Splunk Search

Community Activity

Is it possible to extract a field from a transaction event? My field extraction doesn't appear to work in my transaction event. Does Splunk just combine all the various fields ... by the_wolverine Champion in Splunk Search 10-22-2010 2 1	2	1
Lookup table Limits Is there a row or column limit for a lookup table. I currently have a lookup that has 25 columns, and 350k rows, whi... by carmackd Communicator in Splunk Search 10-22-2010 0 9	0	9
How do you change the legend value Outside of renaming(aliasing) the actual field, can you also rename the entire content of the history for charting? ... by BunnyHop Contributor in Splunk Search 10-22-2010 0 1	0	1
Pie chart drilldown help Hi all, i need to change the search query when clicking on a slice of the pie chart. I need to add "\| where " to the ... by pinzer Path Finder in Splunk Search 10-21-2010 1 2	1	2
Need a search string to find MB indexed per 24 hour by a specific host Need a search string to find MB indexed per 24 hour by a specific host. Can someone send an example? by nls21 Explorer in Splunk Search 10-21-2010 0 3	0	3
How to get to a working example of the Map Command? I am trying: name=foo minutesago=1 \| head 1000 \| dedup host \| stats list(host) as list \| map search="search host=$li... by muebel SplunkTrust in Splunk Search 10-21-2010 3 2	3	2
Searches Require Wildcards I have two Splunk 4.1.3 instances that index the same data. Some searches work on one instance but not the other. The... by Jason_S Path Finder in Splunk Search 10-21-2010 0 4	0	4
Splunk indexes some events several times? In some of our indexed logs, I'll see several log entries for the same log at the same time. I thought this may be an... by cfortune Explorer in Splunk Search 10-21-2010 0 2	0	2
Need non-Flash version of charting An HTML5 alternative to chart rendering is needed. Monitoring from an iPad, for example, is impossible without it. ... by nsxdavid Engager in Splunk Search 10-21-2010 2 2	2	2
xferlog query to get top sites Good Afternoon, I have indexed my xferlogs from my FTP server and I would like to run a query of the top sites acces... by gmhp New Member in Splunk Search 10-21-2010 0 1	0	1
How to get the "splunk" command working with Windows 2008 and UAC? This may be more of a Windows UAC question than a splunk question, but I'm guessing that others are going to be runni... by Lowell Super Champion in Splunk Search 10-20-2010 1 5	1	5
Field Extraction Mystery Hey, I would like to use field extraction at search time to do the following: My source field in Splunk contains fi... by Ant1D Motivator in Splunk Search 10-20-2010 0 6	0	6
Cached search results Hi, I am using time consuming searches and i was wondering if and how is it possible to run the searches in advance ... by Eldad Explorer in Splunk Search 10-19-2010 4 2	4	2
Using search regex fails when the fieldname is a number So i have this regex: \| regex sy="\S{4,10}" which works fine. I'm telling it to match only on non-whitespace char... by nnachefski Engager in Splunk Search 10-19-2010 0 1	0	1
Matching events icon Hey, I have a question about the following icon shown in the image below: This icon is usually shown after you ex... by Ant1D Motivator in Splunk Search 10-19-2010 0 2	0	2
Search with XPath Hi I am having a problem searching an xml formated event. So basically I have an event that looks like this: <?xml v... by gallantalex Path Finder in Splunk Search 10-19-2010 1 6	1	6
Splunk duplicating events every time file changes I have created a directory to store log files that I pull from a remote machine. I use a cronjob to pull every x min... by bitbuck3t New Member in Splunk Search 10-19-2010 0 2	0	2
Will Splunk index events older than 1970/1/1 ? as Title , I have many events older than 1970/1/1 , Splunk doesn't index those events (I have modified max_days_ago=1... by dmlee Communicator in Splunk Search 10-19-2010 2 3	2	3
FieldAlias Setup I'm trying to setup Fieldalias and not getting desire results. Here is what I have put into the props.conf file. ... by wildbill4 Path Finder in Splunk Search 10-19-2010 1 5	1	5
Rounding Decimal Places Hi, I have the following \| chart eval(sum(Failed)/sum(TotalEvents)*100) AS PercentFailed I would like to round the... by cramasta Builder in Splunk Search 10-18-2010 3 2	3	2
Control number of sources with rotated logfiles I am monitoring a dir with rotating logs, ( fi /depot/logs/ ) how can I control the source name, and avoid zillions o... by Starlette Contributor in Splunk Search 10-18-2010 1 6	1	6
Log data source received but only some of it searchable I have an odd issue occurring. Essentially I have a high volume log source which is getting picked up by a Splunk for... by pj Contributor in Splunk Search 10-18-2010 0 4	0	4
rename error in search Hi all , i'm working on this query: sourcetype="webseal_access" OR sourcetype="wmi:wineventlog:security" \| rename So... by pinzer Path Finder in Splunk Search 10-18-2010 0 1	0	1
Is that possible to use HiddenPostProcess work with SearchBar module ? As title. I want to design a search page that showing the search results ( like flashtimeline ) and one or two stati... by leo_wang Path Finder in Splunk Search 10-15-2010 1 1	1	1
How can I use mvexpand and mvcombine such that they don't crush other multivalued fields too? I have a situation where I have two multi-valued fields in my data, and i want to call mvexpand on ONE of the fields ... by sideview SplunkTrust in Splunk Search 10-15-2010 2 1	2	1