we change the position of the search button in search form ? Hi.. I have a created a simple form which consists of a textbox to take the search key input to perform the search.I... by rakesh_498115 Motivator in Splunk Search 07-01-2012 0 3	0	3
Lookup table matching on multivalued fields I have a field in some of our events called "action". I have blacklisted IPs that we've seen a number of attacks fro... by responsys_cm Builder in Splunk Search 06-29-2012 0 1	0	1
Table columns and rows transposition I'm trying to format the output from Windows perflogs into a nice table. The way the events are formatted, with separ... by twinspop Influencer in Splunk Search 06-29-2012 1 1	1	1
Adding up numerical values within a multi-value field In search language, is there a way to add the values stored in a multi-value field provided they are all numerical va... by hexx Splunk Employee in Splunk Search 06-29-2012 4 3	4	3
sum fields in same event I need to sum fields by other fields in the same event. Here is an example event: _time ... by jrizzobwa New Member in Splunk Search 06-29-2012 0 4	0	4
Can't get chart to show data. I have about 10 Windows computers using the universal forwarder to report CPU utilization, memory, disk and network c... by keithstone New Member in Splunk Search 06-29-2012 0 2	0	2
Is it possible to encrypt lookup files and use it in queries ? I have a situation where i dont need people to see the data in lookup file,so i want to encrypt it.Can splunk decrypt... by adityapavan18 Contributor in Splunk Search 06-29-2012 0 1	0	1
Search within 2 entries Hello, I want to search for an entry that contains UsersController#update and with the following entry that contain ... by Ikanui123 New Member in Splunk Search 06-28-2012 0 3	0	3
simple questions about a search hi there, with the search... `all_forwarders` \| fields sourceHost ...I will get all forwarder host names. On th... by nebel Communicator in Splunk Search 06-28-2012 0 1	0	1
Is it possible to run stats or eval on a multi-valued field? I'm using transaction to build a list of actions taken on behalf of our users. Is it possible to run stats to count ... by responsys_cm Builder in Splunk Search 06-28-2012 0 1	0	1
lookup tables?? What is the simplest way to populate a lookup table? I started creating a cronjob. However the splunk search comman... by DTERM Contributor in Splunk Search 06-28-2012 0 2	0	2
Subgroup rows for addcoltotals I would like to use the add column totals to get the sum of certain rows. Is there a way to specify a "by" clause in ... by SarahWKarvenz Path Finder in Splunk Search 06-28-2012 0 1	0	1
date parsing I've got date field in a splunk log that looks like: firstOccurrence=2012/06/27 14:55:12 Splunk does not interpret ... by DTERM Contributor in Splunk Search 06-28-2012 0 3	0	3
Day of the Week table - current day vs Monthly avg I'm trying to get a table showing the current daily average vs the previous month average, but I'm unsure I got the c... by splunk_zen Builder in Splunk Search 06-28-2012 0 3	0	3
timechart fields I'm trying to create a chart based on this data, the Num field changes every day: 2012-06-28 13:57:48 operator=TLFT ... by HansK Path Finder in Splunk Search 06-28-2012 0 3	0	3
Converting Percentages to Decimal based Percentages I want to change the percentage results of the follwoing search into decimal based Percentages, as I want the 0.5% fo... by Dark_Ichigo Builder in Splunk Search 06-27-2012 0 2	0	2
Help with a search query involving two time ranges We have a Splunk instance here at my job that I've inherited. I rarely have to go do anything in it so my Splunk Fu i... by cfortune Explorer in Splunk Search 06-27-2012 3 3	3	3
newbie question: Exchange data input So I installed universal forwarder on my Exchange 2010 server, during install specified the splunk server's FQDN. On... by itrcb4 New Member in Splunk Search 06-27-2012 0 7	0	7
Create a search with multiple outputs I'm trying to figure out if there is some combination of subsearches or other operations that will allow me to accomp... by responsys_cm Builder in Splunk Search 06-27-2012 0 4	0	4
can i use Table Tag in the Advance DashBoard Hi , I have created a advance dashboard with the module tags and all.can i use the table tag to display my search re... by rakesh_498115 Motivator in Splunk Search 06-27-2012 0 1	0	1
Round down I have a function where I take a number, divide it by 3, then would like to round that number down. Is that possible ... by KaliBaker Engager in Splunk Search 06-27-2012 0 4	0	4