Splunk Search

Community Activity

Timechart or stats or lastTime When I execute this search, I get all events from organization : Barclays that contains records for 2012. index="lo... by asarolkar Builder in Splunk Search 07-10-2012 0 4	0	4
Error on connection Mysql connector app Not sure of the cause of this error? # (2013, 'Lost connection to MySQL server during query') Have verified UID and P... by rroberts Splunk Employee in Splunk Search 07-10-2012 0 2	0	2
Need a sum sourcetype="MFApps" \| addtotals fieldname=sum \|top limit=1 sum \| fields + count \| rename count AS "Number of Events... by Michael_Schyma1 Contributor in Splunk Search 07-10-2012 0 1	0	1
Using time interval duration within a search I have the feeling this should be easy, but I can't figure it out. I want to determine a host's percent uptime over ... by cphair Builder in Splunk Search 07-10-2012 0 4	0	4
Setting top limit to display all fields. Is there a way to use the top function that will list all of the fields (like setting it equal to infinity) that I am... by Michael_Schyma1 Contributor in Splunk Search 07-10-2012 0 1	0	1
search - generate a (time, causes, count) collums table How can I correctly get a (time, causes, count) collums search from the following input data example? EXECUTION_... by splunk_zen Builder in Splunk Search 07-10-2012 0 13	0	13
Preserving multi-value fields through custom search command Hello, I'm trying to build a Python custom search command. The command is run after a transaction, and adds values c... by dbryan Path Finder in Splunk Search 07-09-2012 1 2	1	2
Field extraction and regex strategy I have log that looks like this: 2012-02-23 09:25:21 VShellSSH2 sftp 108660 172.59.56.8 62386 NESTLE - C:\SFTP\NESTL... by asarolkar Builder in Splunk Search 07-09-2012 1 1	1	1
stats for a given time range for last 30 days I would like to get an average of a any given value for a time range say 7:00 PM to 8:00 PM over last 30 days. Would... by adoshi Explorer in Splunk Search 07-09-2012 0 2	0	2
order of sub searches changed when using saved search or the summary page in 4.1.6 On the UI, I can run a search with a sub search in the condition. index="_internal" source="log" OR [ searc... by mataharry Communicator in Splunk Search 07-09-2012 1 2	1	2
Limit WMI Input We pull in all the security event logs using WMI. However, it's pulling in WAY too much data. Is there a way to limit... by jumper4000 Explorer in Splunk Search 07-09-2012 0 1	0	1
Frequency Distribution charts? How can I compute a frequency distribution chart? For example I want to take the time_taken from my IIS web-server ... by sune43 Engager in Splunk Search 07-09-2012 0 1	0	1
How to map all the fields of IIS W3C to Splunk fields I wanted to see a detailed analysis of IIS logs in W3C (which is being fed to Splunk). I could not get all the availa... by subhadipc Explorer in Splunk Search 07-07-2012 0 1	0	1
Read/convert Checkpoint log files Hi. I have a Checkpoint firewall managed by my WAN provider, and would like to be able to do more with the logs than... by kjetil New Member in Splunk Search 07-06-2012 0 6	0	6
corrupted CSV results / Python API Hi, I'm using the Python SDK to export some search results to a CSV file, but the results seem to be somehow corrupt... by tomasv Explorer in Splunk Search 07-06-2012 1 1	1	1
default umask for file creation on OS Splunk runs as root so it has access to monitor anything on the system without managing those permissions. I ran thi... by chicodeme Communicator in Splunk Search 07-06-2012 1 3	1	3
I need help with time stamp recognition Hi. I've just started with Splunk and need help setting up file input. The log files looks like the below. A header ... by kjetil New Member in Splunk Search 07-06-2012 0 1	0	1
Running Total I am trying to get a running total for the number of events field. I can not get a column that adds up every 'number ... by Michael_Schyma1 Contributor in Splunk Search 07-05-2012 0 13	0	13
Error in 'inputlookup' command I get the following error: "Error in 'inputlookup' command: This command must be the first command of a search." F... by terryloar Path Finder in Splunk Search 07-05-2012 1 1	1	1
Events not found, even though dashboard says there are I have a universal forwarder pulling in a log file from a linux server. It has been working just fine up until the o... by gregwilliams Path Finder in Splunk Search 07-05-2012 0 6	0	6
how to create fields from _raw field How to create a field from _raw field? my _raw field have some common pattern e.g. I0703 15:07:20.627351 3108 logg... by jangid Builder in Splunk Search 07-05-2012 0 6	0	6
Calculate time difference, then calculate average duration per severity level This is a sample snippet from a very large log file: lastOccurrence=2012/07/05 13:56:14\|firstOccurrence=2012/06/18 1... by DTERM Contributor in Splunk Search 07-05-2012 0 1	0	1
What's the wrong in this search? I want to extract processid from my log and here is query eventtype=statustrace \| regex _raw="^[IEWF]" \| rex field=_... by jangid Builder in Splunk Search 07-05-2012 0 5	0	5
Field transformation hello, I have this following log in Splunk: RS:D2T,PAN:1/1,Req:fr18126,User:a169805,TKN:g00e29dfd883effecba,H:W6008... by LauraBre Communicator in Splunk Search 07-05-2012 0 2	0	2
limit to case function? Hi this is a simple case query I ran on splunk ... \| eval country=case(country="US","USA",country="CA","CA","rest") ... by Yarsa Path Finder in Splunk Search 07-05-2012 0 1	0	1