Splunk Search

Community Activity

Why is index-time field extraction not searchable? I'm double posting, original issue posted here: http://www.splunk.com/support/forum:SplunkGeneral/4378 When I use do... by dottom Path Finder in Splunk Search 12-14-2010 2 23	2	23
Creating new fields based on a list of keys and a list of values My data set is web server access logs that include two custom values we insert. The values are lists of keys and lis... by mikebrittain Explorer in Splunk Search 12-13-2010 0 2	0	2
Redirecting to setup screen if not configured How do I setup a redirect so that if the user clicks the App icon in the launcher, they get redirected to the setup s... by vbumgarn Path Finder in Splunk Search 12-13-2010 1 2	1	2
search where a field is IN another search Hi all i need to do a search like this: sourcetype="webseal_access" OR sourcetype="wmi:wineventlog:security" \| renam... by pinzer Path Finder in Splunk Search 12-13-2010 0 2	0	2
group fields in search command i would like to send an alert when newwork interface is down more than 3 min. That is to say i wanna group the field ... by hjwang Contributor in Splunk Search 12-13-2010 0 1	0	1
Need some help with a repeating regex I have an event with a field like this: ids="ID-120-1, ID-141-5, ID-92-5, N/A" I'd like to extract the field and onl... by mw Splunk Employee in Splunk Search 12-13-2010 0 3	0	3
IIS 6.0 logs (W3C Extended) columns names are shifted one position from the data due to "#Fields: " I am indexing W3C Extended IIS logs and have found that Splunk is extracting column headers from the logs, but due to... by splun88 Engager in Splunk Search 12-11-2010 1 1	1	1
one liner to get list of scheduled searches associated with users How do I get a list of scheduled searches associated with user info. by sanju005ind Communicator in Splunk Search 12-10-2010 3 4	3	4
Field data not displayed I have a CSV table that lists the following fields: date, time, location, received, authorized It looks like this ... by kmattern Builder in Splunk Search 12-10-2010 0 1	0	1
using a different time base on timechart I would like to use a different field than _time as my time base for timechart. I build a stats table, and in it I u... by fk319 Builder in Splunk Search 12-10-2010 1 3	1	3
Help! Summary search process stuck ? I started running the fill_summary_index.py script and my session was interrupted. The summary backfill process neve... by the_wolverine Champion in Splunk Search 12-10-2010 1 3	1	3
Help with outputlookup I am trying to create a lookup table from evenst similar to the following: results\|192.168.2\|192.168.2.183\|microsoft... by jambajuice Communicator in Splunk Search 12-10-2010 0 2	0	2
timechart of running sum How to plot running sums? Eg given events with fields "time host errors", I'd like to do \| timechart accum(errors) ... by jrstear Path Finder in Splunk Search 12-09-2010 0 2	0	2
How do I create a Field for Mac Address? The mac address format for all of my logs is xx:xx:xx:xx:xx:xx AUTHORIZATION-SUCCESS: user: airport; mac: e8:06:88:8... by mayler Path Finder in Splunk Search 12-09-2010 1 2	1	2
Does stats distinct_count have a limit of distinct values it will count? I was working with a search similar to: my_nifty_search_terms \| stats distinct_count(field) by date_hour and notic... by dwaddle SplunkTrust in Splunk Search 12-09-2010 1 1	1	1
Removing fields from _raw or similar I'm trying to rex out a chunk of events, then remove that field from the events prior to piping to the cluster comman... by skippylou Communicator in Splunk Search 12-08-2010 2 2	2	2
Problem getting count(eval(. . . from chart command Trying to emulate example given here, but totals always come up zero. Basic search returns over 1,000 events for a 4 ... by rgcox1 Communicator in Splunk Search 12-08-2010 0 2	0	2
Help on query for user login info. I have file which has a set of all users and roles with the Splunk account.The file name is usermap.csv I am using t... by sanju005ind Communicator in Splunk Search 12-08-2010 0 1	0	1
Opposite of "head" ? I'm trying to find out what the oldest occurrence of an event was - as in, opposite of head. Is there such a command... by the_wolverine Champion in Splunk Search 12-08-2010 1 6	1	6
Calculate time avg time and std deviation between log entries I am trying to average calculate the time between web log entries. If an IP on the network visits the same URL multip... by tradecraft1914 Explorer in Splunk Search 12-08-2010 1 1	1	1
Search on XML Multiple Key Attribute Pairs I am stranded extracting "values" from below xml <SearchElements> <entry key="FirstName">%</entry> <ent... by bansi Path Finder in Splunk Search 12-07-2010 0 3	0	3
Field extraction at index, or use transforms? I am working with the following input and wanted some advice on how/where to specify the field extractions: "\x00\x0... by Toups Explorer in Splunk Search 12-07-2010 0 6	0	6
Creating a dashboard with stacked bar chart of top values I am creating a dashboard with one panel displaying 404 errors. I am able to get this working fine with the followin... by cpenkert Path Finder in Splunk Search 12-07-2010 0 2	0	2
Filter Search results The search result produces output of a column in following format Element[contractId=true,memberId=<null>,name=[Name... by bansi Path Finder in Splunk Search 12-06-2010 0 3	0	3
Help With Regular Expression To Extract Values Between XML Element Tags on Multi-line How to extract values between Elements tag. <DataNode node-type="Contract"> <TransactionAttributes> ... by bansi Path Finder in Splunk Search 12-06-2010 0 6	0	6