Splunk Search

Community Activity

search where a field is IN another search Hi all i need to do a search like this: sourcetype="webseal_access" OR sourcetype="wmi:wineventlog:security" \| renam... by pinzer Path Finder in Splunk Search 12-13-2010 0 2	0	2
group fields in search command i would like to send an alert when newwork interface is down more than 3 min. That is to say i wanna group the field ... by hjwang Contributor in Splunk Search 12-13-2010 0 1	0	1
Need some help with a repeating regex I have an event with a field like this: ids="ID-120-1, ID-141-5, ID-92-5, N/A" I'd like to extract the field and onl... by mw Splunk Employee in Splunk Search 12-13-2010 0 3	0	3
IIS 6.0 logs (W3C Extended) columns names are shifted one position from the data due to "#Fields: " I am indexing W3C Extended IIS logs and have found that Splunk is extracting column headers from the logs, but due to... by splun88 Engager in Splunk Search 12-11-2010 1 1	1	1
one liner to get list of scheduled searches associated with users How do I get a list of scheduled searches associated with user info. by sanju005ind Communicator in Splunk Search 12-10-2010 3 4	3	4
Field data not displayed I have a CSV table that lists the following fields: date, time, location, received, authorized It looks like this ... by kmattern Builder in Splunk Search 12-10-2010 0 1	0	1
using a different time base on timechart I would like to use a different field than _time as my time base for timechart. I build a stats table, and in it I u... by fk319 Builder in Splunk Search 12-10-2010 1 3	1	3
Help! Summary search process stuck ? I started running the fill_summary_index.py script and my session was interrupted. The summary backfill process neve... by the_wolverine Champion in Splunk Search 12-10-2010 1 3	1	3
Help with outputlookup I am trying to create a lookup table from evenst similar to the following: results\|192.168.2\|192.168.2.183\|microsoft... by jambajuice Communicator in Splunk Search 12-10-2010 0 2	0	2
timechart of running sum How to plot running sums? Eg given events with fields "time host errors", I'd like to do \| timechart accum(errors) ... by jrstear Path Finder in Splunk Search 12-09-2010 0 2	0	2
How do I create a Field for Mac Address? The mac address format for all of my logs is xx:xx:xx:xx:xx:xx AUTHORIZATION-SUCCESS: user: airport; mac: e8:06:88:8... by mayler Path Finder in Splunk Search 12-09-2010 1 2	1	2
Does stats distinct_count have a limit of distinct values it will count? I was working with a search similar to: my_nifty_search_terms \| stats distinct_count(field) by date_hour and notic... by dwaddle SplunkTrust in Splunk Search 12-09-2010 1 1	1	1
Removing fields from _raw or similar I'm trying to rex out a chunk of events, then remove that field from the events prior to piping to the cluster comman... by skippylou Communicator in Splunk Search 12-08-2010 2 2	2	2
Problem getting count(eval(. . . from chart command Trying to emulate example given here, but totals always come up zero. Basic search returns over 1,000 events for a 4 ... by rgcox1 Communicator in Splunk Search 12-08-2010 0 2	0	2
Help on query for user login info. I have file which has a set of all users and roles with the Splunk account.The file name is usermap.csv I am using t... by sanju005ind Communicator in Splunk Search 12-08-2010 0 1	0	1
Opposite of "head" ? I'm trying to find out what the oldest occurrence of an event was - as in, opposite of head. Is there such a command... by the_wolverine Champion in Splunk Search 12-08-2010 1 6	1	6
Calculate time avg time and std deviation between log entries I am trying to average calculate the time between web log entries. If an IP on the network visits the same URL multip... by tradecraft1914 Explorer in Splunk Search 12-08-2010 1 1	1	1
Search on XML Multiple Key Attribute Pairs I am stranded extracting "values" from below xml <SearchElements> <entry key="FirstName">%</entry> <ent... by bansi Path Finder in Splunk Search 12-07-2010 0 3	0	3
Field extraction at index, or use transforms? I am working with the following input and wanted some advice on how/where to specify the field extractions: "\x00\x0... by Toups Explorer in Splunk Search 12-07-2010 0 6	0	6
Creating a dashboard with stacked bar chart of top values I am creating a dashboard with one panel displaying 404 errors. I am able to get this working fine with the followin... by cpenkert Path Finder in Splunk Search 12-07-2010 0 2	0	2
Filter Search results The search result produces output of a column in following format Element[contractId=true,memberId=<null>,name=[Name... by bansi Path Finder in Splunk Search 12-06-2010 0 3	0	3
Help With Regular Expression To Extract Values Between XML Element Tags on Multi-line How to extract values between Elements tag. <DataNode node-type="Contract"> <TransactionAttributes> ... by bansi Path Finder in Splunk Search 12-06-2010 0 6	0	6
Realtime Google map Dashboard I'm trying to configure a real-time dashboard using the Google Maps application. I'm able to get the application wor... by nocostk Communicator in Splunk Search 12-06-2010 0 3	0	3
XML data - multi value field extraction without using xpath I got stuck with extracting a multi value field from XML data: <Results> <Result> <Grade>Error</Grade> ... by meno Path Finder in Splunk Search 12-05-2010 1 8	1	8
Results from search link to another site Hi! I am not quite sure how to go about trying to do this task. I have 3 searches that run and gather data in splun... by gnovak Builder in Splunk Search 12-03-2010 0 6	0	6