Splunk Search

Community Activity

Need to treat multiple lines in log file as a single unit, joined by an element I need to index the logs for a web service. For each end-user's interactions with the system, a collection of web se... by jarrowwx New Member in Splunk Search 01-31-2011 0 1	0	1
Boolean operators, searches, and simplification? Hi, all. I'd like to know if I've been wasting time over the last few years by using an overly formal grammar for pe... by spencers Explorer in Splunk Search 01-31-2011 0 2	0	2
Correlate _internal metrics per_host_thruput and per_index_thruput logs Is there an easy way to correlate per_index_thruput with per_host_thruput in the internal logs? Essentially, I have ... by pj Contributor in Splunk Search 01-31-2011 1 2	1	2
Show average response time of top 20 URLs Hey Guys, I thought this would be simple, but doesn't seem so. From our HTTP logs, I want to get a list of the top 20... by herbie Path Finder in Splunk Search 01-31-2011 1 4	1	4
Beginner Question ! - reporting ps output I have setup a splunk server and one lightforwarder client. This is configured to send the output of ps every 30 seco... by ritemple New Member in Splunk Search 01-30-2011 0 1	0	1
State Search Help Hi I have a logfile which looks like this: %Date %Time %Server %Application %State ("State UP" or "State DOWN") If... by RobertRi Communicator in Splunk Search 01-29-2011 0 4	0	4
Forcing LWF to send events from a file I have a system configured with a separate search head, indexer and LWF. In order to validate our processing and ref... by beaumaris Communicator in Splunk Search 01-29-2011 1 2	1	2
How can I programatically generate list of "OR" terms in a search? I am trying to figure out some method of using something like a scripted lookup to programmatically generate a set of... by dwaddle SplunkTrust in Splunk Search 01-28-2011 4 2	4	2
Using variables in mvfilter with match or how to get an mvdistinctcount(var) Hi everyone We would like to be able to find out if a certain field which occurs several times in a transaction chan... by chris Motivator in Splunk Search 01-28-2011 2 3	2	3
How to typecast an integer as a string literal Is there any way to explicitly typecast a number in Splunk so that it is interpreted as a string literal rather than ... by jcbrendsel Path Finder in Splunk Search 01-28-2011 1 1	1	1
Help with transaction search Hello, I have a file that looks like the following: date1 node1 seq_13 seq13_total_time date1 node1 seq_1... by briang67 Communicator in Splunk Search 01-28-2011 0 1	0	1
Need help with a rex field extraction I have some data that is displaying line breaks as "\n". I'm having problems writing rex commands in searches to str... by jambajuice Communicator in Splunk Search 01-28-2011 1 4	1	4
Alerting on Failed Login Events I would like to be able to generate an alert whenever there is a failed login using the same account from the same IP... by snowmizer Communicator in Splunk Search 01-28-2011 0 2	0	2
subsearch breaks on different index? subsearch for date_hour greater than Hi all, I have index01 which has all the web server log data that I'm interested in. I have index02 which has... by Alex_Megremis Explorer in Splunk Search 01-28-2011 0 2	0	2
Is it possible to pass CSV Reader Object As Argument From Splunk Python to another Python Script ??? I have following two python scripts -namelookupWrapper.py -namelookup.py The namelookupWrapper.py takes input of "me... by bansi Path Finder in Splunk Search 01-28-2011 0 5	0	5
How to get the rows changed since last time I executed the query? Is there a way I can do a search so that it returns the rows inserted since last time I ran the query? earliest=last... by shahhe Explorer in Splunk Search 01-27-2011 1 3	1	3
Splunk Documentation does not scroll on the iPad Trying to read the splunk docs using an ipad had problems. The internal iframe does not scroll. by bcotton Engager in Splunk Search 01-27-2011 3 4	3	4
Arithmetic on time fields I have a record that has a field with a processing stat on it. myField=00:00:12.12456 i.e. it took 12 and a bit... by stuartamurray Path Finder in Splunk Search 01-27-2011 2 4	2	4
Splunk Chart Rendering Performance I am seeing an issue on our Splunk server where we seem to be hitting a performance bottleneck. When generating char... by mcwomble Path Finder in Splunk Search 01-27-2011 0 2	0	2
Missing columns when run as scheduled/saved search I am completely stumped. When I run the following search interactively, all of the columns are populated with data. ... by jcbrendsel Path Finder in Splunk Search 01-27-2011 1 6	1	6
How to add data to an extracted field? A client wishes to pull some data from one of their logs into a search-time-extracted field and prefix it with a bit ... by Jason Motivator in Splunk Search 01-27-2011 1 3	1	3
Custom event renderer: able to access values in multivalued field? I'm writing up a custom event renderer to show the differences in two events in a transaction. Naturally, transaction... by Jason Motivator in Splunk Search 01-27-2011 0 2	0	2
How can I do field extractions from a specific custom event type? Why can't I do field extraction from a previously built eventtype? I can limit extraction of sourcetype, but not to e... by anton_chuvakin New Member in Splunk Search 01-27-2011 0 1	0	1
Display calculated values in a timechart We have data in the summary index that counts information by various categories. For the purposes of presenting the p... by beaumaris Communicator in Splunk Search 01-26-2011 1 5	1	5
Issue with doing math on event times? Here is my current code: index="sandbox" sourcetype="AS-CDR" \| where Called_Number="2155551060" OR Calling_Nu... by msarro Builder in Splunk Search 01-26-2011 0 3	0	3