Splunk Search

Community Activity

how to count rows with lack of field ! so i have a log which has column/field which will be populated with "Y" if there is an ERROR, feild name is ERROR_FLA... by ashishv Explorer in Splunk Search 02-17-2011 2 6	2	6
Calculate stats over a percentage of the data I got a challenging request from a customer regarding their access logs. They want to monitor access patterns across ... by gpburgett Splunk Employee in Splunk Search 02-17-2011 1 7	1	7
skipped savedsearches Hello, I have a case opened for this - but it seems that this forum can be quicker at times... I run between 100-20... by briang67 Communicator in Splunk Search 02-17-2011 1 4	1	4
Search Commands: analyzefields I'm trying to wrap my head around some of the more advanced/esoteric search commands. It seems like there's a lot of... by mw Splunk Employee in Splunk Search 02-17-2011 3 3	3	3
How can i efficiently discard the event stream of a search? Suppose I have a search such as sourcetype=apache errors which finds errors that I care about. Now, suppose I wa... by jrodman Splunk Employee in Splunk Search 02-16-2011 2 1	2	1
Duration data not returning properly in a transaction? Hi, For some reason, in a query that contains a transaction of some Juniper SSL VPN logs, my duration doesn't seem t... by mtanadsk Explorer in Splunk Search 02-16-2011 1 1	1	1
Help extracting multiline events using rex We have events that look like this: edit 4 set srcintf "port1" set dstintf "port2" set srcaddr "0.... by jambajuice Communicator in Splunk Search 02-16-2011 1 5	1	5
Passing event time from subsearch into parent search... I've got a search that results in an IP address. I use that search as a subsearch which takes the IP and uses it as ... by rgonzale6 Path Finder in Splunk Search 02-15-2011 2 3	2	3
Find user saved searches Given a splunk username how do i search for the following. The roles that the user has - The last 15 searches perfo... by sanju005ind Communicator in Splunk Search 02-15-2011 1 3	1	3
Problems Comparing Multivalue Fields I am trying to compare two multivalue fields using the below search: index="weblogic" "Dynamic Server List" \| rex f... by Beth Engager in Splunk Search 02-15-2011 2 1	2	1
Find size (in bytes?) of search results I'm running a search that compiles its results in a table by source and displays the number of logs per source. I'm ... by thepocketwade Path Finder in Splunk Search 02-15-2011 1 2	1	2
Backslash escape problem Hi! I have a view, with this structure: <ExtendedFieldSearch> <HiddenSearch> <HiddenPostProcess/> ... by hbazan Path Finder in Splunk Search 02-15-2011 3 5	3	5
list "top" command question Hi, My mail server logs display recipient info like that: Feb 14 16:04:25 224.67.24.175 Feb 14 16:04:25 mail_log... by dikaye Path Finder in Splunk Search 02-15-2011 0 3	0	3
Is there any way to selectively avoid automatic field extraction? I have multiline events where there's a fair bit of auto-kv extraction that is good, but then there's a lot of noise ... by sideview SplunkTrust in Splunk Search 02-15-2011 1 6	1	6
timechart percentage data - not working Hi, I am trying to plot the percentage data over a period of span 1h. host="abc" sourcetype="xyz" ("Eurl" ) \| eval ... by aahadqj Explorer in Splunk Search 02-15-2011 1 7	1	7
Chart displaying UNIX timestamp on x axis. How to change to human readable date? Hi All, I'll start with the data we are dealing with. It deals with predictions of a price into the future. We recei... by phoenixdigital Builder in Splunk Search 02-15-2011 2 5	2	5
Need something like addtotals(sum across columns) for calculating average across columns I want to compute average across columns for a table(that I get as a result from stats command). I am trying to do so... by hmahendrakumar Path Finder in Splunk Search 02-14-2011 0 3	0	3
Can't figure out how to get Syslog data to chart Hi, I am having ADSL line problems as a result I am using splunk to monitor my syslog, especially interested in lines... by anthonycohn New Member in Splunk Search 02-14-2011 0 3	0	3
how to centralized the splunk login account? Dear Sir, We will have two indexer servers for our account login to manage they account founctions, so how to centra... by dikaye Path Finder in Splunk Search 02-14-2011 0 3	0	3
How to calculate time elapsed since now from IIS logs I need to be able to show how long it has been since a user uploaded or downloaded a specific type of data based on t... by DaClyde Contributor in Splunk Search 02-12-2011 1 5	1	5
Can't disable remote web browsing My Enterprise Trial license was just about to expire, so I applied the "free" license. Since there is no authenticat... by dpgrant Engager in Splunk Search 02-11-2011 1 1	1	1
Can I add text to return value of eval/case? I'm writing a search that performs a simple eval: eval changed = case (NOT address="-",address,NOT city="-",city,NOT... by castle1126 Communicator in Splunk Search 02-11-2011 3 3	3	3
Multiple values, same field -- how? I'm not sure how to workaround an issue where my field extraction is working on multiple values of the same field. F... by the_wolverine Champion in Splunk Search 02-11-2011 0 4	0	4
Can't manage field extractions from manager I'm doing some field extractions for a sourcetype and Splunk is saying the field has already been extracted. I went ... by jambajuice Communicator in Splunk Search 02-10-2011 0 2	0	2
How do I extract useful information into fields from Oracle WebLogic Application Server logs? I want to extract fields from WebLogic logs to use in reports. by Rob_Jordan Explorer in Splunk Search 02-10-2011 3 2	3	2