Splunk Search

Community Activity

Pie chart drilldown help Hi all, i need to change the search query when clicking on a slice of the pie chart. I need to add "\| where " to the ... by pinzer Path Finder in Splunk Search 10-21-2010 1 2	1	2
Need a search string to find MB indexed per 24 hour by a specific host Need a search string to find MB indexed per 24 hour by a specific host. Can someone send an example? by nls21 Explorer in Splunk Search 10-21-2010 0 3	0	3
How to get to a working example of the Map Command? I am trying: name=foo minutesago=1 \| head 1000 \| dedup host \| stats list(host) as list \| map search="search host=$li... by muebel SplunkTrust in Splunk Search 10-21-2010 3 2	3	2
Searches Require Wildcards I have two Splunk 4.1.3 instances that index the same data. Some searches work on one instance but not the other. The... by Jason_S Path Finder in Splunk Search 10-21-2010 0 4	0	4
Splunk indexes some events several times? In some of our indexed logs, I'll see several log entries for the same log at the same time. I thought this may be an... by cfortune Explorer in Splunk Search 10-21-2010 0 2	0	2
Need non-Flash version of charting An HTML5 alternative to chart rendering is needed. Monitoring from an iPad, for example, is impossible without it. ... by nsxdavid Engager in Splunk Search 10-21-2010 2 2	2	2
xferlog query to get top sites Good Afternoon, I have indexed my xferlogs from my FTP server and I would like to run a query of the top sites acces... by gmhp New Member in Splunk Search 10-21-2010 0 1	0	1
How to get the "splunk" command working with Windows 2008 and UAC? This may be more of a Windows UAC question than a splunk question, but I'm guessing that others are going to be runni... by Lowell Super Champion in Splunk Search 10-20-2010 1 5	1	5
Field Extraction Mystery Hey, I would like to use field extraction at search time to do the following: My source field in Splunk contains fi... by Ant1D Motivator in Splunk Search 10-20-2010 0 6	0	6
Cached search results Hi, I am using time consuming searches and i was wondering if and how is it possible to run the searches in advance ... by Eldad Explorer in Splunk Search 10-19-2010 4 2	4	2
Using search regex fails when the fieldname is a number So i have this regex: \| regex sy="\S{4,10}" which works fine. I'm telling it to match only on non-whitespace char... by nnachefski Engager in Splunk Search 10-19-2010 0 1	0	1
Matching events icon Hey, I have a question about the following icon shown in the image below: This icon is usually shown after you ex... by Ant1D Motivator in Splunk Search 10-19-2010 0 2	0	2
Search with XPath Hi I am having a problem searching an xml formated event. So basically I have an event that looks like this: <?xml v... by gallantalex Path Finder in Splunk Search 10-19-2010 1 6	1	6
Splunk duplicating events every time file changes I have created a directory to store log files that I pull from a remote machine. I use a cronjob to pull every x min... by bitbuck3t New Member in Splunk Search 10-19-2010 0 2	0	2
Will Splunk index events older than 1970/1/1 ? as Title , I have many events older than 1970/1/1 , Splunk doesn't index those events (I have modified max_days_ago=1... by dmlee Communicator in Splunk Search 10-19-2010 2 3	2	3
FieldAlias Setup I'm trying to setup Fieldalias and not getting desire results. Here is what I have put into the props.conf file. ... by wildbill4 Path Finder in Splunk Search 10-19-2010 1 5	1	5
Rounding Decimal Places Hi, I have the following \| chart eval(sum(Failed)/sum(TotalEvents)*100) AS PercentFailed I would like to round the... by cramasta Builder in Splunk Search 10-18-2010 3 2	3	2
Control number of sources with rotated logfiles I am monitoring a dir with rotating logs, ( fi /depot/logs/ ) how can I control the source name, and avoid zillions o... by Starlette Contributor in Splunk Search 10-18-2010 1 6	1	6
Log data source received but only some of it searchable I have an odd issue occurring. Essentially I have a high volume log source which is getting picked up by a Splunk for... by pj Contributor in Splunk Search 10-18-2010 0 4	0	4
rename error in search Hi all , i'm working on this query: sourcetype="webseal_access" OR sourcetype="wmi:wineventlog:security" \| rename So... by pinzer Path Finder in Splunk Search 10-18-2010 0 1	0	1
Is that possible to use HiddenPostProcess work with SearchBar module ? As title. I want to design a search page that showing the search results ( like flashtimeline ) and one or two stati... by leo_wang Path Finder in Splunk Search 10-15-2010 1 1	1	1
How can I use mvexpand and mvcombine such that they don't crush other multivalued fields too? I have a situation where I have two multi-valued fields in my data, and i want to call mvexpand on ONE of the fields ... by sideview SplunkTrust in Splunk Search 10-15-2010 2 1	2	1
Which value does the dedup command keep? I am running the dedup command for my ip_address field and I want to know the value returned by the command. Is it t... by Simeon Splunk Employee in Splunk Search 10-15-2010 2 1	2	1
comparing files Hi, I have three files having similar information, namely: First Names, Second Names, Identification number, so I ne... by thinman Explorer in Splunk Search 10-14-2010 0 3	0	3
Search query with the field of a search like the one on another search Hi all, i need to take the events from this search sourcetype="wmi:wineventlog:security" that have the field Sourc... by pinzer Path Finder in Splunk Search 10-14-2010 0 1	0	1