Splunk Search

Community Activity

Distinct Count on Summary Index Okay, my summary index looks like this: sourcetype="blah" \| sistats count by email I'd like to run a query agai... by sondradotcom Path Finder in Splunk Search 08-30-2010 1 1	1	1
Show only events WITHOUT field Is there a way to show events only if they do not contain a specified field. E.g. 40% of my selected events contain a... by landzaat Explorer in Splunk Search 08-30-2010 12 1	12	1
How to configure forwarder to send different information to 2 different indexers Hi, We now have a setup in which we use splunk like this. Forwarders deployed on windows Domain Controllers, that re... by DyJohnnY Explorer in Splunk Search 08-30-2010 1 4	1	4
Lookup full text of Cisco event and display in new window? I have a search time field extraction for CISCO system messages named MsgClassID. I uploaded from Manager a CISCOevt_... by MikeyG Explorer in Splunk Search 08-28-2010 0 1	0	1
Percent of Total I'm trying to figure out how to calculate a percent of total such that: search string \| stats count percent by email... by sondradotcom Path Finder in Splunk Search 08-28-2010 3 3	3	3
Search Application Summary page slow to load We index data from about 2000 different hosts. logs are relayed in via a TCP syslog source. Whenever a user goes to ... by gfriedmann Communicator in Splunk Search 08-28-2010 0 2	0	2
How do you filter Windows Event Log? I've tried to filter native event logs being indexed using the [WinEventLog...] sourcetype. Here are the config: pr... by BunnyHop Contributor in Splunk Search 08-28-2010 1 5	1	5
field extraction of usually ommited info Hi, i have a couple of logfiles where there is one important "field" that splunk does not recognize because it is no... by dominiquevocat SplunkTrust in Splunk Search 08-27-2010 1 3	1	3
transaction and conditional logic I am working on a variation on a transaction query as described here: http://answers.splunk.com/questions/5619/calcul... by bilsch Engager in Splunk Search 08-27-2010 1 2	1	2
MPLS_login_102_1 error message Hi. Some of the scheduled saved searches have stopped running. When click on these saved searches from Search App's ... by alextsui Path Finder in Splunk Search 08-27-2010 0 2	0	2
Hide primaryAxisTitle and secondaryAxisTitle on Bar/Column chart in dashboard Does anyone know how to hide the primaryAxisTitle and secondaryAxisTitle using either the simple or advanced xml for ... by clincg Path Finder in Splunk Search 08-27-2010 1 1	1	1
interactive pdf Hi Is it possible to create pdf interactive report. I mean to get pdf report with links to results. For example when... by jmaslowski Engager in Splunk Search 08-26-2010 1 1	1	1
Splitting output and field extraction I'm using Subsystem Device Drivers (SDD) on an AIX system to monitor SAN LUNs. When I run "datapath query devstats" c... by Branden Builder in Splunk Search 08-26-2010 0 4	0	4
Missing Event details when trying to Extract Fields from an Active Directory event I have the following raw AD event which I can see from my search: 08/16/2010 12:55:56.0110 dcName=w2k3r2.demo.dev ad... by mpatnode Path Finder in Splunk Search 08-26-2010 1 3	1	3
tables not displaying as desired when using the following search: source="/data/log/rla.log" eventtype="SessionStart" \| convert ctime(_time) as times... by freeti00 Explorer in Splunk Search 08-26-2010 1 2	1	2
Use of autoregress and large time range, but limit results of final search to smaller time range I am trying to make a chart using autoregress with the previous 365 values/days... My time range needs to be at leas... by charlessplunk New Member in Splunk Search 08-26-2010 0 2	0	2
Clarifications about SPLUNK functionality Is SPLUNK an SIEM, SIM or SEM tool? A. Strongly agree B. Slightly agree C. Agree D. Slightly Disagree E. Strong... by alphonzeus New Member in Splunk Search 08-26-2010 0 2	0	2
sub-search search query I'm trying to run a search query like this: host=linux1 DHCPACK \| rex field=_raw "on (?<ip>.) to (?<mac>.)" \| [sea... by lelanb Engager in Splunk Search 08-26-2010 1 3	1	3
Using Python Script in search in the GUI Hello, I am still pretty new to Splunk. I have used the python active_directory module (http://timgolden.me.uk/pyth... by kholleran Communicator in Splunk Search 08-26-2010 1 2	1	2
What does 'maxQueueSize' in outputs.conf do? We were running some load over the weekend, and ran into an issue where one of our Forwarder nodes went unresponsive.... by mctester Communicator in Splunk Search 08-26-2010 2 1	2	1
Subtract two timestamps in one event Hopefully this is a simple question, but I haven't found a way to do so using either the convert or eval commands. Ba... by jscottmiller New Member in Splunk Search 08-26-2010 0 2	0	2
Compare timestamps Is it possible to compare two times and get the difference in seconds? I have a field I am extracting called rec_time... by ericrobinson Path Finder in Splunk Search 08-26-2010 0 1	0	1
How to specify SplitMode using simple form XML Hi there, I can create a line graph with SplitMode, however there is no configuration guide for manually adding XML... by melonman Motivator in Splunk Search 08-26-2010 1 3	1	3
How can I configure axis and series with module Hi There, I would like to know how to configure axis. With the following XML, I got _time on Y-axis and count on X-A... by melonman Motivator in Splunk Search 08-26-2010 1 2	1	2
Display field uniques in search Hi there, What I am after is quite straight forward really. I am trying to conduct a search of a particular index (p... by aaronnicoli Path Finder in Splunk Search 08-25-2010 0 2	0	2