Splunk Search

Community Activity

How do you filter Windows Event Log? I've tried to filter native event logs being indexed using the [WinEventLog...] sourcetype. Here are the config: pr... by BunnyHop Contributor in Splunk Search 08-28-2010 1 5	1	5
field extraction of usually ommited info Hi, i have a couple of logfiles where there is one important "field" that splunk does not recognize because it is no... by dominiquevocat SplunkTrust in Splunk Search 08-27-2010 1 3	1	3
transaction and conditional logic I am working on a variation on a transaction query as described here: http://answers.splunk.com/questions/5619/calcul... by bilsch Engager in Splunk Search 08-27-2010 1 2	1	2
MPLS_login_102_1 error message Hi. Some of the scheduled saved searches have stopped running. When click on these saved searches from Search App's ... by alextsui Path Finder in Splunk Search 08-27-2010 0 2	0	2
Hide primaryAxisTitle and secondaryAxisTitle on Bar/Column chart in dashboard Does anyone know how to hide the primaryAxisTitle and secondaryAxisTitle using either the simple or advanced xml for ... by clincg Path Finder in Splunk Search 08-27-2010 1 1	1	1
interactive pdf Hi Is it possible to create pdf interactive report. I mean to get pdf report with links to results. For example when... by jmaslowski Engager in Splunk Search 08-26-2010 1 1	1	1
Splitting output and field extraction I'm using Subsystem Device Drivers (SDD) on an AIX system to monitor SAN LUNs. When I run "datapath query devstats" c... by Branden Builder in Splunk Search 08-26-2010 0 4	0	4
Missing Event details when trying to Extract Fields from an Active Directory event I have the following raw AD event which I can see from my search: 08/16/2010 12:55:56.0110 dcName=w2k3r2.demo.dev ad... by mpatnode Path Finder in Splunk Search 08-26-2010 1 3	1	3
tables not displaying as desired when using the following search: source="/data/log/rla.log" eventtype="SessionStart" \| convert ctime(_time) as times... by freeti00 Explorer in Splunk Search 08-26-2010 1 2	1	2
Use of autoregress and large time range, but limit results of final search to smaller time range I am trying to make a chart using autoregress with the previous 365 values/days... My time range needs to be at leas... by charlessplunk New Member in Splunk Search 08-26-2010 0 2	0	2
Clarifications about SPLUNK functionality Is SPLUNK an SIEM, SIM or SEM tool? A. Strongly agree B. Slightly agree C. Agree D. Slightly Disagree E. Strong... by alphonzeus New Member in Splunk Search 08-26-2010 0 2	0	2
sub-search search query I'm trying to run a search query like this: host=linux1 DHCPACK \| rex field=_raw "on (?<ip>.) to (?<mac>.)" \| [sea... by lelanb Engager in Splunk Search 08-26-2010 1 3	1	3
Using Python Script in search in the GUI Hello, I am still pretty new to Splunk. I have used the python active_directory module (http://timgolden.me.uk/pyth... by kholleran Communicator in Splunk Search 08-26-2010 1 2	1	2
What does 'maxQueueSize' in outputs.conf do? We were running some load over the weekend, and ran into an issue where one of our Forwarder nodes went unresponsive.... by mctester Communicator in Splunk Search 08-26-2010 2 1	2	1
Subtract two timestamps in one event Hopefully this is a simple question, but I haven't found a way to do so using either the convert or eval commands. Ba... by jscottmiller New Member in Splunk Search 08-26-2010 0 2	0	2
Compare timestamps Is it possible to compare two times and get the difference in seconds? I have a field I am extracting called rec_time... by ericrobinson Path Finder in Splunk Search 08-26-2010 0 1	0	1
How to specify SplitMode using simple form XML Hi there, I can create a line graph with SplitMode, however there is no configuration guide for manually adding XML... by melonman Motivator in Splunk Search 08-26-2010 1 3	1	3
How can I configure axis and series with module Hi There, I would like to know how to configure axis. With the following XML, I got _time on Y-axis and count on X-A... by melonman Motivator in Splunk Search 08-26-2010 1 2	1	2
Display field uniques in search Hi there, What I am after is quite straight forward really. I am trying to conduct a search of a particular index (p... by aaronnicoli Path Finder in Splunk Search 08-25-2010 0 2	0	2
GeoIP app not working correctly Hi, I downloaded (installed via Splunk GUI) and am testing out the GeoIP app on my 4.1.4 search head. I'm having an ... by castle1126 Communicator in Splunk Search 08-25-2010 1 5	1	5
Realtime search question I have splunk forwarders configured on 3 machines going to a splunk receiver. I have a request to create a real-time ... by ericrobinson Path Finder in Splunk Search 08-25-2010 0 1	0	1
Computing average request time with mvcount fields and numerical field values Hello, Is it possible to compute an average of the numerical field by dividing it by the mvcount field I am defining... by ericrobinson Path Finder in Splunk Search 08-25-2010 0 2	0	2
Where should the tags.conf file be located? I am beginning to work with tags and am having partial success. I have a tags.conf file that I dropped into the loca... by muebel SplunkTrust in Splunk Search 08-25-2010 4 3	4	3
Trying to identify duplicate logs I've found some logs in our splunk environment that seem to be duplicates (they differ only by their srcip field--whi... by thepocketwade Path Finder in Splunk Search 08-25-2010 2 6	2	6
PDFServer cant contact appserver: Proxy Authentication Required Hi All my PDFserver cant contact the appserver. Both are running on the same host. How do I set these kind of props ... by tsillay Explorer in Splunk Search 08-25-2010 1 3	1	3