Splunk Search

Community Activity

Unable to use results of Streamstats I'm dealing with some web logs, and have generated statistics on how long a certain user stayed on a certain page by ... by Jason Motivator in Splunk Search 10-06-2010 1 4	1	4
handling large amount of csv files as input and rename sourcetype as well as specify header I have a monitored folder on a splunk server where i place specific types of information in a subfolder where scripts... by dominiquevocat SplunkTrust in Splunk Search 10-06-2010 0 3	0	3
two lines merged in one Hi. I have 2 events merged in one, they are the only two, the rest lines are perfectly shown. The interesting thing ... by jmnicolino New Member in Splunk Search 10-06-2010 0 3	0	3
avg of number of events Hi all, i need to count the event of today and compare with the average of the last month daily count by dest. I'm us... by pinzer Path Finder in Splunk Search 10-06-2010 0 1	0	1
examples of searches to capture network thruput Do you have any examples of searches capturing network thruput? by Kendrick33 Explorer in Splunk Search 10-05-2010 0 4	0	4
Data Extraction in Search Form Here is what I have - 2010-10-05T12:37:55-05:00 xxx.xxx.xxx.xxx [lpr.info] SERVERNAME: Scan ID: 1283612407,Begin: 2... by twgtech New Member in Splunk Search 10-05-2010 0 5	0	5
Best way to search using a lookup table? I'm running a search across a bunch of data, say web logs, that has a lot of different src_ips. I make a lookup of a... by Jason Motivator in Splunk Search 10-05-2010 0 2	0	2
How do I navigate forward in the timeline? For example, the timeline is showing 07:59:00 to 08:00:00 (I'm using "reverse"). When I "zoom out" it goes in the wr... by sspalding New Member in Splunk Search 10-05-2010 0 2	0	2
Command or search to list index statistics? We've disabled the UI for our indexers so don't have access to the manager UI for them. The search head UI only show... by the_wolverine Champion in Splunk Search 10-04-2010 1 4	1	4
How do you increase the duration that a search sticks around the server? I have alerts that send email to people. These emails contain a link to the search on the splunk server. Often, whe... by muebel SplunkTrust in Splunk Search 10-04-2010 3 3	3	3
Chart count by Duration and User name I have pulled VPN logs and I'd like to report on the duration that a user has used the VPN tunnel. I have found the ... by strueblood Explorer in Splunk Search 10-04-2010 0 6	0	6
SET UNION problem with time reporting Dear All, I'm doing a search with a set UNION, like this: \| SET UNION [SEARCH FOO \| FIELDS fields IP, count] [ SEA... by pinzer Path Finder in Splunk Search 10-04-2010 0 5	0	5
SEDCMD and metadata values Hello, please, I would like to know if the SEDCMD command is able to change metadata values like host, source and sou... by cafissimo Communicator in Splunk Search 10-04-2010 1 1	1	1
add oneshot with host segment Hi there, I need to re-index some data. In inputs.conf, host_segment parameter is configured as follows: host_segm... by melonman Motivator in Splunk Search 10-02-2010 1 8	1	8
hostname extraction regex Can someone please help me with a regex to extract the host name from a filename. I've got two different file naming... by carmackd Communicator in Splunk Search 10-01-2010 0 2	0	2
looking for unknown but equal field values across single search I'm doing a search for invalid logons for our vpn logs. But I want the search results to return when the invalid atte... by aanetserv New Member in Splunk Search 10-01-2010 0 2	0	2
CSV files with variable fields I want to gobble in CSV files containing numeric data. Each file will have between 500 and 150,000 fields. (Yes that'... by l0r3zz New Member in Splunk Search 10-01-2010 0 8	0	8
Populating a summary index with transactions while preserving fields. I have the following search which I would like to use to populate a summary index for reporting (run every 30 minutes... by cudgel Path Finder in Splunk Search 10-01-2010 1 4	1	4
One TimeRangePicker for all charts - modules Hey, The answer to this question will be very useful to know  I have an advanced dashboard with a few charts (1 co... by Ant1D Motivator in Splunk Search 10-01-2010 2 4	2	4
Troubleshooting inputs.conf In Windows I have the following in the Inputs.conf: [monitor://C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQ... by Kyle_Brandt Path Finder in Splunk Search 10-01-2010 0 5	0	5
How do I turn off highlighting? I have a search that pipes to another search, and this search is highlighting the results. I do not want the highligh... by ericrobinson Path Finder in Splunk Search 09-30-2010 10 4	10	4
Given two fields, how can i create a third field whose name is the first value and whose value is the second? I have a dataset where the rows in my search results all have a 'value' field, and there's another field that specif... by sideview SplunkTrust in Splunk Search 09-30-2010 5 4	5	4
Reporting on zero results? In order to identify web content that hasn't been pulled in a while, I thought I would use Splunk since a) my Apache ... by Brian_Osburn Builder in Splunk Search 09-30-2010 3 4	3	4
Dynamic Sourcetype Extraction We're trying to set up a dynamic sourcetype extraction at index time. The reason for this is that we have about 40-50... by mattcg Explorer in Splunk Search 09-30-2010 2 2	2	2
Splunking traditional IT + Telco devices/systems/infrastructure I don’t have any background in Telco world, I’m so blank about it, Telco people asked this many times, is it possib... by donnylie Explorer in Splunk Search 09-30-2010 0 1	0	1