Splunk Search

Community Activity

best field extraction regex for custom log format Hi, i have a written DirXML driver that audits specific attributes that change and write syslog using log4j. The for... by dominiquevocat SplunkTrust in Splunk Search 04-18-2012 0 6	0	6
Minutes between most recent event date and now I have a field called fldTimeStamp which I use to hold the date in which events were raised rather than what date I i... by aleem SplunkTrust in Splunk Search 04-18-2012 0 3	0	3
Getting logs out of txt files converted from wireshark captures pcap file Based on the question asked on http://splunk-base.splunk.com/answers/2922/splunk-monitoring-a-wireshark-file Jerrad ... by misteryuku Communicator in Splunk Search 04-18-2012 1 2	1	2
Can I change the operator in the result of format command? Hi, Can I change the operator in the result of format command for subsearch? I actually want to pass the subsearch f... by melonman Motivator in Splunk Search 04-18-2012 0 3	0	3
Lookup search - display events which aren't matching Hi there, I want to check, which System aren't having forwarders installed. I am using the 'all_forwarder' search ma... by nebel Communicator in Splunk Search 04-18-2012 0 2	0	2
iplocation get the country of only my referer field value I want countries matching only the IP values in my referer field, not all IP values in the request. by boris Path Finder in Splunk Search 04-17-2012 0 2	0	2
Specifying Field w/ iplocation I'm trying to parse data that has multiple IP addresses. It's my understanding that iplocation tags any discovered IP... by mwollenweber Engager in Splunk Search 04-17-2012 0 2	0	2
want to forward contents of stdin to my script hi, I am trying to do this but it doesn't work import os, re, sys import splunk.Intersplunk, splunk.mining.dcutils... by alexl1 Path Finder in Splunk Search 04-17-2012 0 4	0	4
Calculate difference between TIME in host x and TIME in host y host y contain name tag: ELT (Value: milliseconds) host x contain name tag: ELT (Value: seconds) Common identifier ... by JYTTEJ Communicator in Splunk Search 04-17-2012 0 1	0	1
why this group by is not returning results? I've this simple search that uses BY but it's not returning any results. Without the BY clause, it's returning the c... by sou128 Explorer in Splunk Search 04-16-2012 0 2	0	2
search and alert on a group of consecutive events Hi, suppose that I have the following log strings: 1616/9 2011-11-22 10:11:23 WARN program 934478399 1616/9 ... by barsuk1 New Member in Splunk Search 04-16-2012 0 6	0	6
how to auto refresh saved search or report hi, Is it possible to do this? I've a dashboard that hosts 4 searches/reports, my requirement is to refresh those r... by sou128 Explorer in Splunk Search 04-16-2012 0 2	0	2
Subtract Search results New to splunk - Using version 4.2.3, build 105575 I need to figure out how to subtract the time between two events ... by lokival Explorer in Splunk Search 04-16-2012 1 5	1	5
SubmitButton allowSoftSubmit I have 2 questions on the submitbutton module. Is the behavior allowSoftSubmit = False applicable only after the vi... by Sriram Communicator in Splunk Search 04-16-2012 0 3	0	3
Search-Time Field Extraction Hello Everyone, I had a quick question about Field Extraction and replication (copying) the specific field extractio... by A4orce84 New Member in Splunk Search 04-16-2012 0 4	0	4
Field Extraction - restrict extraction to - can this be changed? Field extraction appears to be restricted to Host, Source or sourcetype - I have multiple web servers, and even web s... by gerald_huddlest Path Finder in Splunk Search 04-16-2012 0 3	0	3
Grouping by numeric range Hi, Novice to Splunk, I've indexed some data and now want to perform some reports on it. My main requirement is that... by bermudabob Explorer in Splunk Search 04-16-2012 0 7	0	7
Why can't I sum summary data from sistats? So, I was running ... \| sistats count by host, source, sourcetype, field1, field2 and saving it to a summary index. ... by Jason Motivator in Splunk Search 04-16-2012 2 4	2	4
Exclude events that do not occur each day from search Hello I have this search: earliest=-7d@d latest=@d source="/var/log/snmptrapfmt.log" (timeout_url="*.GE" OR timeo... by C4r7m4n Path Finder in Splunk Search 04-16-2012 0 2	0	2
Cannot eval a field obtained from rex Sample data that I am querying on 2012/04/16 10:36:10.290 2012/04/16 10:35:16.333 2980023 811863 jac-datafileupl... by zuberpalekar Engager in Splunk Search 04-16-2012 0 1	0	1
easier/better way to get a general field summary table I have an interesting situation where I want to be able to display a little summary table, showing a few statistics ... by sideview SplunkTrust in Splunk Search 04-14-2012 0 2	0	2
search query based on response time I need to know the pages, along with the count of how many times their response time exceeded 100. I need the top 10 ... by subhadipc Explorer in Splunk Search 04-13-2012 0 3	0	3
is eval the right choice? The query below displays accurate values for Requests, Accepted, Rejected and %Accepted. \| stats count(eval(nps_pac... by mikefoti Communicator in Splunk Search 04-13-2012 0 10	0	10
Maximum # of bins in a timechart When running a timechart over the last 7 days, using span=10m, the timechart will only display roughly the first 3.5... by anssntaco Path Finder in Splunk Search 04-13-2012 0 1	0	1
Help for subsearch Hi Splunkers, I need the result from first search in another search. First search: sourcetype=win_server \| multikv ... by nebel Communicator in Splunk Search 04-13-2012 0 3	0	3