Splunk Search

Community Activity

Include row for zero resutls I have several searches that count the number of results per day, using "stats count by date_mday". My problem is th... by lawrenn New Member in Splunk Search 07-07-2011 0 2	0	2
Editing extracted fields' regex Hey, I would like to know how to change / modify / edit the regex for an extracted field. Your video tutorials were... by voxeoRamya Engager in Splunk Search 07-06-2011 1 1	1	1
lookup table issues I have a lookup table set up like lookup table name A1_timer field_a filed_b test1 value1 test2 value2 ... by fresned Path Finder in Splunk Search 07-06-2011 1 1	1	1
inputs.conf overlapping regex whitelist help Hello all, I am really sorry to be posing this question, as I see that many variants of it have already been answere... by brianirwin Path Finder in Splunk Search 07-06-2011 0 2	0	2
Allow users to add public field extractions I would like to allow users to add public field extractions. Currently any field extraction users add are marked priv... by Eldad Explorer in Splunk Search 07-06-2011 0 3	0	3
How do I calculate USD based on Lookup table? All our volume are recorded in multiple local currencies I need to create a report which show our volume in USD. I ... by JYTTEJ Communicator in Splunk Search 07-06-2011 3 4	3	4
Gauge issue in 4.2.2 Hi, I'm getting an error while attempting to generate a gauge. Search operation 'gauge' is unknown. You might not ... by jlamble1 New Member in Splunk Search 07-05-2011 0 1	0	1
How to modify the timechart x-axis label Dear all I found that if I use "mysearch \| timchart span=1d count by host(timerange is one month)", the x-axis repre... by hjwang Contributor in Splunk Search 07-05-2011 0 1	0	1
Can Search Head Pooling be enabled at install time? We would like to automate the installation of our search heads (we use puppet on a Solaris environment) is there an i... by chris Motivator in Splunk Search 07-05-2011 0 2	0	2
trouble extracting field, filenames from UNC paths I'm working with a custom Windows EventLog that contains successful file upload events. I'm attempting to extract ju... by DaClyde Contributor in Splunk Search 07-03-2011 0 3	0	3
Can a subsearch do this? Or do I need a custom search command? Hi, In my Splunk data (say) I've got a running list of customer purchases, with a customer ID number and an Item Num... by howyagoin Contributor in Splunk Search 07-01-2011 0 1	0	1
Different date format in same log How can I pars this log with different date format? data.log: 2011.06.30 16:06:11 data data data data bla bla 30.06... by pero1234 Path Finder in Splunk Search 07-01-2011 0 4	0	4
Extracting "bean string" formatted logs I have some log entries that look like the following: foo2011-06-25T20:12:54 [a.b.c.d] Promoting SystemFingerprint ... by jhart_rapid7 New Member in Splunk Search 07-01-2011 0 2	0	2
Resolve only the top 10 clientips in DNS I'm trying to figure out the best way to have splunk resolve hostnames for only the top 10 clientips (by MB's transfe... by jstockamp Communicator in Splunk Search 07-01-2011 0 1	0	1
Splunk date format different to event date format Apologies if this has been answered before. New install of Splunk 4.2.2. We require the Europian date format (dd/mm/... by kwijibo007 Explorer in Splunk Search 07-01-2011 0 3	0	3
When run a diag, got error: Exception: , Value: global name 'src_path' is not defined Attempting to run ./splunk diag has failed with the following error: ===============================================... by zliu Splunk Employee in Splunk Search 06-30-2011 0 1	0	1
How to sum top30 and then sum top31-100 and then sum top101-500 I have use sort event from big to small ,now i want to sum 1-30,31-100,101-500,501-3000,3000- .how to do it ? thanks... by lihongyan_84 Explorer in Splunk Search 06-29-2011 0 2	0	2
will persistent queues work with splunktcp? This online doc says that persistent queues only work with certain input types. Will they work with splunktcp? This i... by suhprano Path Finder in Splunk Search 06-29-2011 0 2	0	2
combining two searches How can I combine the following two queries into a single search? index=sendmail earliest="@d-2h" latest="@d+10h" ... by DTERM Contributor in Splunk Search 06-28-2011 3 2	3	2
How to compute stats (mean, median, mode) over a frequency table? I have a search which returns the result as frequency table: uploads frequency 0 6 1 4 ... by jyzhang Engager in Splunk Search 06-28-2011 0 4	0	4
Rex problem Hi, I have the following data set: (x,y,z could be any number in the following data sets) (All IPs are in the IPFie... by weikuanl New Member in Splunk Search 06-28-2011 0 5	0	5
Join or Where statment I have condition 1 [ index=sample offending_ip="*" ] I have condition 2 [ index=main source="firewall" ] I want to ... by hartfoml Motivator in Splunk Search 06-28-2011 0 1	0	1
Can we change the Time intervals displayed on X-Axis for a Graph I want to set the Time Intervals displayed on X-Axis. By default it is shown every 4 hours for Time range of 1 Day. ... by tkadale Path Finder in Splunk Search 06-27-2011 1 2	1	2
How to find the events contain different fields while they have the same value in another field? I got the following log events: ===== User:A IP_address:10.0.0.1 User:B IP_address:10.0.0.2 User:C IP_address:10.... by weikuanl New Member in Splunk Search 06-27-2011 0 2	0	2
Specific rex doesnt seem to work Have 3 sets of drives that are listed differently by different systems. FC SSD SATAII SSD Fibre Channel SATAII... by clintla Contributor in Splunk Search 06-27-2011 0 5	0	5