Splunk Search

Community Activity

Splitting output and field extraction I'm using Subsystem Device Drivers (SDD) on an AIX system to monitor SAN LUNs. When I run "datapath query devstats" c... by Branden Builder in Splunk Search 08-26-2010 0 4	0	4
Missing Event details when trying to Extract Fields from an Active Directory event I have the following raw AD event which I can see from my search: 08/16/2010 12:55:56.0110 dcName=w2k3r2.demo.dev ad... by mpatnode Path Finder in Splunk Search 08-26-2010 1 3	1	3
tables not displaying as desired when using the following search: source="/data/log/rla.log" eventtype="SessionStart" \| convert ctime(_time) as times... by freeti00 Explorer in Splunk Search 08-26-2010 1 2	1	2
Use of autoregress and large time range, but limit results of final search to smaller time range I am trying to make a chart using autoregress with the previous 365 values/days... My time range needs to be at leas... by charlessplunk New Member in Splunk Search 08-26-2010 0 2	0	2
Clarifications about SPLUNK functionality Is SPLUNK an SIEM, SIM or SEM tool? A. Strongly agree B. Slightly agree C. Agree D. Slightly Disagree E. Strong... by alphonzeus New Member in Splunk Search 08-26-2010 0 2	0	2
sub-search search query I'm trying to run a search query like this: host=linux1 DHCPACK \| rex field=_raw "on (?<ip>.) to (?<mac>.)" \| [sea... by lelanb Engager in Splunk Search 08-26-2010 1 3	1	3
Using Python Script in search in the GUI Hello, I am still pretty new to Splunk. I have used the python active_directory module (http://timgolden.me.uk/pyth... by kholleran Communicator in Splunk Search 08-26-2010 1 2	1	2
What does 'maxQueueSize' in outputs.conf do? We were running some load over the weekend, and ran into an issue where one of our Forwarder nodes went unresponsive.... by mctester Communicator in Splunk Search 08-26-2010 2 1	2	1
Subtract two timestamps in one event Hopefully this is a simple question, but I haven't found a way to do so using either the convert or eval commands. Ba... by jscottmiller New Member in Splunk Search 08-26-2010 0 2	0	2
Compare timestamps Is it possible to compare two times and get the difference in seconds? I have a field I am extracting called rec_time... by ericrobinson Path Finder in Splunk Search 08-26-2010 0 1	0	1
How to specify SplitMode using simple form XML Hi there, I can create a line graph with SplitMode, however there is no configuration guide for manually adding XML... by melonman Motivator in Splunk Search 08-26-2010 1 3	1	3
How can I configure axis and series with module Hi There, I would like to know how to configure axis. With the following XML, I got _time on Y-axis and count on X-A... by melonman Motivator in Splunk Search 08-26-2010 1 2	1	2
Display field uniques in search Hi there, What I am after is quite straight forward really. I am trying to conduct a search of a particular index (p... by aaronnicoli Path Finder in Splunk Search 08-25-2010 0 2	0	2
GeoIP app not working correctly Hi, I downloaded (installed via Splunk GUI) and am testing out the GeoIP app on my 4.1.4 search head. I'm having an ... by castle1126 Communicator in Splunk Search 08-25-2010 1 5	1	5
Realtime search question I have splunk forwarders configured on 3 machines going to a splunk receiver. I have a request to create a real-time ... by ericrobinson Path Finder in Splunk Search 08-25-2010 0 1	0	1
Computing average request time with mvcount fields and numerical field values Hello, Is it possible to compute an average of the numerical field by dividing it by the mvcount field I am defining... by ericrobinson Path Finder in Splunk Search 08-25-2010 0 2	0	2
Where should the tags.conf file be located? I am beginning to work with tags and am having partial success. I have a tags.conf file that I dropped into the loca... by muebel SplunkTrust in Splunk Search 08-25-2010 4 3	4	3
Trying to identify duplicate logs I've found some logs in our splunk environment that seem to be duplicates (they differ only by their srcip field--whi... by thepocketwade Path Finder in Splunk Search 08-25-2010 2 6	2	6
PDFServer cant contact appserver: Proxy Authentication Required Hi All my PDFserver cant contact the appserver. Both are running on the same host. How do I set these kind of props ... by tsillay Explorer in Splunk Search 08-25-2010 1 3	1	3
space-delimited txt file import I have a datasource that i export to a text file that I need to import into splunk. The file has a header that looks... by EricPartington Communicator in Splunk Search 08-24-2010 0 5	0	5
Transaction event charting question I was wondering if it is possible to chart results on a per event basis. By this, I mean that I have defined a transa... by ericrobinson Path Finder in Splunk Search 08-24-2010 0 3	0	3
download specific CSV columns via the web API? What I want to do is pull down the results of a saved search as a CSV file, which will then be loaded into a data war... by rwgilt Explorer in Splunk Search 08-24-2010 3 4	3	4
Transaction Search Using different fields across multiple logs I am facing a problem with doing a transaction search across multiple logs (11 different sourcetypes) based on the ex... by manwin Path Finder in Splunk Search 08-24-2010 3 6	3	6
Extracted fields issues I'm experiencing weird issues with extracted fields : I have a custom field that basically get the hostname (in bold ... by wleroy New Member in Splunk Search 08-24-2010 0 7	0	7
count rex output within one line? if I'm want to use a rex to pull out values at want to use the ?<xcount> psuedo-field to use in a chart, is this poss... by mmattek Path Finder in Splunk Search 08-24-2010 1 4	1	4