Splunk Search

Community Activity

Subtracting time differences - inconsistency in strptime results? I have a set of events which are of the type: Type=httpPreReply Guid=b6d4d009-4643-4ff2-8fad-e20868ce3a17 Datetime=07... by sdevadas Path Finder in Splunk Search 08-02-2011 0 1	0	1
query daily event count for past 30 days index=MyApp earliest="@d-1" latest="@d+11h" \| stats count That query provides an event count of all events that occ... by DTERM Contributor in Splunk Search 08-02-2011 2 2	2	2
timechart count by source, top talker by span Hi Everyone, I'm trying to craft a timechart that shows the top "hits per source" and then only display the top sour... by dwengi Engager in Splunk Search 08-02-2011 0 2	0	2
transforms the source to remove timestamp I want to change the source filename for my data to remove the timestamp. from mypath\to\my\folder\userentrypoint17_... by mataharry Communicator in Splunk Search 08-02-2011 1 2	1	2
Perform lookup on static file I am using the following to extract two fields at search time, extract_domain and extract_ip source="dns2.log" \| r... by maxdessureault Engager in Splunk Search 08-02-2011 0 2	0	2
set majorUnit to 0.5 on Yaxis How do I set majorUnit to 0.5 on Y-axis? I know I have the correct command as this is working: option name="charti... by JYTTEJ Communicator in Splunk Search 08-02-2011 0 2	0	2
Count total of 2 search terms and print unique results Hi! I'm pretty new to splunk and i'm trying to figure out how to: 1. Search for 2 different strings (dealswidget OR ... by nishil New Member in Splunk Search 08-02-2011 0 4	0	4
need help with extracting a millisecond value from log events into a variable by using rex Hi , I am trying to come up with a rex expression to fetch the millisecond value appearing in the log events display... by saurabhCox New Member in Splunk Search 08-02-2011 0 2	0	2
Can't Extract Multiple Custom Fields Hello, I'm trying to extract each of the 16 values following the "Latency:" string into 16 separate fields and then ... by mxsullivan New Member in Splunk Search 08-01-2011 0 1	0	1
SimpleResultsTable ignoring count I have search and post-process that is returning a data table. The post process adds column totals to the table. Th... by kjcorbin Explorer in Splunk Search 08-01-2011 2 3	2	3
Charting concurrency for all time spans I have a query that creates a transaction and then calculates the concurrency for the transactions based on the durat... by jeffa Path Finder in Splunk Search 08-01-2011 1 3	1	3
How to calculate a per-second event count for a rolling time window? I would like to display a per-second event count for a rolling time window, say 5 minutes. I have tried the following... by hexx Splunk Employee in Splunk Search 08-01-2011 3 1	3	1
To join or not to join that is the question I am trying to get the total number of web server pages that match a given F5 load balancer iRule condition. Specifi... by approachct Path Finder in Splunk Search 08-01-2011 1 3	1	3
duplicate events showing up in search We are running a rails application and are using splunk to parse our rails logs. We have a search-head and 2 indexers... by builder Path Finder in Splunk Search 08-01-2011 0 4	0	4
Is there a search that I could run that will report 2 or more identical events? I have found duplicates in the search results as identical events from the same host and same source (file) with exac... by rsimmons Splunk Employee in Splunk Search 08-01-2011 2 4	2	4
Chart scale manipulation for axis Is there a way to change the scale on a chart created from a search so that on a numbered axis, you can make the numb... by Wiggy Splunk Employee in Splunk Search 08-01-2011 2 1	2	1
Filter events with specific text I've already indexed a bunch of syslog data. However, when I search I'd like to be able to filter out certain events... by procha New Member in Splunk Search 08-01-2011 0 1	0	1
Time Stamp in Stats table - event relevance I'm generating a stats table to count the occurrence of errors in our production app logs and presenting a top 10 err... by nowplaying Explorer in Splunk Search 08-01-2011 1 3	1	3
missing results from search to display indexed volume I intend to set this as a saved search that will show the daily indexed volume for the previous month. Here's the se... by remy06 Contributor in Splunk Search 08-01-2011 0 1	0	1
Regex: Simple Substring for Field Extraction Hi All I seem to be having a little issue extracting data from a specific position, the data I am working with have ... by talismanc New Member in Splunk Search 07-30-2011 0 2	0	2
count of character in field how would I count the number of occurances of a character or symbol in an extracted field and display that as a seper... by EricPartington Communicator in Splunk Search 07-29-2011 0 2	0	2
Environment variable used in search How do you set up an Environment variable to be used as part of the path for your data? I set an environment variable... by fresned Path Finder in Splunk Search 07-29-2011 3 3	3	3
search app error : skipped indexing of internal audit event will keep dropping skipped indexing of internal audit event will keep dropping events until indexer congestion is remedied. Check disk s... by duongl2 Explorer in Splunk Search 07-29-2011 0 3	0	3
Reassign (or keep) variable in eval's IF statement I have two variables and based on one would like to possible change the value of the other: .. \| eval a="foo" \| eval... by kevintelford Path Finder in Splunk Search 07-29-2011 2 2	2	2
eval streamstats result within timechart can't recognize field When I use streamstats to generate last values in the stream I can timechart the results appropriately (without error... by keycoldstorage Explorer in Splunk Search 07-29-2011 0 1	0	1