Splunk Search

Community Activity

What does it mean for a custom search command to be streamable? The commands.conf parameters are not super well-documented online or in the spec file. From the spec file: streamin... by hulahoop Splunk Employee in Splunk Search 10-28-2010 1 2	1	2
What are the OS requirements Let's say for 2 management servers for redundancy indexing 1gb a day. choices are Linux RH 5.4 Solaris 10 Window 20... by jhallman Explorer in Splunk Search 10-28-2010 0 1	0	1
How do you organize searches in Splunk? Hello, We have been creating a lot of searches lately, and would like a way to organize them into submenus. I tried... by merritsa Path Finder in Splunk Search 10-27-2010 1 12	1	12
Sort Fields in Charts I have the following chart: City/Day \| Friday \| Monday \| Thursday \| Tuesday \| Wednesday Chicago \| Yes \| Yes ... by wyang6 Path Finder in Splunk Search 10-27-2010 2 3	2	3
Lookups - How to limit/eliminate multiple matches Hi We have a automatic csv lookup for a specific source, for the host field. Some hosts will have the lookup field... by chris Motivator in Splunk Search 10-27-2010 1 4	1	4
Form vs. View for Multiple Result Sets Hi, My event data consists of HTTP requests. My goal is to build a view that includes: 1) A drop down to choose a Ho... by Eldad Explorer in Splunk Search 10-27-2010 0 1	0	1
chart over query string Hi guys, I have an apache log. I want to be able to chart the count of occurances of a particular query string in th... by chixor New Member in Splunk Search 10-27-2010 0 2	0	2
How to move uploaded file to directory splunk is monitoring? My splunk instance monitored the directory where proxy server upload compressed access log to via ftp. However my spl... by Takajian Builder in Splunk Search 10-27-2010 0 1	0	1
Problem with Stacked Area Chart I have a stacked area chart set up with advanced XML that is giving me an issue with mouseovers. The displayed chart... by blurblebot Communicator in Splunk Search 10-26-2010 0 1	0	1
Splunk Configuration that you Would Like to Do, but Haven't had the Time? Splunk is very flexible... maybe too flexible? What is that one thing that you have been wanting to do, maybe have b... by muebel SplunkTrust in Splunk Search 10-26-2010 0 4	0	4
Timechart already bucketed logs I have a query in which I use bucket to remove some duplicates at certain intervals. I am now trying to timechart th... by christopherutz Path Finder in Splunk Search 10-26-2010 0 3	0	3
Are lookup tables indexed? So how does splunk handle static lookup tables, are they indexed? max_memtable_bytes = * maximum size of static lo... by carmackd Communicator in Splunk Search 10-26-2010 4 3	4	3
match data from 2 queries I have some log entries that look like this: (note the brackets ARE in my logs) [10/25/2010] [10:25:31.817] [SCAN_H... by mcafeesecure Explorer in Splunk Search 10-26-2010 0 1	0	1
When posting setup.xml data to a custom endpoint, is it possible to make EAI calls that are properly authenticated and namespaced? My problem seems very similar to http://answers.splunk.com/questions/4175/redirects-before-and-after-our-apps-setup-... by sideview SplunkTrust in Splunk Search 10-25-2010 1 3	1	3
Automatic hostname configuration? In regard to > http://answers.splunk.com/questions/794/how-to-change-hostname-of-a-splunk-server My question is why ... by tkrn Engager in Splunk Search 10-25-2010 0 1	0	1
Multiple events returned in a single transaction - possible to create a single row in a table/csv file? I've got a transaction that returns 2 events. Originally these are 3 events but the transaction has combined 2 of th... by the_wolverine Champion in Splunk Search 10-25-2010 0 2	0	2
Two earliest queries - want search to pick based upon newest I have a query where I need to determine the earliest time I want events from.. It is either (1) The last time jboss ... by htkhtk Path Finder in Splunk Search 10-23-2010 1 1	1	1
What is the best way to show sparse concurrent transaction counts? I'm trying to report on concurrent SSL VPN sessions over time on an F5 APM device. I've defined the fields and the tr... by zentish New Member in Splunk Search 10-22-2010 0 2	0	2
Is it possible to extract a field from a transaction event? My field extraction doesn't appear to work in my transaction event. Does Splunk just combine all the various fields ... by the_wolverine Champion in Splunk Search 10-22-2010 2 1	2	1
Lookup table Limits Is there a row or column limit for a lookup table. I currently have a lookup that has 25 columns, and 350k rows, whi... by carmackd Communicator in Splunk Search 10-22-2010 0 9	0	9
How do you change the legend value Outside of renaming(aliasing) the actual field, can you also rename the entire content of the history for charting? ... by BunnyHop Contributor in Splunk Search 10-22-2010 0 1	0	1
Pie chart drilldown help Hi all, i need to change the search query when clicking on a slice of the pie chart. I need to add "\| where " to the ... by pinzer Path Finder in Splunk Search 10-21-2010 1 2	1	2
Need a search string to find MB indexed per 24 hour by a specific host Need a search string to find MB indexed per 24 hour by a specific host. Can someone send an example? by nls21 Explorer in Splunk Search 10-21-2010 0 3	0	3
How to get to a working example of the Map Command? I am trying: name=foo minutesago=1 \| head 1000 \| dedup host \| stats list(host) as list \| map search="search host=$li... by muebel SplunkTrust in Splunk Search 10-21-2010 3 2	3	2
Searches Require Wildcards I have two Splunk 4.1.3 instances that index the same data. Some searches work on one instance but not the other. The... by Jason_S Path Finder in Splunk Search 10-21-2010 0 4	0	4