Splunk Search

Community Activity

Pie Chart Query I have created pie charts with data like this: index=default counter=10 color=blue index=default counter=5 color=gre... by hhopkins Engager in Splunk Search 01-13-2012 0 1	0	1
Scripted lookup or command? Which is more efficient, a scripted lookup or a command? I've written a piece of code as both, and the command is c... by vbumgarn Path Finder in Splunk Search 01-13-2012 0 1	0	1
Set the name of pdf document with pdfserver Hi there, is it possible to set the name of the attached pdf document? Usually the attached file was named by "splun... by krusty Contributor in Splunk Search 01-13-2012 2 1	2	1
Having Trouble With CASE Here is what I am using: \| eval siteName = case (Destination_IP == "199.47.*", dropbox.com) I have tried everythin... by hartfoml Motivator in Splunk Search 01-12-2012 0 8	0	8
Charting bytes I'm trying to chart the total traffic that is flowing from inside my FW to the outside of my firewall. Here is an ex... by mlevenson Explorer in Splunk Search 01-12-2012 1 1	1	1
transaction: keeporphans error after 4.3 upgrade? This search works without issue in 4.2.4: sourcetype="teledebug" \| transaction keeporphans=1 host source startswith=... by twinspop Influencer in Splunk Search 01-12-2012 0 2	0	2
Transaction with MVexpand Hi I previously asked this question and marked it as answered following eelisio2's response. http://splunk-base.spl... by Bulluk Path Finder in Splunk Search 01-12-2012 1 1	1	1
regex / source stanza issue, trying to tie a regex to match start-of-line This props.conf stanza give me headaches. [source::/(testing2\|bin\|sbin\|etc\|lib\|usr)/...] This does indeed work and ... by flo_cognosec Communicator in Splunk Search 01-12-2012 0 2	0	2
Way to insert/create field based on segment of source? As a sort of followup to my earlier question at Way to insert/create field based on source? we're interested in doi... by mfrost8 Builder in Splunk Search 01-11-2012 0 4	0	4
Why is my search returning less results when it should return the same? Hi all, Some background... We have a large amount of data coming in, and the filename is used to derive some of the ... by carsonl Explorer in Splunk Search 01-11-2012 0 1	0	1
Simple event parsing question My log file has tabular (several columns) data that I need to parse. Each element in a row is separated by spaces, a... by ehs New Member in Splunk Search 01-11-2012 0 1	0	1
encrypt fields stored in index Hi all, i need to ecrypt some sensitive fields ( example number credit card, passord, username ecc ecc ) in 4.1 is ... by mauroscreti Engager in Splunk Search 01-11-2012 1 1	1	1
How to process sum of several fields with regexp in a search? Hello, I have several events with this kind of format: 2012-1-9 15.0.1.290021000 1:0 BD_PANDORA_PROD_TOTAL_USERS_DE=... by Nieucel Engager in Splunk Search 01-11-2012 0 4	0	4
Weirdness with timechart, rolling averages, all I really want are the actual values. I've got a file being spooled out from a database one row at a time, couple of example lines: 10-01-12:02:50:02, ... by mikeely Path Finder in Splunk Search 01-10-2012 0 2	0	2
Any way to parse key/value pair where key follows value? I am trying to parse useful per-protocol summary performance information from our NetApp SAN heads' syslogging and wo... by crberus Explorer in Splunk Search 01-10-2012 2 4	2	4
What does the following "red bar" message mean "Reached end-of-stream while waiting for more data from peer [INDEXER HOST NAME]. Search results might be incomplete" This error has started showing up when searching back across larger data sets. we have several indexers and only one... by kbecker Communicator in Splunk Search 01-09-2012 1 10	1	10
external_lookup.py fails when one input field missed Hello, I use external_lookup (dnslookup) for a host source info. I have configured this automatic lookup: dnslookup ... by are0002 Path Finder in Splunk Search 01-09-2012 0 3	0	3
table for two dimentional distribution Hello, I am trying to create a bubble chart (this is not very much documented, hopefully this example will help) for... by wsw70 Communicator in Splunk Search 01-09-2012 0 6	0	6
Index Time VS Actual Occurs Time Hi all, I have a month (2010-Nov) SAR reports (30 copies) for my host which I want to import them to the Splunk ser... by jackyc Explorer in Splunk Search 01-08-2012 0 2	0	2
Searching subnets I noticed with splunk you can search subnets now. However I would like to search for all communications via my intern... by bengridley New Member in Splunk Search 01-06-2012 0 2	0	2
hide the duplicate events Hello, I have 2 sources of events with "almost" the same framework and some of them reference the same event with th... by rbw78 Communicator in Splunk Search 01-06-2012 0 2	0	2
How do I extract fields in line separated data without key-value pair? Hi, I have a logfile containing data that looks like the below: Nov 21 13:59:41 hostname1 data1 data2 data3 Nov 21 ... by melonman Motivator in Splunk Search 01-06-2012 0 2	0	2
timechart calculated grouped value I have a query in the form eventtype="search" \| stats count as search_count by host \| appendcols [search application... by ppediaditis New Member in Splunk Search 01-05-2012 0 3	0	3
Combine search and sub search without losing records? I am performing a search and sub search and would like to combine the results into a single result set. I have run t... by atornes Path Finder in Splunk Search 01-05-2012 1 7	1	7
Cloudmark Gateway Im sorry I am a little newbie with splunk, I would like to ask how to get cloudmark MTA logs to splunk? by nhads18 New Member in Splunk Search 01-05-2012 0 2	0	2