Splunk Search

Community Activity

Field extraction into multivalue field So I want to do a general field extraction of IP addresses for a sourcetype that may have them in multiple places in ... by Steve_Litras Path Finder in Splunk Search 02-17-2011 2 2	2	2
Defining search timeframe from midnight to now We have situations where we just want to show what happened "today", which is defined as from Midnight to now. That'... by beaumaris Communicator in Splunk Search 02-17-2011 1 1	1	1
Search results, dashboards and search bar on same dashboard page I would like to create a dashboard that consists of 2 main parts: 1 - open search bar allowing any search 2 - result... by splunker30039 Path Finder in Splunk Search 02-17-2011 1 3	1	3
how to count rows with lack of field ! so i have a log which has column/field which will be populated with "Y" if there is an ERROR, feild name is ERROR_FLA... by ashishv Explorer in Splunk Search 02-17-2011 2 6	2	6
Calculate stats over a percentage of the data I got a challenging request from a customer regarding their access logs. They want to monitor access patterns across ... by gpburgett Splunk Employee in Splunk Search 02-17-2011 1 7	1	7
skipped savedsearches Hello, I have a case opened for this - but it seems that this forum can be quicker at times... I run between 100-20... by briang67 Communicator in Splunk Search 02-17-2011 1 4	1	4
Search Commands: analyzefields I'm trying to wrap my head around some of the more advanced/esoteric search commands. It seems like there's a lot of... by mw Splunk Employee in Splunk Search 02-17-2011 3 3	3	3
How can i efficiently discard the event stream of a search? Suppose I have a search such as sourcetype=apache errors which finds errors that I care about. Now, suppose I wa... by jrodman Splunk Employee in Splunk Search 02-16-2011 2 1	2	1
Duration data not returning properly in a transaction? Hi, For some reason, in a query that contains a transaction of some Juniper SSL VPN logs, my duration doesn't seem t... by mtanadsk Explorer in Splunk Search 02-16-2011 1 1	1	1
Help extracting multiline events using rex We have events that look like this: edit 4 set srcintf "port1" set dstintf "port2" set srcaddr "0.... by jambajuice Communicator in Splunk Search 02-16-2011 1 5	1	5
Passing event time from subsearch into parent search... I've got a search that results in an IP address. I use that search as a subsearch which takes the IP and uses it as ... by rgonzale6 Path Finder in Splunk Search 02-15-2011 2 3	2	3
Find user saved searches Given a splunk username how do i search for the following. The roles that the user has - The last 15 searches perfo... by sanju005ind Communicator in Splunk Search 02-15-2011 1 3	1	3
Problems Comparing Multivalue Fields I am trying to compare two multivalue fields using the below search: index="weblogic" "Dynamic Server List" \| rex f... by Beth Engager in Splunk Search 02-15-2011 2 1	2	1
Find size (in bytes?) of search results I'm running a search that compiles its results in a table by source and displays the number of logs per source. I'm ... by thepocketwade Path Finder in Splunk Search 02-15-2011 1 2	1	2
Backslash escape problem Hi! I have a view, with this structure: <ExtendedFieldSearch> <HiddenSearch> <HiddenPostProcess/> ... by hbazan Path Finder in Splunk Search 02-15-2011 3 5	3	5
list "top" command question Hi, My mail server logs display recipient info like that: Feb 14 16:04:25 224.67.24.175 Feb 14 16:04:25 mail_log... by dikaye Path Finder in Splunk Search 02-15-2011 0 3	0	3
Is there any way to selectively avoid automatic field extraction? I have multiline events where there's a fair bit of auto-kv extraction that is good, but then there's a lot of noise ... by sideview SplunkTrust in Splunk Search 02-15-2011 1 6	1	6
timechart percentage data - not working Hi, I am trying to plot the percentage data over a period of span 1h. host="abc" sourcetype="xyz" ("Eurl" ) \| eval ... by aahadqj Explorer in Splunk Search 02-15-2011 1 7	1	7
Chart displaying UNIX timestamp on x axis. How to change to human readable date? Hi All, I'll start with the data we are dealing with. It deals with predictions of a price into the future. We recei... by phoenixdigital Builder in Splunk Search 02-15-2011 2 5	2	5
Need something like addtotals(sum across columns) for calculating average across columns I want to compute average across columns for a table(that I get as a result from stats command). I am trying to do so... by hmahendrakumar Path Finder in Splunk Search 02-14-2011 0 3	0	3
Can't figure out how to get Syslog data to chart Hi, I am having ADSL line problems as a result I am using splunk to monitor my syslog, especially interested in lines... by anthonycohn New Member in Splunk Search 02-14-2011 0 3	0	3
how to centralized the splunk login account? Dear Sir, We will have two indexer servers for our account login to manage they account founctions, so how to centra... by dikaye Path Finder in Splunk Search 02-14-2011 0 3	0	3
How to calculate time elapsed since now from IIS logs I need to be able to show how long it has been since a user uploaded or downloaded a specific type of data based on t... by DaClyde Contributor in Splunk Search 02-12-2011 1 5	1	5
Can't disable remote web browsing My Enterprise Trial license was just about to expire, so I applied the "free" license. Since there is no authenticat... by dpgrant Engager in Splunk Search 02-11-2011 1 1	1	1
Can I add text to return value of eval/case? I'm writing a search that performs a simple eval: eval changed = case (NOT address="-",address,NOT city="-",city,NOT... by castle1126 Communicator in Splunk Search 02-11-2011 3 3	3	3