Splunk Search

Community Activity

Search: how is keyword "AND" used? I'm trying to search two different fields and I'm trying to combine the search with "AND" but it doesn't seem to work... by monicato Path Finder in Splunk Search 06-26-2012 0 2	0	2
Restrict Hosts in This Particular Search Hello to all, I am using the search in the link below to find hosts that haven't logged in a certain amount of time:... by aferone Builder in Splunk Search 06-26-2012 0 2	0	2
Ho to get a single report by evaluating 3 saved searches Scenario: I need to get a single dashboard out of 3 different sourcetype by passing a unique ID using the form view.... by balavenkatachal New Member in Splunk Search 06-26-2012 0 2	0	2
can we have a uniqueID for two field extractions Hi , Actually i have two events in the output like this... event 1 ...... ... ...... User Message ...... .... ..... by rakesh_498115 Motivator in Splunk Search 06-26-2012 0 2	0	2
can i display my multiple queries in html table format Hi, Assume i have some 4 search Queries like Q1,Q2,Q3 and Q4 . These Four Queries were no realted to each other and ... by rakesh_498115 Motivator in Splunk Search 06-26-2012 0 1	0	1
use stat count I working on a query to pinpoint a login attempt failure on a particular network address.. hence i use a count stat o... by sg5258 Explorer in Splunk Search 06-26-2012 0 5	0	5
Regex from EventCode 7035 I am trying to create a regex that will parse a portion of a sentence within a Windows Log event. As an example, Eve... by MrWh1t3 Path Finder in Splunk Search 06-25-2012 0 4	0	4
Monitor Proliant hardware Hi, Does anyone have Splunk monitoring HP Proliant servers for raid, psu, nic failures etc? If so, how did you go ab... by bazcurtis Explorer in Splunk Search 06-25-2012 0 2	0	2
scheduled summary searches in a distributed setup - where do they run? Hello, I have a search head that has the webintelligence app loaded. I've created the summary indexes on a pair of ... by briang67 Communicator in Splunk Search 06-25-2012 1 3	1	3
How do I get Sampledata.zip indexed into Windows based Splunk? Hi I was trying to go thru Splunk Tutorial, but now I am having trouble in getting sampledata.zip indexed using the ... by melonman Motivator in Splunk Search 06-25-2012 0 4	0	4
Multi Value Field with Auto Extracted Field Can Splunk be configured to create a multi value field with auto extracted "name=value" fields. 11/2/11 08:03:00 fie... by msettipane Splunk Employee in Splunk Search 06-25-2012 1 3	1	3
Date Range Search on DateTime Field Hi, I have a field which contains a DateTime. I want to be able to search between a range of Dates on this as opposed... by matthewcanty Communicator in Splunk Search 06-25-2012 0 5	0	5
regex help Hi, I'm new to Splunk so hope: 1) I'm not asking a stupid question 2) someone can help Anyway, I want to extract a h... by mariof New Member in Splunk Search 06-25-2012 0 3	0	3
how to use eval and stats first() (for dummies) Hello, Summary: how to get most recent vents for a given ID (for dummies) I have data in the following format: # O... by wsw70 Communicator in Splunk Search 06-25-2012 1 5	1	5
Problem using eventstats - not populating all fields I have the following search string (which I've obfuscated slightly): sourcetype=NetworkImpression \| fields User_ID I... by dbryan Path Finder in Splunk Search 06-24-2012 0 9	0	9
Splunk 4.3 Field Extraction Tool I am using the Field Extraction tool that is built in Splunk 4.3 and I am having some issues. I know that fields are... by peasead Path Finder in Splunk Search 06-24-2012 0 7	0	7
sourcetype not visible when using user created index When I create an input and assign it to a particular index(a new one I have created) and I also assign it a custom so... by timpgray Path Finder in Splunk Search 06-24-2012 0 4	0	4
counting occurences of a string in the log message Our logs contain some multi-line messages (e.g. a list of tasks running) that look like this ID, state, comment 1544... by tomasv Explorer in Splunk Search 06-23-2012 0 3	0	3
Tracing field extractions in multi-user environment Is there a way to figure how which config file is causing a particular field extraction at search time? Thx. C by responsys_cm Builder in Splunk Search 06-23-2012 0 1	0	1
How to deal with empty field extractions in regex Here is an example log entry I'm trying to do field extractions from: 2012 Jun 22 11:15:08 server.company.com [aut... by responsys_cm Builder in Splunk Search 06-22-2012 0 2	0	2
field extraction on Chinese characters There are actually 2 parts in my question i want to do an field extraction based on my existing field i have read so... by cpuppet Path Finder in Splunk Search 06-22-2012 0 1	0	1
Transaction - how to exclude entire transaction based on a keyword I have a list of Account ID and URL accessed. So, for an Account ID, there are many URLs being accessed. I want to b... by Joshie New Member in Splunk Search 06-22-2012 0 2	0	2
Question regarding subtraction within "eval" I am working on a query which indexes two indexes of data. The formats are different but I am crunching only integers... by aputz Path Finder in Splunk Search 06-22-2012 0 4	0	4
average from a series of numbers How do I get average of a numeric series by every n seconds? Performance Counter increasing sequentially, now I want... by jangid Builder in Splunk Search 06-22-2012 0 4	0	4
Splunk realtime searches high availible Hi there, I am having a searchhead which runs a lot RT-Searches with a eMail alerting. Now I want to have a kind of ... by nebel Communicator in Splunk Search 06-22-2012 0 1	0	1