Splunk Search

Community Activity

Advanced Search I have a top ten search fpor windows Errors that I run each day. My bose want to to know how many days each of the t... by hartfoml Motivator in Splunk Search 11-28-2011 0 8	0	8
where username NOT equal to list of usernames in Lookup table i have some data indexed which is a snapshot of users who have access to a system. i have uploaded a 1 column csv wi... by r999 Path Finder in Splunk Search 11-28-2011 1 5	1	5
better field discovery with SUF I was under the impression that using SUF to forward events would some hope provide more automatically discovered fie... by mikefoti Communicator in Splunk Search 11-28-2011 0 5	0	5
rex - matching everything until a tab Hello, I am trying to parse a log from a Tipping Point IPS. An example of the log I get is (the log is cut for clari... by wsw70 Communicator in Splunk Search 11-28-2011 0 2	0	2
Search - Fields function Hello, I want to display only the specify field(s) of the logs in the results display. Using: *\|fields + ProductName... by leiniao Explorer in Splunk Search 11-28-2011 0 2	0	2
Count Consecutive Errors and alert Hi, We have some transaction logs which log business event transactions. I have a requirement to alert when a particu... by ashleyherbert Communicator in Splunk Search 11-27-2011 0 9	0	9
How I can make rows in red color of a table of a view if some condition meets How I can make rows in red color of a table of a view if some condition meets for example in table output of this vie... by kml_uvce Builder in Splunk Search 11-25-2011 0 1	0	1
Retirement and archiving period for one file We have a file which will be updated very rarely(may be once a year or so that too may be a line will be added or del... by sushildabare Path Finder in Splunk Search 11-24-2011 0 9	0	9
How do I get TimeRangePicker to revert to the default? The dropdown box for the search time-range doesn't revert to the default value after I run a search, can I make this ... by mctester Communicator in Splunk Search 11-23-2011 4 2	4	2
Merge results of two searches with transactions Hi there Is there a way to merge the results of two different searches, where I'm grouping the events with the trans... by Simon Contributor in Splunk Search 11-22-2011 0 4	0	4
Polling Interval Will changing the polling interval of my remote data help in reducing the amount of data indexed in a day? I am hopin... by tympaniplayer Path Finder in Splunk Search 11-22-2011 0 3	0	3
Field Extraction for REST API Logs The content of the log is basically API REST calls. I am facing the issue of not being able to extract the fields of ... by lpolo Motivator in Splunk Search 11-22-2011 0 9	0	9
Sum of call_duration I have a field called "call_duration" expressed as 00:00:17, and another field called "Party1Name" which is simply a... by joshftx Explorer in Splunk Search 11-22-2011 0 4	0	4
Certain REGEX strings in transforms.conf will fail I have requierement where i need to route data from certain sources to a specific index. The index name will be extra... by _d_ Splunk Employee in Splunk Search 11-22-2011 2 1	2	1
conditional event to display different static picture is there any ways to display different static picture on dashboard depends on different search result. this is sort o... by cpuppet Path Finder in Splunk Search 11-21-2011 1 4	1	4
Windows Security Logs: Regex Filtering Search time I have a windows security event that I am trying to extract a custom field for failed logon events. The problem I ha... by arrowsmith3 Path Finder in Splunk Search 11-21-2011 0 3	0	3
How to chaining queries that update lookup tables? Hi great knowledgeable splunkers! I have a number of queries that I need to chain in specific order so that static l... by ag Explorer in Splunk Search 11-20-2011 1 2	1	2
I'm currently getting a pool warnings message, can someone explain what this means? Pool warnings (1) License alerts notify you of excessive indexing warnings and licensing misconfigurations. If you ... by sfunk New Member in Splunk Search 11-18-2011 0 1	0	1
How do you use a field defined in the search as a search parameter? Hello Splunk people, I'm trying to do something that seems simple but I'm having a lot of trouble figuring it out. ... by ZikFat Engager in Splunk Search 11-18-2011 0 5	0	5
Search help: remove intersection of two sets from the first set A customer asked this search question a few days ago. I thought it was a good one for answers. Assume you have two da... by Genti Splunk Employee in Splunk Search 11-18-2011 0 2	0	2
How to re-use search query using HiddenPostProcess So I'm attempting to re-use the same search query results multiple times in the same advanced view for performance re... by dabarb1 Explorer in Splunk Search 11-18-2011 1 5	1	5
Simulating SQL functions I am trying to simulate this type of date filter in splunk. Please help... In SQL I use select * from table where ... by ldeakm Explorer in Splunk Search 11-18-2011 1 6	1	6
How do I get results in search A that are not in search B? I want to find entries added to a sourcetype today, that haven't been seen in the last N days. I've tried search A \|... by annoyedmildly Engager in Splunk Search 11-18-2011 1 3	1	3
Earliest particular event after another event I have a problem with how to write a splunk query for my use. I'm trying to fetch values from an event where that ev... by Samslara Explorer in Splunk Search 11-18-2011 0 1	0	1
Saved Search only return 1000 rows When a saved search sends an email with the results in a CSV file, the file never contains more than 1000 lines (plus... by splunkgam New Member in Splunk Search 11-17-2011 0 2	0	2