Splunk Search

Community Activity

Regular Expression to match credit cards Hi, I am trying to write a search to look for credit card numbers in logs (for the PCI requirement 3.1, of course  ... by oscargarcia Path Finder in Splunk Search 03-08-2011 0 1	0	1
[EventsViewer module] Cannot access search data;; job 1299545325.41 is a zombie and is no longer with us I reinstalled splunk to a different volume and now I get this message when trying to search for any string. How can ... by timstiles Engager in Splunk Search 03-08-2011 0 4	0	4
Searching different sources or indexes depending on the timerange of the search This problem generally occurs when you want to create a dashboard that contains a timerange picker and want to popula... by steveyz Splunk Employee in Splunk Search 03-07-2011 2 2	2	2
Search Macro problems, eval and case I am trying to get a case to work with the eval statement inside of a macro and have been unsuccessfull. I can get t... by fk319 Builder in Splunk Search 03-07-2011 0 3	0	3
I am trying to create a field for sudo based on the following log entry I am trying to extract the username into a field that I can use and have so far been unsuccessful. I am doing this ba... by gceraso Engager in Splunk Search 03-07-2011 0 1	0	1
not getting result in join - imp I am using :join" query to show one table with different columns from different sourcetypes. However some of the sour... by Anvita Explorer in Splunk Search 03-07-2011 1 3	1	3
Discard unwanted syslog events? I need to reduce our licensing usage by filtering common, valid, no-news-is-good-news domains out of our Barracuda We... by mileserickson Engager in Splunk Search 03-07-2011 1 2	1	2
Not Able to see sourcetype="websphere:MBean:stats" on splunk websphere dashboard Hi, I am not Able to see sourcetype="websphere:MBean:stats" on splunk websphere dashboard. Since this source is imp... by lalitgoyal87 New Member in Splunk Search 03-07-2011 0 3	0	3
Eval type error on subseach Hi all, I'm having a few issues with using a subsearch within an eval statement. index="capacityanalysisindex01" \|... by jarrodrobins Engager in Splunk Search 03-07-2011 0 1	0	1
How can I perform math on the counts from two queries Here's the situation: I have one set of web log events that represent people using my app which I generally display ... by markgo Engager in Splunk Search 03-07-2011 4 3	4	3
locate duplicate MAC addresses in dhcp logs Should be simple to solve, but i'm drawing a blank. i have three fields i wnat to look at in dhcp logs mac hostname ... by EricPartington Communicator in Splunk Search 03-05-2011 1 3	1	3
Does splunk> do any internal caching of recent searches? Does splunk> do any internal caching of recent searches? More to the point... Can I be 100% certain that my searc... by tylr Engager in Splunk Search 03-05-2011 2 2	2	2
Search Issues with regex field1= "..." \| regex field1="..." I think i may have stumbled upon an error in Splunk. The following search will filter out any 10.x.x.x and 172 priva... by I-Man Communicator in Splunk Search 03-04-2011 0 2	0	2
How do I deal with logs containing asterisks? I'm trying to deal with a report that contain an asterisk to denote a "true/false" condition. My goal is to use trans... by hacktastic Path Finder in Splunk Search 03-04-2011 1 6	1	6
Bring back set number of fields even if the field isn't in the data Hello, I am trying to bring back a set number of fields in a query even if that field isn't in the indexed data. Fo... by jlechem New Member in Splunk Search 03-04-2011 0 3	0	3
Transactions: summing up repeated fields I have server farms made up of 4 servers each. I have various stats from each posted once per minute. I want to group... by twinspop Influencer in Splunk Search 03-04-2011 0 1	0	1
How do I extract a value from the 'source' field at search-time? My log directories are structured like so - /var/myapplogs/<app-name>/logs/*.log How can I extract <app-name> as ... by Mick Splunk Employee in Splunk Search 03-03-2011 1 3	1	3
Limiting timechart span to only include values > 0 I have a search that is returning the value of a field called num_oracle_batch. I am using the following to get a per... by ericrobinson Path Finder in Splunk Search 03-03-2011 1 3	1	3
Average Hits per Minute by Distinct SourceIP I'm interested to know the average hits per minute by distinct source IP address from my web log data for a given tim... by mattreidy Engager in Splunk Search 03-03-2011 1 6	1	6
optimal order for doing dedup, fields and sort I have lots of little searches and postProcess searches all over the place, where the request only needs a single sor... by sideview SplunkTrust in Splunk Search 03-03-2011 3 1	3	1
Passing results to next command one at a time and using event results in parameters Trying to get a search working where instead of the whole result set passing to the next command as one, they would p... by skippylou Communicator in Splunk Search 03-03-2011 2 2	2	2
Server Side Execution Hi, does Splunk has a possibility to run server side scripts (python, ruby) based on a splunk search result? The sea... by lwalhoefer Engager in Splunk Search 03-03-2011 1 2	1	2
add dynamic field in splunk Hi everyone , i would like to add a field in splunk.but field value does not come in result. here my source are:- 1.... by chandansingh Explorer in Splunk Search 03-03-2011 0 1	0	1
Drilldown on OTHER field Hey, There is a field named OTHER which tends to appear at times in my search results. However, if I drilldown on th... by Ant1D Motivator in Splunk Search 03-03-2011 2 5	2	5
Download Link in Result Table Hi, I'm looking for a possibility to add a download link to a column within a result table ( e.g. ... \| table field1)... by lwalhoefer Engager in Splunk Search 03-02-2011 0 1	0	1