Splunk Search

Community Activity

Gauge issue in 4.2.2 Hi, I'm getting an error while attempting to generate a gauge. Search operation 'gauge' is unknown. You might not ... by jlamble1 New Member in Splunk Search 07-05-2011 0 1	0	1
How to modify the timechart x-axis label Dear all I found that if I use "mysearch \| timchart span=1d count by host(timerange is one month)", the x-axis repre... by hjwang Contributor in Splunk Search 07-05-2011 0 1	0	1
Can Search Head Pooling be enabled at install time? We would like to automate the installation of our search heads (we use puppet on a Solaris environment) is there an i... by chris Motivator in Splunk Search 07-05-2011 0 2	0	2
trouble extracting field, filenames from UNC paths I'm working with a custom Windows EventLog that contains successful file upload events. I'm attempting to extract ju... by DaClyde Contributor in Splunk Search 07-03-2011 0 3	0	3
Can a subsearch do this? Or do I need a custom search command? Hi, In my Splunk data (say) I've got a running list of customer purchases, with a customer ID number and an Item Num... by howyagoin Contributor in Splunk Search 07-01-2011 0 1	0	1
Different date format in same log How can I pars this log with different date format? data.log: 2011.06.30 16:06:11 data data data data bla bla 30.06... by pero1234 Path Finder in Splunk Search 07-01-2011 0 4	0	4
Extracting "bean string" formatted logs I have some log entries that look like the following: foo2011-06-25T20:12:54 [a.b.c.d] Promoting SystemFingerprint ... by jhart_rapid7 New Member in Splunk Search 07-01-2011 0 2	0	2
Resolve only the top 10 clientips in DNS I'm trying to figure out the best way to have splunk resolve hostnames for only the top 10 clientips (by MB's transfe... by jstockamp Communicator in Splunk Search 07-01-2011 0 1	0	1
Splunk date format different to event date format Apologies if this has been answered before. New install of Splunk 4.2.2. We require the Europian date format (dd/mm/... by kwijibo007 Explorer in Splunk Search 07-01-2011 0 3	0	3
When run a diag, got error: Exception: , Value: global name 'src_path' is not defined Attempting to run ./splunk diag has failed with the following error: ===============================================... by zliu Splunk Employee in Splunk Search 06-30-2011 0 1	0	1
How to sum top30 and then sum top31-100 and then sum top101-500 I have use sort event from big to small ,now i want to sum 1-30,31-100,101-500,501-3000,3000- .how to do it ? thanks... by lihongyan_84 Explorer in Splunk Search 06-29-2011 0 2	0	2
will persistent queues work with splunktcp? This online doc says that persistent queues only work with certain input types. Will they work with splunktcp? This i... by suhprano Path Finder in Splunk Search 06-29-2011 0 2	0	2
combining two searches How can I combine the following two queries into a single search? index=sendmail earliest="@d-2h" latest="@d+10h" ... by DTERM Contributor in Splunk Search 06-28-2011 3 2	3	2
How to compute stats (mean, median, mode) over a frequency table? I have a search which returns the result as frequency table: uploads frequency 0 6 1 4 ... by jyzhang Engager in Splunk Search 06-28-2011 0 4	0	4
Rex problem Hi, I have the following data set: (x,y,z could be any number in the following data sets) (All IPs are in the IPFie... by weikuanl New Member in Splunk Search 06-28-2011 0 5	0	5
Join or Where statment I have condition 1 [ index=sample offending_ip="*" ] I have condition 2 [ index=main source="firewall" ] I want to ... by hartfoml Motivator in Splunk Search 06-28-2011 0 1	0	1
Can we change the Time intervals displayed on X-Axis for a Graph I want to set the Time Intervals displayed on X-Axis. By default it is shown every 4 hours for Time range of 1 Day. ... by tkadale Path Finder in Splunk Search 06-27-2011 1 2	1	2
How to find the events contain different fields while they have the same value in another field? I got the following log events: ===== User:A IP_address:10.0.0.1 User:B IP_address:10.0.0.2 User:C IP_address:10.... by weikuanl New Member in Splunk Search 06-27-2011 0 2	0	2
Specific rex doesnt seem to work Have 3 sets of drives that are listed differently by different systems. FC SSD SATAII SSD Fibre Channel SATAII... by clintla Contributor in Splunk Search 06-27-2011 0 5	0	5
Error in 'UnifiedSearch': Unable to parse the 'Missing LHS for AND' search --> error when searching for surrounding events - why? Does anyone know why I am getting the following error when running the following search to find surrounding events: ... by the_wolverine Champion in Splunk Search 06-27-2011 0 2	0	2
Regmon filters not working I'm trying to monitor the registry and filter on a few critical keys. When I look at the events, I'm seeing events f... by jambajuice Communicator in Splunk Search 06-27-2011 1 4	1	4
Percent of Subtotals Splunkers, I'm trying to get splunk to help me with the analysis of survey responses. I have the command: * \| sta... by sondradotcom Path Finder in Splunk Search 06-26-2011 0 1	0	1
Match PID to user name, then tell me what they downloaded from SFTP My goal is to parse my sftp logs, match the pid to the user name, then generate a list of what that user downloaded a... by kvassallo New Member in Splunk Search 06-24-2011 0 2	0	2
In a distributed search environment, where do my configurations go? The search head? The Indexers? If I have, say five, indexers, and a search head that points at them, where do my field extractions, tagging, lookups... by jrodman Splunk Employee in Splunk Search 06-24-2011 3 4	3	4
Why are there no time stamp in Earliest and Latest Events for main index I have two search heads, four indexers, and several forwarders. When I go to Manager -> Indexes, my main index shows... by Masa Splunk Employee in Splunk Search 06-24-2011 2 1	2	1