Splunk Search

Community Activity

date parsing I've got date field in a splunk log that looks like: firstOccurrence=2012/06/27 14:55:12 Splunk does not interpret ... by DTERM Contributor in Splunk Search 06-28-2012 0 3	0	3
Day of the Week table - current day vs Monthly avg I'm trying to get a table showing the current daily average vs the previous month average, but I'm unsure I got the c... by splunk_zen Builder in Splunk Search 06-28-2012 0 3	0	3
timechart fields I'm trying to create a chart based on this data, the Num field changes every day: 2012-06-28 13:57:48 operator=TLFT ... by HansK Path Finder in Splunk Search 06-28-2012 0 3	0	3
Converting Percentages to Decimal based Percentages I want to change the percentage results of the follwoing search into decimal based Percentages, as I want the 0.5% fo... by Dark_Ichigo Builder in Splunk Search 06-27-2012 0 2	0	2
Help with a search query involving two time ranges We have a Splunk instance here at my job that I've inherited. I rarely have to go do anything in it so my Splunk Fu i... by cfortune Explorer in Splunk Search 06-27-2012 3 3	3	3
newbie question: Exchange data input So I installed universal forwarder on my Exchange 2010 server, during install specified the splunk server's FQDN. On... by itrcb4 New Member in Splunk Search 06-27-2012 0 7	0	7
Create a search with multiple outputs I'm trying to figure out if there is some combination of subsearches or other operations that will allow me to accomp... by responsys_cm Builder in Splunk Search 06-27-2012 0 4	0	4
can i use Table Tag in the Advance DashBoard Hi , I have created a advance dashboard with the module tags and all.can i use the table tag to display my search re... by rakesh_498115 Motivator in Splunk Search 06-27-2012 0 1	0	1
Round down I have a function where I take a number, divide it by 3, then would like to round that number down. Is that possible ... by KaliBaker Engager in Splunk Search 06-27-2012 0 4	0	4
Searching duplicate data across indexers Hi there Theoretical scenario: I have one search head and two indexers all on physical servers I am forwarding all s... by tobypass New Member in Splunk Search 06-27-2012 0 1	0	1
How can I count lines? hello, This is my search: source=tcp:5555 PURCH_DAY=06-14 PURCH_DATE=19 PURCH_MIN>44 \| stats count by ID_CARDHOLDE... by LauraBre Communicator in Splunk Search 06-27-2012 0 3	0	3
Search: how is keyword "AND" used? I'm trying to search two different fields and I'm trying to combine the search with "AND" but it doesn't seem to work... by monicato Path Finder in Splunk Search 06-26-2012 0 2	0	2
Restrict Hosts in This Particular Search Hello to all, I am using the search in the link below to find hosts that haven't logged in a certain amount of time:... by aferone Builder in Splunk Search 06-26-2012 0 2	0	2
Ho to get a single report by evaluating 3 saved searches Scenario: I need to get a single dashboard out of 3 different sourcetype by passing a unique ID using the form view.... by balavenkatachal New Member in Splunk Search 06-26-2012 0 2	0	2
can we have a uniqueID for two field extractions Hi , Actually i have two events in the output like this... event 1 ...... ... ...... User Message ...... .... ..... by rakesh_498115 Motivator in Splunk Search 06-26-2012 0 2	0	2
can i display my multiple queries in html table format Hi, Assume i have some 4 search Queries like Q1,Q2,Q3 and Q4 . These Four Queries were no realted to each other and ... by rakesh_498115 Motivator in Splunk Search 06-26-2012 0 1	0	1
use stat count I working on a query to pinpoint a login attempt failure on a particular network address.. hence i use a count stat o... by sg5258 Explorer in Splunk Search 06-26-2012 0 5	0	5
Regex from EventCode 7035 I am trying to create a regex that will parse a portion of a sentence within a Windows Log event. As an example, Eve... by MrWh1t3 Path Finder in Splunk Search 06-25-2012 0 4	0	4
Monitor Proliant hardware Hi, Does anyone have Splunk monitoring HP Proliant servers for raid, psu, nic failures etc? If so, how did you go ab... by bazcurtis Explorer in Splunk Search 06-25-2012 0 2	0	2
scheduled summary searches in a distributed setup - where do they run? Hello, I have a search head that has the webintelligence app loaded. I've created the summary indexes on a pair of ... by briang67 Communicator in Splunk Search 06-25-2012 1 3	1	3
How do I get Sampledata.zip indexed into Windows based Splunk? Hi I was trying to go thru Splunk Tutorial, but now I am having trouble in getting sampledata.zip indexed using the ... by melonman Motivator in Splunk Search 06-25-2012 0 4	0	4
Multi Value Field with Auto Extracted Field Can Splunk be configured to create a multi value field with auto extracted "name=value" fields. 11/2/11 08:03:00 fie... by msettipane Splunk Employee in Splunk Search 06-25-2012 1 3	1	3
Date Range Search on DateTime Field Hi, I have a field which contains a DateTime. I want to be able to search between a range of Dates on this as opposed... by matthewcanty Communicator in Splunk Search 06-25-2012 0 5	0	5
regex help Hi, I'm new to Splunk so hope: 1) I'm not asking a stupid question 2) someone can help Anyway, I want to extract a h... by mariof New Member in Splunk Search 06-25-2012 0 3	0	3
how to use eval and stats first() (for dummies) Hello, Summary: how to get most recent vents for a given ID (for dummies) I have data in the following format: # O... by wsw70 Communicator in Splunk Search 06-25-2012 1 5	1	5