Splunk Search

Community Activity

Combining searches and the data gets scrambled. Ideas? I have two different sets of data coming in Splunk: Dec 1 08:43:07 a4-hpc2-2.llnl.gov logger: dom0stat42 : timestam... by talbot7 Path Finder in Splunk Search 12-06-2011 0 3	0	3
how to compare dates outside of the default date field While trying to figure out where a query like the following fails... cert_endDate>12/5/2011 AND certEnd_date<12/7/20... by mikefoti Communicator in Splunk Search 12-06-2011 1 2	1	2
telephone contact may i contact you by phone..its quite an emergency by Sonoma New Member in Splunk Search 12-05-2011 0 2	0	2
what is the FAC for the edge role (Exchange app) I think I got it right... Now is sending logs as it is supposed to be. The only question I have now is about the FAC... by juank Engager in Splunk Search 12-05-2011 0 1	0	1
very large lookup tables (exceeding 2gb bundle size) We're in the situation that we need to have lookup tables that are larger than the 2gb bundle size. For example, cre... by jshaynes Explorer in Splunk Search 12-05-2011 7 10	7	10
License Percentage Used Saved Search returning odd values Greetings, I have a saved search: index=_internal sourcetype=splunkd Metrics "group=per_host_thruput" \| stats sum(k... by wwhitener Communicator in Splunk Search 12-05-2011 0 2	0	2
serach not working with input csv Hi, I have a input lookup file called "services" and I need to search all values of a field (channels) from that csv... by KarunK Contributor in Splunk Search 12-04-2011 0 5	0	5
metadata command giving different answers on different search heads I recently loaded a 4.2 search head onto my laptop in order to use it for testing some view development in a way that... by dwaddle SplunkTrust in Splunk Search 12-02-2011 2 2	2	2
Dedup on multiple fields but count the instance, and display as new field. Original Data SrcIP SrcName DstIP DstName DstPort 192.168.1.1 bob.net.net 172.16.16.1 alice... by kearnwl Engager in Splunk Search 12-02-2011 1 3	1	3
Regex Help A complete event record looks like this: Row 114005: Requester Name: "RETAIL\S2343W01$" Issued Common Name: "S2343W0... by mikefoti Communicator in Splunk Search 12-02-2011 0 2	0	2
bin examples I am looking for more bin examples other than using it for time. I have a field called seconds and I suspect a timeo... by slyskawa Engager in Splunk Search 12-02-2011 0 1	0	1
In accesslog, "status" search.. help me ^^ Hi Please help me a little "Search Command". In accesslog, I should need two results.(count) I Have a field name "sta... by khyoung7410 Communicator in Splunk Search 12-02-2011 0 3	0	3
Windows Event # 4729 How to I extract fields that have the same name: **Subject: Security ID: S-1-5-21-3421131818-2740222167-1022... by hartfoml Motivator in Splunk Search 12-02-2011 0 3	0	3
Results table no display on user's browser I'm not sure if this has been asked. I've a saved search generating reports on a weekly basis.I've just ran the sear... by remy06 Contributor in Splunk Search 12-02-2011 0 3	0	3
adding a field based on other fields Hello, I am trying to use splunk to parse nessus results. I have managed to have them loaded, parsed and I get the f... by wsw70 Communicator in Splunk Search 12-02-2011 0 2	0	2
Check for only non-numeric value in an extracted field I have following string: 2011-12-01T13:31:25-05:0063487210, TEST# 67779806 I have written the following search str... by anirbanukil Explorer in Splunk Search 12-01-2011 0 5	0	5
LookUp Table: Show event if lookup table value is NOT in the log file I have a lookup table that has the login name of customers (cs_username) and a human friendly name (Customer). It lo... by kmattern Builder in Splunk Search 12-01-2011 3 4	3	4
Date sorting Can you please tell how to sort date values ? by iamniks Explorer in Splunk Search 12-01-2011 0 2	0	2
What will happen if shared storage goes crash when search head pooling is enabled? I am thinking to use search head pooling. But I am not sure what will happen if shared storage goes crash. Can somebo... by Takajian Builder in Splunk Search 12-01-2011 0 2	0	2
Regex -or- How to cleanup field values A single event looks like this: Row 113711: Requester Name: "RETAIL\HH01-0002" User Principal Name: "HH01-0002@retai... by mikefoti Communicator in Splunk Search 11-30-2011 0 3	0	3
Return something when search doesn't return anything I want to have a table with results of a search of the SQL logs for backups. But the search I have only returns the s... by jordans Path Finder in Splunk Search 11-30-2011 0 4	0	4
problem extracting all occurrences of name values I have a reoccurring line in a multi-line event of the form: <td> someName someValue someUnits I'm trying to save ... by cwi Engager in Splunk Search 11-30-2011 0 2	0	2
To find requests which are late by 1 day Hi I have a query where i am retrieving the logs which have timestamp>field. eg: ....\| where _time>RequestActual Req... by adityapavan18 Contributor in Splunk Search 11-29-2011 0 4	0	4
How to determine which forwarder sent data without relying on host? I have a pool of identically configured rsyslog servers behind a load balancer. Each hosts' data is written to a log ... by jeff Contributor in Splunk Search 11-29-2011 0 1	0	1
stats on the presence of a field Hi, I have a set of splunk entries where it can be one of several pattern of fields. So for example: 2011-01-01T1... by Samslara Explorer in Splunk Search 11-29-2011 0 7	0	7