Splunk Search

Community Activity

complicated subsearches I have jboss logs that print a message size everytime jboss restarts. The message size is different everytime jboss s... by htkhtk Path Finder in Splunk Search 09-30-2010 0 4	0	4
Subsearch on completed (finalized) results If I do a search for something such as: uri="/this/or/that.html" over, say, an hour. Once the search completes (fina... by JohnB Explorer in Splunk Search 09-30-2010 0 3	0	3
multikv field extraction Hello, How do i use multikv to extract fields that have % or / in them ? I'm unable to extract if it has those chara... by pmr Explorer in Splunk Search 09-30-2010 1 2	1	2
Custom fields not always showing up I have a Splunk app that parses some Snort files and assigns some fields to the content. The app works fine from the... by klumpba Engager in Splunk Search 09-29-2010 4 3	4	3
Why is the "diff" search command not reliable for large events containing several hundred lines? When I use the "diff" search command to compare events that contain several hundred lines, I notice that differences ... by hexx Splunk Employee in Splunk Search 09-29-2010 4 2	4	2
How to use "Intention" to add search clauses after the "base search string" I have read the this page about the concept of "Intention" : http://www.splunk.com/base/Splexicon:Intention It say... by leo_wang Path Finder in Splunk Search 09-29-2010 1 5	1	5
Is there a bug in dedup? I have the following query which almost does what I want: sourcetype="cisco_wsa_squid" \| lookup teamlookup cs_userna... by cmeo Contributor in Splunk Search 09-29-2010 0 4	0	4
How can I get the "Splunk for use with AMMAP" to work? For the AMMAP application for the map, I followed the instruction and installed MAXMIND and the AMMAP app, but I can'... by clyde772 Communicator in Splunk Search 09-28-2010 0 6	0	6
Graph only showing partial results I have a chart in a dashboard that shows a graph of paging space usage across all of our hosts. Or at least that's wh... by Branden Builder in Splunk Search 09-28-2010 2 2	2	2
Regex data from its position in string? Hi, I have just installed Splunk as want to get some reports out of a Barracuda Spam firewall we have installed that... by pshankland New Member in Splunk Search 09-28-2010 0 4	0	4
Tar'ing index so that it is distributable to other Splunk instance [1] I would like to know if I can tar an index from a Splunk instance and then untar it into other Splunk instance? ... by Nicholas_Key Splunk Employee in Splunk Search 09-28-2010 0 2	0	2
Averaging Out Count In Graph Every 5 minutes, one of our systems dumps out data on connected users. There is one line per connected user as follow... by sajbutler Path Finder in Splunk Search 09-28-2010 0 7	0	7
timechart vs. streamstats If I do this: index="foo" sourcetype="bar" \| sort _time \| streamstats dc(userid) as dcusers \| delta dcusers as delta... by mctester Communicator in Splunk Search 09-28-2010 1 3	1	3
AccountBar mode options Is there any way to get popup or lite mode AccountBar WITH the logo clickable? This would be very useful for turning ... by cmeo Contributor in Splunk Search 09-27-2010 0 1	0	1
Change column color if over a range Hi all, i need to change the color of a bar of the column chart if the value is higher than a number. How can i do th... by pinzer Path Finder in Splunk Search 09-26-2010 2 1	2	1
Unix Time Math for a Field Hello, I currently am doing a search that uses a unix time as a field. What I want to do, is do something like this... by kholleran Communicator in Splunk Search 09-26-2010 0 2	0	2
Top by a value inside the query Within each record in a query I have two fields, c_ip and cs_bytes which is numeric. How can I get the top 10 c_ip v... by timbCFCA Path Finder in Splunk Search 09-24-2010 1 1	1	1
Purging Extra Source Types & related data? Hello, I have a couple issues. First off, my Splunk server blue screened (yay for Windows!) and now I have a source... by kholleran Communicator in Splunk Search 09-24-2010 0 3	0	3
Eval rounding error too big Hi, I'm getting a big rounding error when evaluating floating expressions. Here is the search that is evaluating the ... by gljiva Path Finder in Splunk Search 09-24-2010 0 1	0	1
Input Latitude & Longtitude directly Dear ziegfried, Firstly, I really like your Google Maps App. but I have question about input. When I search with geo... by materaj New Member in Splunk Search 09-24-2010 0 3	0	3
extracting a data field I have one event viewer log and I'm tryng to capture the data fields, since Splunk cannot recognize the timstamp by i... by Caio_Santos Path Finder in Splunk Search 09-24-2010 1 2	1	2
How to draw a complex column chart Hi, Splunk noob question: I defined and saved 3 searches: a. Users visiting my page. b. Users attempting to do acti... by barryv Explorer in Splunk Search 09-23-2010 0 2	0	2
Generate report of top n search queries I'd like to generate a report of N top search queries from my apache weblogs. Log entry for a search looks like: 1... by staze Path Finder in Splunk Search 09-23-2010 0 5	0	5
stats sum(duration) by user date_month date_year - Not really Addition of duration? Splunkers... I am looking at a VPN logs from a Cisco ASA and trying to calculate the amount of time per day per user ... by starks951 Explorer in Splunk Search 09-23-2010 0 4	0	4
How to put SearchBar & HiddenSearch module to work together ? Hello, I want to design an Form Seach which has a SearchBar on it to let user input their search keyords. And in thi... by leo_wang Path Finder in Splunk Search 09-23-2010 1 2	1	2