Splunk Search

Community Activity

List sum of fields across events This seems like it would be easy. Maybe it is, and I'm being thick today.  Log lines look like ... server1 qs_queu... by twinspop Influencer in Splunk Search 09-23-2010 1 2	1	2
Monitor a file or directory indexing no longer working The "monitor a file or directory" data input option is no longer working. When I add a new file this way, the source ... by hoffmandirt Explorer in Splunk Search 09-22-2010 0 1	0	1
Charting values from performance record I've got a log file that contains, time, controller, and CPU % used. I need to create a time chart that plots the CPU... by snowmizer Communicator in Splunk Search 09-22-2010 0 3	0	3
Search results not displayed when using certain fields in the initial search string This is probably pretty straightforward but on my search head the following will not return any results: index=train... by Blu3fish Path Finder in Splunk Search 09-21-2010 1 1	1	1
Having REGEX Problems Sorry for the cross post but after posting i saw a recommendation to use this forum instead of splunk.com I am havin... by usersnation Explorer in Splunk Search 09-21-2010 1 6	1	6
Crossing multivalued fields Got the following: One field with 4 types of values/functions and another field that is the status of those functions... by Caio_Santos Path Finder in Splunk Search 09-21-2010 0 2	0	2
startminutesago/endminutesago vs earliest/latest I know that from version 4 onward, use of the earliest and latest time parameters are preferred over the older startm... by southeringtonp Motivator in Splunk Search 09-21-2010 1 1	1	1
External lookups: lookup not found error I'm following the instructions here and can't get it to even recognize the lookup. Did I miss something? My transfor... by twinspop Influencer in Splunk Search 09-21-2010 1 8	1	8
Search with 3 fields and count I'm trying to create a table which shows the following: - Domain Client_IP Client_User Cou... by manwin Path Finder in Splunk Search 09-21-2010 0 4	0	4
Bucket Search Command Question Hey, How would I go about writing a search that is able to show me how many events are found in a particular index (... by Ant1D Motivator in Splunk Search 09-21-2010 0 6	0	6
help to capture with rex an event hello everybody, following is the event that i'm trying to capture with rex. [2010-08-05 17:51:11,661][info] INFO c... by Caio_Santos Path Finder in Splunk Search 09-20-2010 0 8	0	8
Adding intention to second drilldown search Hi, I've got the advanced view below, which has the aim of producing a search-by-domain page for some Apache-like lo... by blinken Explorer in Splunk Search 09-20-2010 3 4	3	4
Stop search when user leaves dashboard Hi, I'm sure I've come across it, but I didn't bookmark at the time. What is the parameter to stop the search behin... by garfieldconnoll Explorer in Splunk Search 09-19-2010 3 1	3	1
What does a anomalies command report mean when giving error: A separating field was not found, carring on without it. The anomalies command reports this error: "A separating field was not found. Carrying on without it." What does that... by rsimmons Splunk Employee in Splunk Search 09-17-2010 0 2	0	2
Which is better NOT or != Here are two searches that are the same. NOT FIELD="value" FIELD!="value" Which should be used? Is this just a per... by skeetermurphy Engager in Splunk Search 09-17-2010 9 2	9	2
On the Fly KV Generation for Search Language Testing I am hacking away at some searches, and having some difficulties with strings and ints. I would like to set up some ... by muebel SplunkTrust in Splunk Search 09-17-2010 1 1	1	1
Searching for large groups of hosts (or any other field), i.e. host=box[100-200].domain.com Hi, We want to search for hundreds of hosts at a time. The question is similar to these: http://answers.splunk.com/... by parallaxed Path Finder in Splunk Search 09-17-2010 0 10	0	10
Extracting fields for a report with regex not working Hi I'm trying to "extract fields" with regular expressions for a specific position on a comma separated log file tha... by henrikb New Member in Splunk Search 09-17-2010 0 2	0	2
Create charts from SNMP Counter data type I am collecting snmpget data from a SAN switch. A few of the SNMP elements use counters where I get the accumalated v... by rasingh Path Finder in Splunk Search 09-16-2010 2 7	2	7
Counting Your searches Is there anyway to count the number of searches ran on an indexer in a 24 hour period? by carmackd Communicator in Splunk Search 09-16-2010 0 2	0	2
Google map set default search? Hi, how to set default search string for Google map splunk app so that when app is opened default search is run and d... by gljiva Path Finder in Splunk Search 09-16-2010 0 4	0	4
working with large data sets, seem to be hitting limits I have what I think is a routine problem, but I don't know how to solve it. I have a log file that has mixed content... by richard_whiffen Explorer in Splunk Search 09-16-2010 4 3	4	3
Windows 2003 64Bit version of Flash V9 or V10 I have installed the 64 bit version of splunk onto a 2003 64 bit OS. It is asking me to install flash 9 or better....... by berniefieldhous Engager in Splunk Search 09-16-2010 0 2	0	2
Slow Search Performance on AIX Hello everybody, I just started with Splunk and I ‘am having already some large performance problems. my System : *... by Christian Path Finder in Splunk Search 09-16-2010 1 16	1	16
Why can't I search for my extracted field? I have a store field brought in by a scripted lookup. it shows up when i do a search for sourcetype=foo, I can even s... by mctester Communicator in Splunk Search 09-16-2010 2 2	2	2