Splunk Search

Community Activity

Troubleshooting inputs.conf In Windows I have the following in the Inputs.conf: [monitor://C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQ... by Kyle_Brandt Path Finder in Splunk Search 10-01-2010 0 5	0	5
How do I turn off highlighting? I have a search that pipes to another search, and this search is highlighting the results. I do not want the highligh... by ericrobinson Path Finder in Splunk Search 09-30-2010 10 4	10	4
Given two fields, how can i create a third field whose name is the first value and whose value is the second? I have a dataset where the rows in my search results all have a 'value' field, and there's another field that specif... by sideview SplunkTrust in Splunk Search 09-30-2010 5 4	5	4
Reporting on zero results? In order to identify web content that hasn't been pulled in a while, I thought I would use Splunk since a) my Apache ... by Brian_Osburn Builder in Splunk Search 09-30-2010 3 4	3	4
Dynamic Sourcetype Extraction We're trying to set up a dynamic sourcetype extraction at index time. The reason for this is that we have about 40-50... by mattcg Explorer in Splunk Search 09-30-2010 2 2	2	2
Splunking traditional IT + Telco devices/systems/infrastructure I don’t have any background in Telco world, I’m so blank about it, Telco people asked this many times, is it possib... by donnylie Explorer in Splunk Search 09-30-2010 0 1	0	1
Manipulate results without re-running search I just ran a search that returned approximately 1 million results. Only after it completed (which took a bit longer ... by thepocketwade Path Finder in Splunk Search 09-30-2010 3 2	3	2
postfix_syslog time extraction inaccuracies We seem to be having an issue with the postfix_syslog sourcetype (that came as a default sourcetype in Splunk) and it... by adamw Communicator in Splunk Search 09-30-2010 0 5	0	5
complicated subsearches I have jboss logs that print a message size everytime jboss restarts. The message size is different everytime jboss s... by htkhtk Path Finder in Splunk Search 09-30-2010 0 4	0	4
Subsearch on completed (finalized) results If I do a search for something such as: uri="/this/or/that.html" over, say, an hour. Once the search completes (fina... by JohnB Explorer in Splunk Search 09-30-2010 0 3	0	3
multikv field extraction Hello, How do i use multikv to extract fields that have % or / in them ? I'm unable to extract if it has those chara... by pmr Explorer in Splunk Search 09-30-2010 1 2	1	2
Custom fields not always showing up I have a Splunk app that parses some Snort files and assigns some fields to the content. The app works fine from the... by klumpba Engager in Splunk Search 09-29-2010 4 3	4	3
Why is the "diff" search command not reliable for large events containing several hundred lines? When I use the "diff" search command to compare events that contain several hundred lines, I notice that differences ... by hexx Splunk Employee in Splunk Search 09-29-2010 4 2	4	2
How to use "Intention" to add search clauses after the "base search string" I have read the this page about the concept of "Intention" : http://www.splunk.com/base/Splexicon:Intention It say... by leo_wang Path Finder in Splunk Search 09-29-2010 1 5	1	5
Is there a bug in dedup? I have the following query which almost does what I want: sourcetype="cisco_wsa_squid" \| lookup teamlookup cs_userna... by cmeo Contributor in Splunk Search 09-29-2010 0 4	0	4
How can I get the "Splunk for use with AMMAP" to work? For the AMMAP application for the map, I followed the instruction and installed MAXMIND and the AMMAP app, but I can'... by clyde772 Communicator in Splunk Search 09-28-2010 0 6	0	6
Graph only showing partial results I have a chart in a dashboard that shows a graph of paging space usage across all of our hosts. Or at least that's wh... by Branden Builder in Splunk Search 09-28-2010 2 2	2	2
Regex data from its position in string? Hi, I have just installed Splunk as want to get some reports out of a Barracuda Spam firewall we have installed that... by pshankland New Member in Splunk Search 09-28-2010 0 4	0	4
Tar'ing index so that it is distributable to other Splunk instance [1] I would like to know if I can tar an index from a Splunk instance and then untar it into other Splunk instance? ... by Nicholas_Key Splunk Employee in Splunk Search 09-28-2010 0 2	0	2
Averaging Out Count In Graph Every 5 minutes, one of our systems dumps out data on connected users. There is one line per connected user as follow... by sajbutler Path Finder in Splunk Search 09-28-2010 0 7	0	7
timechart vs. streamstats If I do this: index="foo" sourcetype="bar" \| sort _time \| streamstats dc(userid) as dcusers \| delta dcusers as delta... by mctester Communicator in Splunk Search 09-28-2010 1 3	1	3
AccountBar mode options Is there any way to get popup or lite mode AccountBar WITH the logo clickable? This would be very useful for turning ... by cmeo Contributor in Splunk Search 09-27-2010 0 1	0	1
Change column color if over a range Hi all, i need to change the color of a bar of the column chart if the value is higher than a number. How can i do th... by pinzer Path Finder in Splunk Search 09-26-2010 2 1	2	1
Unix Time Math for a Field Hello, I currently am doing a search that uses a unix time as a field. What I want to do, is do something like this... by kholleran Communicator in Splunk Search 09-26-2010 0 2	0	2
Top by a value inside the query Within each record in a query I have two fields, c_ip and cs_bytes which is numeric. How can I get the top 10 c_ip v... by timbCFCA Path Finder in Splunk Search 09-24-2010 1 1	1	1