Splunk Search

Community Activity

logging multiple metrics for time series I have a series of metrics that get dumped to a file every minute in this format: timestamp:XXXXXXXXXX metric1:XX me... by drgonzo65 Engager in Splunk Search 01-15-2012 1 1	1	1
Connect two transactions Hi guys Have a look at my events indexed in Splunk: Jan 12 09:29:11 myhost -bash: HISTORY: PID=28489 UID=501 id Jan... by Simon Contributor in Splunk Search 01-15-2012 1 8	1	8
filter blank events coming from syslog This is probably something simple that I am missing. Is there a way to filter out what are esentially blank log entr... by mcafeesecure Explorer in Splunk Search 01-14-2012 0 2	0	2
Pie Chart Query I have created pie charts with data like this: index=default counter=10 color=blue index=default counter=5 color=gre... by hhopkins Engager in Splunk Search 01-13-2012 0 1	0	1
Scripted lookup or command? Which is more efficient, a scripted lookup or a command? I've written a piece of code as both, and the command is c... by vbumgarn Path Finder in Splunk Search 01-13-2012 0 1	0	1
Set the name of pdf document with pdfserver Hi there, is it possible to set the name of the attached pdf document? Usually the attached file was named by "splun... by krusty Contributor in Splunk Search 01-13-2012 2 1	2	1
Having Trouble With CASE Here is what I am using: \| eval siteName = case (Destination_IP == "199.47.*", dropbox.com) I have tried everythin... by hartfoml Motivator in Splunk Search 01-12-2012 0 8	0	8
Charting bytes I'm trying to chart the total traffic that is flowing from inside my FW to the outside of my firewall. Here is an ex... by mlevenson Explorer in Splunk Search 01-12-2012 1 1	1	1
transaction: keeporphans error after 4.3 upgrade? This search works without issue in 4.2.4: sourcetype="teledebug" \| transaction keeporphans=1 host source startswith=... by twinspop Influencer in Splunk Search 01-12-2012 0 2	0	2
Transaction with MVexpand Hi I previously asked this question and marked it as answered following eelisio2's response. http://splunk-base.spl... by Bulluk Path Finder in Splunk Search 01-12-2012 1 1	1	1
regex / source stanza issue, trying to tie a regex to match start-of-line This props.conf stanza give me headaches. [source::/(testing2\|bin\|sbin\|etc\|lib\|usr)/...] This does indeed work and ... by flo_cognosec Communicator in Splunk Search 01-12-2012 0 2	0	2
Way to insert/create field based on segment of source? As a sort of followup to my earlier question at Way to insert/create field based on source? we're interested in doi... by mfrost8 Builder in Splunk Search 01-11-2012 0 4	0	4
Why is my search returning less results when it should return the same? Hi all, Some background... We have a large amount of data coming in, and the filename is used to derive some of the ... by carsonl Explorer in Splunk Search 01-11-2012 0 1	0	1
Simple event parsing question My log file has tabular (several columns) data that I need to parse. Each element in a row is separated by spaces, a... by ehs New Member in Splunk Search 01-11-2012 0 1	0	1
encrypt fields stored in index Hi all, i need to ecrypt some sensitive fields ( example number credit card, passord, username ecc ecc ) in 4.1 is ... by mauroscreti Engager in Splunk Search 01-11-2012 1 1	1	1
How to process sum of several fields with regexp in a search? Hello, I have several events with this kind of format: 2012-1-9 15.0.1.290021000 1:0 BD_PANDORA_PROD_TOTAL_USERS_DE=... by Nieucel Engager in Splunk Search 01-11-2012 0 4	0	4
Weirdness with timechart, rolling averages, all I really want are the actual values. I've got a file being spooled out from a database one row at a time, couple of example lines: 10-01-12:02:50:02, ... by mikeely Path Finder in Splunk Search 01-10-2012 0 2	0	2
Any way to parse key/value pair where key follows value? I am trying to parse useful per-protocol summary performance information from our NetApp SAN heads' syslogging and wo... by crberus Explorer in Splunk Search 01-10-2012 2 4	2	4
What does the following "red bar" message mean "Reached end-of-stream while waiting for more data from peer [INDEXER HOST NAME]. Search results might be incomplete" This error has started showing up when searching back across larger data sets. we have several indexers and only one... by kbecker Communicator in Splunk Search 01-09-2012 1 10	1	10
external_lookup.py fails when one input field missed Hello, I use external_lookup (dnslookup) for a host source info. I have configured this automatic lookup: dnslookup ... by are0002 Path Finder in Splunk Search 01-09-2012 0 3	0	3
table for two dimentional distribution Hello, I am trying to create a bubble chart (this is not very much documented, hopefully this example will help) for... by wsw70 Communicator in Splunk Search 01-09-2012 0 6	0	6
Index Time VS Actual Occurs Time Hi all, I have a month (2010-Nov) SAR reports (30 copies) for my host which I want to import them to the Splunk ser... by jackyc Explorer in Splunk Search 01-08-2012 0 2	0	2
Searching subnets I noticed with splunk you can search subnets now. However I would like to search for all communications via my intern... by bengridley New Member in Splunk Search 01-06-2012 0 2	0	2
hide the duplicate events Hello, I have 2 sources of events with "almost" the same framework and some of them reference the same event with th... by rbw78 Communicator in Splunk Search 01-06-2012 0 2	0	2
How do I extract fields in line separated data without key-value pair? Hi, I have a logfile containing data that looks like the below: Nov 21 13:59:41 hostname1 data1 data2 data3 Nov 21 ... by melonman Motivator in Splunk Search 01-06-2012 0 2	0	2