Splunk Search

Community Activity

Subsearch help I have two different kinds of events. I would like to relate the two. The first event looks like this. [2012-02-02 2... by mburbidg Explorer in Splunk Search 02-03-2012 0 1	0	1
Help with subsearch I have two different kinds of events. I would like to relate the two. The first event looks like this. [2012-02-02 2... by mburbidg Explorer in Splunk Search 02-03-2012 0 1	0	1
Add missing value to field in event or record via query I have some events/records in my data that occurred in the past and we have since added some fields that for these ev... by atornes Path Finder in Splunk Search 02-03-2012 0 1	0	1
Web intelligence backfill_all.sh Is it possible to check the current status of the execution of backfill_all.sh? Is there any possibility to see the ... by Jaci Splunk Employee in Splunk Search 02-03-2012 1 3	1	3
issue with eval Hello, I'm trying to do an arithmetic operation between 2 values i get with a stats function. I want to divide the n... by rbw78 Communicator in Splunk Search 02-03-2012 0 3	0	3
Why won't Splunk's timeline show anything? I recently installed Splunk v. 4.2.5 (113966) on an Ubuntu server v. 11.10. While it is indexing info, the timeline ... by Techfrogger Explorer in Splunk Search 02-02-2012 0 1	0	1
SplunkEvent is there any live broadcasting Is there any live broadcasting for these events http://www.splunk.com/page/events by ziyod2005 Explorer in Splunk Search 02-02-2012 0 2	0	2
Stats / counts in a subsearch for day-over-day delta alerting I'm trying to set up an alert based on day-over-day vs. last week for a 5m count. For instance, if certain iis event... by cmaier Explorer in Splunk Search 02-02-2012 1 1	1	1
Conditional search I have 2 fields that I need to search on - Field1 and Field2. Most of the time I only want to search on Field1 but oc... by Bulluk Path Finder in Splunk Search 02-02-2012 0 2	0	2
using the extract command manually on other field values I've got a lot of CSV data that I'm indexing and for one of the fields in the csv, the values are themselves big jumb... by sideview SplunkTrust in Splunk Search 02-01-2012 4 2	4	2
Bug? splunk advanced searching/views does not display correctly Hi... Its been a while I have problems with searching in Google maps or geoip which the thread was going on here: geo... by nina15 Communicator in Splunk Search 02-01-2012 1 21	1	21
How can I get a running total of distinct users over time? I'm trying to track adoption of a new system using Splunk. I have a chart which shows distinct users per day. I'd lik... by patrickw Explorer in Splunk Search 02-01-2012 2 6	2	6
Splunk Search group by parameter I am trying to perform a search and using regx and parameter can summarize the result based on two categories which ... by zservati Explorer in Splunk Search 02-01-2012 2 4	2	4
Evaluating if splunk is for me. Hi Everyone, I'm trying to find a log solution and here is what I would like to achieve. I have 50 systems with wee... by infinitiguy Path Finder in Splunk Search 02-01-2012 1 2	1	2
rex not working for log4j trying to extract COMPANY from each matched log line, given tomcat log4j lines like this: 31 Jan 2012 23:59:39,963 [... by pcorchary Explorer in Splunk Search 02-01-2012 0 2	0	2
Combining historical and realtime searches Is there any way to combine historical and realtime searches into a single search? For example, I'd like to be able ... by dwaddle SplunkTrust in Splunk Search 02-01-2012 5 7	5	7
Extracting field from source for indexing Hi, I have to add a field which has to be indexed along with the default fields. I can pick up the value from the So... by Krishna_R Path Finder in Splunk Search 01-31-2012 3 3	3	3
Exactly what configuration file or properties can I reload when I do '\| extract reload=t'? Hi When I update props.conf and/or other .conf files, I usually issue 'extract reload=t' to reload configurations w... by melonman Motivator in Splunk Search 01-31-2012 5 2	5	2
Eval can not concatenate fields where there is a null value Given that: Field1="foo" Field2="" (Field2 has a null value) and we use eval to concatenate the two \|eval Field3... by Rob Splunk Employee in Splunk Search 01-31-2012 2 3	2	3
Transaction works in small time window I am trying to develop a way to track down time by evaluating the windows event logs. Condition – Someone has reques... by hartfoml Motivator in Splunk Search 01-31-2012 0 2	0	2
Charting large amount of data points I have a form that charts some data for me. However it's not charting enough data points for the search I specified.... by gnovak Builder in Splunk Search 01-31-2012 0 2	0	2
How to have events show closer together and delete the whitespace between two rows of events So, the customer wants to see less whitespace between each row of events. As it currently is, if you use /en-US/ in y... by Genti Splunk Employee in Splunk Search 01-31-2012 3 5	3	5
"SbrkSysAllocator failed" while performing splunk fsck I just got this error while running fsck. I upgraded to 4.3 and after doing the indexer it told me I should run an f... by hodsonc Explorer in Splunk Search 01-31-2012 2 8	2	8
Multi indexer distributed search I would like to index data separately using two indexers and have distributed search capability. I read here ( http:... by mcgrathd New Member in Splunk Search 01-31-2012 0 1	0	1
Create table containing hosts,sources metadata? I would like to have a list of all the hosts (over some period of time, presumably) and the sources that they've gene... by gowen Path Finder in Splunk Search 01-31-2012 1 4	1	4