Splunk Search

Community Activity

How do I return the time of the first event from a specific host in the main index? Need to determine the date and time of when a specific host first logged to Splunk ... by MikeyG Explorer in Splunk Search 10-08-2010 0 2	0	2
rangemap command Hello I have a question about the rangemap command In this example, I can define colors for various alert values \|... by RobertRi Communicator in Splunk Search 10-08-2010 1 1	1	1
How can I keep only n% of results from a search? I have a set of web page performance measurements spanning quite some time, generated by an external monitoring provi... by nonspecialist New Member in Splunk Search 10-08-2010 0 2	0	2
How do I localize date_mday? When I use chart using date_mday as a parameter, it is in GMT. Is there any way to make this the date for my local ti... by zzztimbo Engager in Splunk Search 10-07-2010 1 2	1	2
How do I convert my hex/oct field into a decimal value? I have a bunch of hexadecimal and/or octadecimal fields in my events. How do I convert these fields into normal deci... by Lowell Super Champion in Splunk Search 10-07-2010 2 1	2	1
Converting a field value from Hexadecimal to Decimal... This may end up being a dumb question, but my regex/sed mojo is not strong today... I have 2 log files monitored tha... by Steve_Litras Path Finder in Splunk Search 10-07-2010 1 4	1	4
REGEX help on field extraction? Hi, I am trying to extract fields from events and here are the sample events: AUD_Proc user1 OK T... by remy06 Contributor in Splunk Search 10-07-2010 0 5	0	5
Unable to use results of Streamstats I'm dealing with some web logs, and have generated statistics on how long a certain user stayed on a certain page by ... by Jason Motivator in Splunk Search 10-06-2010 1 4	1	4
handling large amount of csv files as input and rename sourcetype as well as specify header I have a monitored folder on a splunk server where i place specific types of information in a subfolder where scripts... by dominiquevocat SplunkTrust in Splunk Search 10-06-2010 0 3	0	3
two lines merged in one Hi. I have 2 events merged in one, they are the only two, the rest lines are perfectly shown. The interesting thing ... by jmnicolino New Member in Splunk Search 10-06-2010 0 3	0	3
avg of number of events Hi all, i need to count the event of today and compare with the average of the last month daily count by dest. I'm us... by pinzer Path Finder in Splunk Search 10-06-2010 0 1	0	1
examples of searches to capture network thruput Do you have any examples of searches capturing network thruput? by Kendrick33 Explorer in Splunk Search 10-05-2010 0 4	0	4
Data Extraction in Search Form Here is what I have - 2010-10-05T12:37:55-05:00 xxx.xxx.xxx.xxx [lpr.info] SERVERNAME: Scan ID: 1283612407,Begin: 2... by twgtech New Member in Splunk Search 10-05-2010 0 5	0	5
Best way to search using a lookup table? I'm running a search across a bunch of data, say web logs, that has a lot of different src_ips. I make a lookup of a... by Jason Motivator in Splunk Search 10-05-2010 0 2	0	2
How do I navigate forward in the timeline? For example, the timeline is showing 07:59:00 to 08:00:00 (I'm using "reverse"). When I "zoom out" it goes in the wr... by sspalding New Member in Splunk Search 10-05-2010 0 2	0	2
Command or search to list index statistics? We've disabled the UI for our indexers so don't have access to the manager UI for them. The search head UI only show... by the_wolverine Champion in Splunk Search 10-04-2010 1 4	1	4
How do you increase the duration that a search sticks around the server? I have alerts that send email to people. These emails contain a link to the search on the splunk server. Often, whe... by muebel SplunkTrust in Splunk Search 10-04-2010 3 3	3	3
Chart count by Duration and User name I have pulled VPN logs and I'd like to report on the duration that a user has used the VPN tunnel. I have found the ... by strueblood Explorer in Splunk Search 10-04-2010 0 6	0	6
SET UNION problem with time reporting Dear All, I'm doing a search with a set UNION, like this: \| SET UNION [SEARCH FOO \| FIELDS fields IP, count] [ SEA... by pinzer Path Finder in Splunk Search 10-04-2010 0 5	0	5
SEDCMD and metadata values Hello, please, I would like to know if the SEDCMD command is able to change metadata values like host, source and sou... by cafissimo Communicator in Splunk Search 10-04-2010 1 1	1	1
add oneshot with host segment Hi there, I need to re-index some data. In inputs.conf, host_segment parameter is configured as follows: host_segm... by melonman Motivator in Splunk Search 10-02-2010 1 8	1	8
hostname extraction regex Can someone please help me with a regex to extract the host name from a filename. I've got two different file naming... by carmackd Communicator in Splunk Search 10-01-2010 0 2	0	2
looking for unknown but equal field values across single search I'm doing a search for invalid logons for our vpn logs. But I want the search results to return when the invalid atte... by aanetserv New Member in Splunk Search 10-01-2010 0 2	0	2
CSV files with variable fields I want to gobble in CSV files containing numeric data. Each file will have between 500 and 150,000 fields. (Yes that'... by l0r3zz New Member in Splunk Search 10-01-2010 0 8	0	8
Populating a summary index with transactions while preserving fields. I have the following search which I would like to use to populate a summary index for reporting (run every 30 minutes... by cudgel Path Finder in Splunk Search 10-01-2010 1 4	1	4