Splunk Search

Community Activity

Questions regarding the transaction command Hello, We have a set of log events consisting of user activity by a number of different users in an application. We ... by dpatnam Path Finder in Splunk Search 07-08-2011 0 2	0	2
manually copying log files... overwrite or add new? Hi folks, I'm trialling Splunk and while I'm waiting for my support folks to install the Splunk Forwarder on my Tomc... by glennh Engager in Splunk Search 07-08-2011 1 1	1	1
Question on stash files or sourcetype=stash I am running Splunk version 4.2.1. I have a saved search that runs nightly. This was one of my first queries in Spl... by RNB Path Finder in Splunk Search 07-07-2011 0 1	0	1
Number of hosts forwarding logs to indexer I would like to know the quickest way to count the number of hosts that have sent data to the indexer for the last 7 ... by rxdeleon Explorer in Splunk Search 07-07-2011 0 3	0	3
How to compare fields from two different event types Hello, I am trying to come up with a search to compare the IP address values from two different log types contained ... by corwinz6 Explorer in Splunk Search 07-07-2011 0 2	0	2
Get percentage of matchin to all events Hi all I think this will be easy for you guys but I have no clue at the moment  My search is very simple: sourcet... by Simon Contributor in Splunk Search 07-07-2011 0 2	0	2
Include row for zero resutls I have several searches that count the number of results per day, using "stats count by date_mday". My problem is th... by lawrenn New Member in Splunk Search 07-07-2011 0 2	0	2
Editing extracted fields' regex Hey, I would like to know how to change / modify / edit the regex for an extracted field. Your video tutorials were... by voxeoRamya Engager in Splunk Search 07-06-2011 1 1	1	1
lookup table issues I have a lookup table set up like lookup table name A1_timer field_a filed_b test1 value1 test2 value2 ... by fresned Path Finder in Splunk Search 07-06-2011 1 1	1	1
inputs.conf overlapping regex whitelist help Hello all, I am really sorry to be posing this question, as I see that many variants of it have already been answere... by brianirwin Path Finder in Splunk Search 07-06-2011 0 2	0	2
Allow users to add public field extractions I would like to allow users to add public field extractions. Currently any field extraction users add are marked priv... by Eldad Explorer in Splunk Search 07-06-2011 0 3	0	3
How do I calculate USD based on Lookup table? All our volume are recorded in multiple local currencies I need to create a report which show our volume in USD. I ... by JYTTEJ Communicator in Splunk Search 07-06-2011 3 4	3	4
Gauge issue in 4.2.2 Hi, I'm getting an error while attempting to generate a gauge. Search operation 'gauge' is unknown. You might not ... by jlamble1 New Member in Splunk Search 07-05-2011 0 1	0	1
How to modify the timechart x-axis label Dear all I found that if I use "mysearch \| timchart span=1d count by host(timerange is one month)", the x-axis repre... by hjwang Contributor in Splunk Search 07-05-2011 0 1	0	1
Can Search Head Pooling be enabled at install time? We would like to automate the installation of our search heads (we use puppet on a Solaris environment) is there an i... by chris Motivator in Splunk Search 07-05-2011 0 2	0	2
trouble extracting field, filenames from UNC paths I'm working with a custom Windows EventLog that contains successful file upload events. I'm attempting to extract ju... by DaClyde Contributor in Splunk Search 07-03-2011 0 3	0	3
Can a subsearch do this? Or do I need a custom search command? Hi, In my Splunk data (say) I've got a running list of customer purchases, with a customer ID number and an Item Num... by howyagoin Contributor in Splunk Search 07-01-2011 0 1	0	1
Different date format in same log How can I pars this log with different date format? data.log: 2011.06.30 16:06:11 data data data data bla bla 30.06... by pero1234 Path Finder in Splunk Search 07-01-2011 0 4	0	4
Extracting "bean string" formatted logs I have some log entries that look like the following: foo2011-06-25T20:12:54 [a.b.c.d] Promoting SystemFingerprint ... by jhart_rapid7 New Member in Splunk Search 07-01-2011 0 2	0	2
Resolve only the top 10 clientips in DNS I'm trying to figure out the best way to have splunk resolve hostnames for only the top 10 clientips (by MB's transfe... by jstockamp Communicator in Splunk Search 07-01-2011 0 1	0	1
Splunk date format different to event date format Apologies if this has been answered before. New install of Splunk 4.2.2. We require the Europian date format (dd/mm/... by kwijibo007 Explorer in Splunk Search 07-01-2011 0 3	0	3
When run a diag, got error: Exception: , Value: global name 'src_path' is not defined Attempting to run ./splunk diag has failed with the following error: ===============================================... by zliu Splunk Employee in Splunk Search 06-30-2011 0 1	0	1
How to sum top30 and then sum top31-100 and then sum top101-500 I have use sort event from big to small ,now i want to sum 1-30,31-100,101-500,501-3000,3000- .how to do it ? thanks... by lihongyan_84 Explorer in Splunk Search 06-29-2011 0 2	0	2
will persistent queues work with splunktcp? This online doc says that persistent queues only work with certain input types. Will they work with splunktcp? This i... by suhprano Path Finder in Splunk Search 06-29-2011 0 2	0	2
combining two searches How can I combine the following two queries into a single search? index=sendmail earliest="@d-2h" latest="@d+10h" ... by DTERM Contributor in Splunk Search 06-28-2011 3 2	3	2