Splunk Search

Community Activity

How to calculate the total CPU by top result Hi, all, I am a newbie in splunk. I have encounter a problem when play around with *NIX app in Splunk. I am going t... by wisespot New Member in Splunk Search 02-24-2011 0 1	0	1
auto-finalized after time limit reached Hello, I have a saved search set up that uses the append command. The subsearch of the append command give me the f... by cramasta Builder in Splunk Search 02-24-2011 4 2	4	2
need to search keyword in specified sourcetype via CLI Im not sure what i am doing wrong... I read the documentation and googled and cannot seem to figure it out. Im usin... by smcap New Member in Splunk Search 02-23-2011 0 3	0	3
how to call a macro from the CLI how to call a macro from the CLI ? I tried splunk search " * \| mymacro \| table *" and got Error in 'SearchParser': Mi... by mataharry Communicator in Splunk Search 02-23-2011 1 1	1	1
Chart values extracted from search Hi, I have created a saved search that removes all text but the value I want to chart, ie. host="machine" "uniquesear... by drewbfl Path Finder in Splunk Search 02-23-2011 0 6	0	6
How do I set the owner on a saved search? I need to set the owner and permissions on saved searches after upgrading to 4.1.5 - where can I set these? by yazapage Explorer in Splunk Search 02-23-2011 1 1	1	1
under what situations will the head command intelligently finalize searches? In some conditions the head command knows that the search has completed all the information that the user asked for, ... by sideview SplunkTrust in Splunk Search 02-23-2011 1 1	1	1
Host name extraction via regex on indexing - Only indexing a single file? Greetings fellow Splunkers, I'm having some issues with extracting the correct host name from log file names on inde... by rturk Builder in Splunk Search 02-23-2011 0 3	0	3
Precedence of explicit vs wildcard in props.conf I'm setting the timezone for hundreds of forwarders at once by using props.conf wildcards on host: [host::DN*] # Den... by Jason Motivator in Splunk Search 02-22-2011 1 3	1	3
How does Active Directory Monitoring Work? Hello, I set up Active Directory monitoring with Splunk a couple weeks ago. I am running a search that searches for... by kholleran Communicator in Splunk Search 02-22-2011 0 3	0	3
How to search all reference log entries? Hi All, Here are some log entries from cisco ironport email security appliance: Feb 21 10:16:55 212.167.24.57 Feb 2... by dikaye Path Finder in Splunk Search 02-22-2011 0 4	0	4
Matching nulls in LINE_BREAKER removing first letter x? Hopefully this is just a stupid regex error: I'm using SplunkLightForwarder on AIX to send a few .sh_history logs to... by mikel8 Explorer in Splunk Search 02-22-2011 3 10	3	10
Grouping similar fields using search syntax? I have a ton of useragent type fields, like MacOutlook/some_version_x_os_version_etc and Entourage/other_version_x_os... by the_wolverine Champion in Splunk Search 02-18-2011 1 2	1	2
Start Search in a new window Is it possible to start a new search in a new window or tab just by clicking on part of an entry in my current result... by thepocketwade Path Finder in Splunk Search 02-18-2011 1 4	1	4
Combine output of 2 logs with only 1 key Hey, I try to figure out if it is possible to have splunk to build a result for my special needings: I have 2 diffe... by StefanB Explorer in Splunk Search 02-18-2011 0 4	0	4
Build Event Type search char limitation I am creating several event types and have found when adding searches longer than 98 char it trims the rest off. Is t... by vlapeintuit Explorer in Splunk Search 02-18-2011 0 1	0	1
calculate percentage from two sums? I'm hoping this doesn't stretch the bounds of "no question is too 'newbie'" part of the FAQ: I'm attempting to perfo... by dang Path Finder in Splunk Search 02-17-2011 1 2	1	2
Comparaing strings of different key Hi, I would like to build a query to compare the var1 and var2 and then determinecount. Example lets say var1 = "a... by aahadqj Explorer in Splunk Search 02-17-2011 0 1	0	1
Why does SOURCE_KEY=MetaData:Host not work for REPORT stanzas? I am trying to extract data from the Host field at search time, using a REPORT- in props.conf. The extraction works ... by Jason Motivator in Splunk Search 02-17-2011 0 1	0	1
Field extraction into multivalue field So I want to do a general field extraction of IP addresses for a sourcetype that may have them in multiple places in ... by Steve_Litras Path Finder in Splunk Search 02-17-2011 2 2	2	2
Defining search timeframe from midnight to now We have situations where we just want to show what happened "today", which is defined as from Midnight to now. That'... by beaumaris Communicator in Splunk Search 02-17-2011 1 1	1	1
Search results, dashboards and search bar on same dashboard page I would like to create a dashboard that consists of 2 main parts: 1 - open search bar allowing any search 2 - result... by splunker30039 Path Finder in Splunk Search 02-17-2011 1 3	1	3
how to count rows with lack of field ! so i have a log which has column/field which will be populated with "Y" if there is an ERROR, feild name is ERROR_FLA... by ashishv Explorer in Splunk Search 02-17-2011 2 6	2	6
Calculate stats over a percentage of the data I got a challenging request from a customer regarding their access logs. They want to monitor access patterns across ... by gpburgett Splunk Employee in Splunk Search 02-17-2011 1 7	1	7
skipped savedsearches Hello, I have a case opened for this - but it seems that this forum can be quicker at times... I run between 100-20... by briang67 Communicator in Splunk Search 02-17-2011 1 4	1	4