Splunk Search

Community Activity

Generate report of top n search queries I'd like to generate a report of N top search queries from my apache weblogs. Log entry for a search looks like: 1... by staze Path Finder in Splunk Search 09-23-2010 0 5	0	5
stats sum(duration) by user date_month date_year - Not really Addition of duration? Splunkers... I am looking at a VPN logs from a Cisco ASA and trying to calculate the amount of time per day per user ... by starks951 Explorer in Splunk Search 09-23-2010 0 4	0	4
How to put SearchBar & HiddenSearch module to work together ? Hello, I want to design an Form Seach which has a SearchBar on it to let user input their search keyords. And in thi... by leo_wang Path Finder in Splunk Search 09-23-2010 1 2	1	2
Limit result of a search query Hi all, how can i limit this search query to the top 5 rows? eventtype="searchDC" Type="Audit Success" CategoryStrin... by pinzer Path Finder in Splunk Search 09-23-2010 0 2	0	2
Time Picker, Search Picker for a Line Chart: Help with Advanced XML I have been digging into the advanced xml stuff lately, and have come across a hurdle with simply figuring out the co... by muebel SplunkTrust in Splunk Search 09-23-2010 1 2	1	2
List sum of fields across events This seems like it would be easy. Maybe it is, and I'm being thick today.  Log lines look like ... server1 qs_queu... by twinspop Influencer in Splunk Search 09-23-2010 1 2	1	2
Monitor a file or directory indexing no longer working The "monitor a file or directory" data input option is no longer working. When I add a new file this way, the source ... by hoffmandirt Explorer in Splunk Search 09-22-2010 0 1	0	1
Charting values from performance record I've got a log file that contains, time, controller, and CPU % used. I need to create a time chart that plots the CPU... by snowmizer Communicator in Splunk Search 09-22-2010 0 3	0	3
Search results not displayed when using certain fields in the initial search string This is probably pretty straightforward but on my search head the following will not return any results: index=train... by Blu3fish Path Finder in Splunk Search 09-21-2010 1 1	1	1
Having REGEX Problems Sorry for the cross post but after posting i saw a recommendation to use this forum instead of splunk.com I am havin... by usersnation Explorer in Splunk Search 09-21-2010 1 6	1	6
Crossing multivalued fields Got the following: One field with 4 types of values/functions and another field that is the status of those functions... by Caio_Santos Path Finder in Splunk Search 09-21-2010 0 2	0	2
startminutesago/endminutesago vs earliest/latest I know that from version 4 onward, use of the earliest and latest time parameters are preferred over the older startm... by southeringtonp Motivator in Splunk Search 09-21-2010 1 1	1	1
External lookups: lookup not found error I'm following the instructions here and can't get it to even recognize the lookup. Did I miss something? My transfor... by twinspop Influencer in Splunk Search 09-21-2010 1 8	1	8
Search with 3 fields and count I'm trying to create a table which shows the following: - Domain Client_IP Client_User Cou... by manwin Path Finder in Splunk Search 09-21-2010 0 4	0	4
Bucket Search Command Question Hey, How would I go about writing a search that is able to show me how many events are found in a particular index (... by Ant1D Motivator in Splunk Search 09-21-2010 0 6	0	6
help to capture with rex an event hello everybody, following is the event that i'm trying to capture with rex. [2010-08-05 17:51:11,661][info] INFO c... by Caio_Santos Path Finder in Splunk Search 09-20-2010 0 8	0	8
Adding intention to second drilldown search Hi, I've got the advanced view below, which has the aim of producing a search-by-domain page for some Apache-like lo... by blinken Explorer in Splunk Search 09-20-2010 3 4	3	4
Stop search when user leaves dashboard Hi, I'm sure I've come across it, but I didn't bookmark at the time. What is the parameter to stop the search behin... by garfieldconnoll Explorer in Splunk Search 09-19-2010 3 1	3	1
What does a anomalies command report mean when giving error: A separating field was not found, carring on without it. The anomalies command reports this error: "A separating field was not found. Carrying on without it." What does that... by rsimmons Splunk Employee in Splunk Search 09-17-2010 0 2	0	2
Which is better NOT or != Here are two searches that are the same. NOT FIELD="value" FIELD!="value" Which should be used? Is this just a per... by skeetermurphy Engager in Splunk Search 09-17-2010 9 2	9	2
On the Fly KV Generation for Search Language Testing I am hacking away at some searches, and having some difficulties with strings and ints. I would like to set up some ... by muebel SplunkTrust in Splunk Search 09-17-2010 1 1	1	1
Searching for large groups of hosts (or any other field), i.e. host=box[100-200].domain.com Hi, We want to search for hundreds of hosts at a time. The question is similar to these: http://answers.splunk.com/... by parallaxed Path Finder in Splunk Search 09-17-2010 0 10	0	10
Extracting fields for a report with regex not working Hi I'm trying to "extract fields" with regular expressions for a specific position on a comma separated log file tha... by henrikb New Member in Splunk Search 09-17-2010 0 2	0	2
Create charts from SNMP Counter data type I am collecting snmpget data from a SAN switch. A few of the SNMP elements use counters where I get the accumalated v... by rasingh Path Finder in Splunk Search 09-16-2010 2 7	2	7
Counting Your searches Is there anyway to count the number of searches ran on an indexer in a 24 hour period? by carmackd Communicator in Splunk Search 09-16-2010 0 2	0	2