Splunk Search

Community Activity

Show time reports for a count search Dear All, I'm doing a search with a summarize count at the end. The search is the following: (eventtype="searchVPN"... by fedevietti New Member in Splunk Search 11-04-2010 0 2	0	2
Conditional-ish Sums This is killing me. I'm trying to sum the bytes crossing my boundary in each direction. For TCP sessions, I have a ... by blurblebot Communicator in Splunk Search 11-04-2010 1 7	1	7
tostring commas on a negative number Hello ALL! x=-241 eval final_x=tostring(x,"commas") It shows [-,241], but it should be [-241]. How could I show t... by flora123 Path Finder in Splunk Search 11-04-2010 2 4	2	4
Compare values in search Hello, I've read through some of the other questions on here to try and find an answer to my question, but i'm still... by gnovak Builder in Splunk Search 11-03-2010 1 4	1	4
Assuming implicit lookup table with filename blah.csv Why do I get this message? Assuming implicit lookup table with filename sidtodn.csv It seemed to me that I was f... by mpatnode Path Finder in Splunk Search 11-03-2010 0 2	0	2
How can I associate and display uncollected user data from a DB2 server with user data collected and parsed in Splunk?? Hello, When performing a search, can Splunk perform a DB2 database lookup of uncollected user data, associate it wit... by jkoepsell Engager in Splunk Search 11-03-2010 1 1	1	1
splunkd - hardcoded pause on directory traversal? Since the rewrite of the tailing processor in 4.1, on the whole it seems much better than previous incarnations, but ... by parallaxed Path Finder in Splunk Search 11-03-2010 0 5	0	5
At the beginning of the search, the Search Inspector indicated that the cursorTime in the year 2038. What does this mean? The Search Inspector indicated that the cursorTime in the year 2038. What does this mean? example from search job in... by rsimmons Splunk Employee in Splunk Search 11-02-2010 1 1	1	1
Relating 2 different fields within a transaction I would like to relate 2 different sourcetypes with a common value for a field. The fields are named differently in e... by ndoshi Splunk Employee in Splunk Search 11-02-2010 1 2	1	2
wildcards and inputs.conf -- directory recursion Trying to understand exactly how directory recursion works in inputs.conf. Specifically, how does /foo/.../.../.log... by Steve_G_ Splunk Employee in Splunk Search 11-02-2010 1 1	1	1
Lookup table from external file for search exclusions possible? I've currently got a summary search setup going against DNS query data that I use to produce a reporting chart of the... by tmeader Contributor in Splunk Search 11-01-2010 0 5	0	5
Search Time interval sourcetype=A earliest=10/21/2010:09:0:0 latest=10/21/2010:09:02:0 OR sourcetype=listener earliest=10/21/2010:08:59:0 ... by grio Engager in Splunk Search 10-31-2010 0 2	0	2
Using " \| reverse" in the command line returns duplicate results? running a this query: splunk search "0e47015c-052f-4235-a25c-cbf3662371ee", returns this... [10/5/10 8:45:01:521 CDT... by rbbelen New Member in Splunk Search 10-31-2010 0 4	0	4
Search by file name? As an admin that's used to searching logs with /bin/less, ? and /, I find the Splunk web interface pretty confusing. ... by dgarstang Engager in Splunk Search 10-31-2010 1 1	1	1
field extraction trouble with forwarders I'm really frustrated and need a sanity check on what I'm doing. I've got an indexer which is deploying apps to seve... by jhedgpeth Path Finder in Splunk Search 10-31-2010 0 4	0	4
Case sensitivity of name, in name=value pairs I would like to do a "stats distinct_count(accountID)" However, some code modules log "accountID=xxxx", while others... by NK_1 Path Finder in Splunk Search 10-29-2010 1 1	1	1
Using stats - how to correlate a value to time of day? Hello, I have an app where I'm splunking a sales price of an item that fluctuates throughout the day. Is there a way... by briang67 Communicator in Splunk Search 10-29-2010 0 3	0	3
How to specify the x axis on the timeline? I have imported a file which has more than one time and date field, splunk is using one of them, however I would like... by cooperuk New Member in Splunk Search 10-29-2010 0 4	0	4
SavedSearch containing $field_name$ Hey, I have written the following code for a form: <form> <label>Combo box test</label> <!-- <... by Ant1D Motivator in Splunk Search 10-29-2010 0 1	0	1
transform negative match I'm trying to send certain events ("IdcServerThread" stuff) to nullQueue unless there's a specific pattern in it (the... by jhedgpeth Path Finder in Splunk Search 10-28-2010 1 1	1	1
How to specify the path of a custom Database, while creating an index using command line Hi I am trying to create an index on the command line as follows (splunk 4.1.4) ./bin/splunk add index indexname -dir... by ajay_hbo Engager in Splunk Search 10-28-2010 1 2	1	2
Question about the PCI Application What is the "stash" sourcetype used for in the application? We're getting two huge spikes of events from that source... by jambajuice Communicator in Splunk Search 10-28-2010 0 3	0	3
Observing Oracle Forms on the net Hi all, I want to do following task with Splunk: I want to monitor and audit if a user or customer touches an Oracl... by simuvid Splunk Employee in Splunk Search 10-28-2010 0 3	0	3
What does "PollableDescriptor:writeWithTimeout failed" error mean? Seeing the following error in LWF splunkd.log every 5 minutes: 10-28-2010 08:37:37.048 WARN NetUtils - PollableDesc... by the_wolverine Champion in Splunk Search 10-28-2010 0 1	0	1
search by specific condition within time range Hello,i would like to search the specific ip attack events within the specific time range for real time,e.g. if the a... by hjwang Contributor in Splunk Search 10-28-2010 0 2	0	2