Splunk Search

Community Activity

Reverse DNS lookups not working I'm following the instructions for implementing a reverse DNS lookup at search time. I either get an error saying th... by mundus Path Finder in Splunk Search 02-14-2012 0 1	0	1
How to write a look back query with epoch time? I have the start of a query but I can't get it to limit a look up by time. I need to use the converted field sent_ti... by kiersti Engager in Splunk Search 02-14-2012 0 1	0	1
Average pageviews per hour I am trying to do something very simple but cannot figure it out. I am new to splunk and using the web intelligence ... by rcovert Path Finder in Splunk Search 02-14-2012 0 2	0	2
How can I change the debug level on a Universal Forwarder? There is a similar question related to changing debug levels at runtime. But, what if I'm doing this on a Universal ... by dwaddle SplunkTrust in Splunk Search 02-13-2012 3 3	3	3
Is there a more effective way to form this search? I am receiving logs that show me when a mac address appears on my network switch and when it is removed logs i recei... by jaoui Path Finder in Splunk Search 02-13-2012 0 3	0	3
Oldest Log per Index How can create a table containg date and time of oldest and most recent log per index in splunk ? by ssingh5 Path Finder in Splunk Search 02-13-2012 0 1	0	1
Lookups within a search head pool not finding shared storage lookup table I can replicate this behaviour within a search head pool by Add a Lookup Table, and upload a CSV fileChange permissi... by willthames2 Path Finder in Splunk Search 02-12-2012 1 2	1	2
Search for failed not completed transaction I need to find transactions that failed to complete. Transaction go across 4 systems, from front-end to back-end sys... by astepanov Explorer in Splunk Search 02-11-2012 1 1	1	1
Output of search as input to another index Hi there, I have an computationally expensive query which is (manually) run on the main index. Instead of running it... by splunker_jim Explorer in Splunk Search 02-10-2012 2 4	2	4
problem with field extraction Hi, I'm trying to extract a field from a source, and when I test it, it appears to work, but in practice, it's grabb... by a212830 Champion in Splunk Search 02-10-2012 0 8	0	8
Different web page mentioned in the body of indexed log and another mentioned in its cs_uri_stem I see a different web page mentioned in the body of indexed log and another mentioned in its cs_uri_stem. For example... by subhadipc Explorer in Splunk Search 02-10-2012 0 1	0	1
finding greater than value from search resutls hi I have created an eventtype that looks for a certain event across 12 servers (cmchost). I created a dashboard show... by gerald_huddlest Path Finder in Splunk Search 02-10-2012 0 4	0	4
i feel dumb, but I see no data when I search in splunk. I created 8 data inputs, each one is supposed to tail log files mathing a certain whitelist regex. These inputs see t... by lennyburns Path Finder in Splunk Search 02-10-2012 1 20	1	20
Skip lines while indexing I am currently experimenting with the nmap scan output format and indexing the scan results with splunk. I noticed ... by FRoth Contributor in Splunk Search 02-10-2012 0 1	0	1
converting date as text to a time format I have this field in my logs mail_date=08 Feb 2012. But it's not logging as a date or a number so I can't run time-b... by kiersti Engager in Splunk Search 02-09-2012 2 2	2	2
Stats summary help? Only linux systems showing up I'm using this query right now: stats count by host, source, date_mday It only lists Linux hosts but lists the data ... by dave_rook Engager in Splunk Search 02-09-2012 0 3	0	3
Remotely deploy universal forwarder so that it forwards data two multiple inderxers Hello, I need to be able to configure universal forwarder with more than one indexing server from the command line. ... by rajbahak Path Finder in Splunk Search 02-09-2012 0 2	0	2
search hangs post 4.3 upgrade upgraded from 4.2.5 to 4.3 and now all searches timeout, and saved searches take longer to run. hw is 2x 4-core opter... by joshrabinowitz Path Finder in Splunk Search 02-09-2012 2 1	2	1
Field extraction in XML (need some regex assistance) I am extracting a field out of an XML feed. More specifically, this is the field: 2012-01-30T12:57:20/x:LastUpdated ... by efelder0 Communicator in Splunk Search 02-09-2012 0 3	0	3
about transaction maxspan.. millisecond unit Is it impossible ? \| transaction maxspan=50ms session_id above search command not working.. Please help me~! by kjycls Engager in Splunk Search 02-09-2012 0 2	0	2
lookups via powershell resource kit Does anyone know if it's possible to perform a lookup when using the powershell resource kit's search functionality? ... by Bulluk Path Finder in Splunk Search 02-09-2012 0 2	0	2
Need to lookup index volume by sourcetype for past year Hey guys, Got another one for ya: I need to lookup sourcetypes for the past year. I basically need to know how ... by balbano Contributor in Splunk Search 02-08-2012 0 3	0	3
Top search results from Drupal Okay, I've done this once in Plone, but we've moved to Drupal, and things don't look the same. Basically, I want to... by staze Path Finder in Splunk Search 02-08-2012 1 8	1	8
Correlating events and specifying a timerange for how close the events need to be I'd like to be able to historically search my events and be able to correlate events from 2 different sources. One s... by the_wolverine Champion in Splunk Search 02-08-2012 0 2	0	2
splunk query I found the following Splunk query that tells the local disk space. Is there a similar command that I could use to q... by DTERM Contributor in Splunk Search 02-08-2012 0 4	0	4