Splunk Search

Community Activity

Need non-Flash version of charting An HTML5 alternative to chart rendering is needed. Monitoring from an iPad, for example, is impossible without it. ... by nsxdavid Engager in Splunk Search 10-21-2010 2 2	2	2
xferlog query to get top sites Good Afternoon, I have indexed my xferlogs from my FTP server and I would like to run a query of the top sites acces... by gmhp New Member in Splunk Search 10-21-2010 0 1	0	1
How to get the "splunk" command working with Windows 2008 and UAC? This may be more of a Windows UAC question than a splunk question, but I'm guessing that others are going to be runni... by Lowell Super Champion in Splunk Search 10-20-2010 1 5	1	5
Field Extraction Mystery Hey, I would like to use field extraction at search time to do the following: My source field in Splunk contains fi... by Ant1D Motivator in Splunk Search 10-20-2010 0 6	0	6
Cached search results Hi, I am using time consuming searches and i was wondering if and how is it possible to run the searches in advance ... by Eldad Explorer in Splunk Search 10-19-2010 4 2	4	2
Using search regex fails when the fieldname is a number So i have this regex: \| regex sy="\S{4,10}" which works fine. I'm telling it to match only on non-whitespace char... by nnachefski Engager in Splunk Search 10-19-2010 0 1	0	1
Matching events icon Hey, I have a question about the following icon shown in the image below: This icon is usually shown after you ex... by Ant1D Motivator in Splunk Search 10-19-2010 0 2	0	2
Search with XPath Hi I am having a problem searching an xml formated event. So basically I have an event that looks like this: <?xml v... by gallantalex Path Finder in Splunk Search 10-19-2010 1 6	1	6
Splunk duplicating events every time file changes I have created a directory to store log files that I pull from a remote machine. I use a cronjob to pull every x min... by bitbuck3t New Member in Splunk Search 10-19-2010 0 2	0	2
Will Splunk index events older than 1970/1/1 ? as Title , I have many events older than 1970/1/1 , Splunk doesn't index those events (I have modified max_days_ago=1... by dmlee Communicator in Splunk Search 10-19-2010 2 3	2	3
FieldAlias Setup I'm trying to setup Fieldalias and not getting desire results. Here is what I have put into the props.conf file. ... by wildbill4 Path Finder in Splunk Search 10-19-2010 1 5	1	5
Rounding Decimal Places Hi, I have the following \| chart eval(sum(Failed)/sum(TotalEvents)*100) AS PercentFailed I would like to round the... by cramasta Builder in Splunk Search 10-18-2010 3 2	3	2
Control number of sources with rotated logfiles I am monitoring a dir with rotating logs, ( fi /depot/logs/ ) how can I control the source name, and avoid zillions o... by Starlette Contributor in Splunk Search 10-18-2010 1 6	1	6
Log data source received but only some of it searchable I have an odd issue occurring. Essentially I have a high volume log source which is getting picked up by a Splunk for... by pj Contributor in Splunk Search 10-18-2010 0 4	0	4
rename error in search Hi all , i'm working on this query: sourcetype="webseal_access" OR sourcetype="wmi:wineventlog:security" \| rename So... by pinzer Path Finder in Splunk Search 10-18-2010 0 1	0	1
Is that possible to use HiddenPostProcess work with SearchBar module ? As title. I want to design a search page that showing the search results ( like flashtimeline ) and one or two stati... by leo_wang Path Finder in Splunk Search 10-15-2010 1 1	1	1
How can I use mvexpand and mvcombine such that they don't crush other multivalued fields too? I have a situation where I have two multi-valued fields in my data, and i want to call mvexpand on ONE of the fields ... by sideview SplunkTrust in Splunk Search 10-15-2010 2 1	2	1
Which value does the dedup command keep? I am running the dedup command for my ip_address field and I want to know the value returned by the command. Is it t... by Simeon Splunk Employee in Splunk Search 10-15-2010 2 1	2	1
comparing files Hi, I have three files having similar information, namely: First Names, Second Names, Identification number, so I ne... by thinman Explorer in Splunk Search 10-14-2010 0 3	0	3
Search query with the field of a search like the one on another search Hi all, i need to take the events from this search sourcetype="wmi:wineventlog:security" that have the field Sourc... by pinzer Path Finder in Splunk Search 10-14-2010 0 1	0	1
using a batch file or executable as a source of search information I would like to execute an .exe or .bat file on a windows box and use the stdout as the results in a search. How can ... by Keith_Holme Engager in Splunk Search 10-14-2010 0 2	0	2
How can I tune the splunk flash chart drawing? Hi there, I have a chart that takes 15+ sec to draw area graph after loading completed. Loading data can be tuned by... by melonman Motivator in Splunk Search 10-14-2010 0 3	0	3
Application with tables with parameters for the inline search? Hello, I am building a small splunk app and I have a dashboard that has many tables with inline searches like this: ... by feniix New Member in Splunk Search 10-14-2010 0 1	0	1
Transform to switch source field path separator from "/" to "\" I am trying to transform the source field from using Unix path separator (/) to Windows path separator (\). For exam... by mjohanne Explorer in Splunk Search 10-13-2010 1 4	1	4
Wildcards with inputs.conf I've read over documentation with inputs.conf and was wondering if I have the correct solution to this issue. On man... by gnovak Builder in Splunk Search 10-13-2010 2 11	2	11