Splunk Search

Community Activity

simple field extraction not working I've been breaking my head over this very simple field extraction. My extraction (see eg., below) has problems beca... by pjmenon Explorer in Splunk Search 07-01-2010 0 21	0	21
is * supported? Is the wildcard search star * supported by logs in splunk? Im trying to see if splunk is seeing changes being made in... by riderofyamaha Explorer in Splunk Search 07-01-2010 0 3	0	3
How to use command "splunk resurrect". Hi, question about restoration of indexed data. I know how to restore(or search old) indexes data by putting necessa... by melonman Motivator in Splunk Search 06-30-2010 1 1	1	1
How can I get CLI searches to appear in the Job Manager? It looks like the Job Manager currently does not allow me to track CLI searches. Is there some way I can get a jobid... by the_wolverine Champion in Splunk Search 06-29-2010 2 2	2	2
Incomplete data returned after subsearch or join Hello, I found that when I use subsearch or join command to join data, I can't make splunk to return the complete ... by kalitbri Explorer in Splunk Search 06-29-2010 0 3	0	3
eval expression usage Greetings. I am trying to use an expression in the search string that will not display certain IP addresses. I have ... by bbear Explorer in Splunk Search 06-29-2010 1 4	1	4
Extracting number of fields from a multi line event Hello, I am trying to extract fields from an event which looks like this (I have multiple events) total time (ms): ... by hiwell Explorer in Splunk Search 06-29-2010 0 3	0	3
Custom Field Extractions not visible in search head... Hey guys, We are monitoring 2 specific CSV Log files on one indexer. I setup the appropriate custom field extractio... by balbano Contributor in Splunk Search 06-29-2010 0 6	0	6
Compare 2 fields Basically I have a line of data that looks like this: Jun 28 14:15:10 sc4-app04.mcafeesecure.com portal: ACCESS Clic... by mcafeesecure Explorer in Splunk Search 06-29-2010 3 3	3	3
I'm being audited. Can i give my auditor a list of hosts and the indexes their data is in? An auditor is requesting that we furnish them with a list of all servers logging to splunk and the index they are bei... by Michael_Wilde Splunk Employee in Splunk Search 06-29-2010 1 2	1	2
Editing logs at index time I have splunk indexing a local file that is being continuously written to and I need the first word in each event to ... by mawwx3 Explorer in Splunk Search 06-28-2010 0 4	0	4
How to collapse unneeded lines in the search result for a very long event? Search string "mismatch". The single event is about 2-3K lines or more. In the lines of text there are 5 lines with ... by zliu Splunk Employee in Splunk Search 06-28-2010 1 6	1	6
Windows security event log regex help I need a regex that can process all security events with eventid 540 that don't contain $, SYSTEM, or ANONYMOUS LOGON... by chowell Explorer in Splunk Search 06-28-2010 0 2	0	2
Help on Errror stats - The argument '>' is invalid I am scheduling this search(Daily Indexed Volume): index=_internal source=metrics.log splunk_server="" \| eval MB=k... by apro Path Finder in Splunk Search 06-28-2010 0 2	0	2
Making a lookup optional? (Or, how to build a multi-level lookup?) I have a scenario where I would like to do a two-layered lookup. I'm essentially doing an IP address lookup against ... by Lowell Super Champion in Splunk Search 06-25-2010 6 4	6	4
Create field names automatically from line in file Below are the first 7 lines of a file that I want to index. The additional lines all look like line 7. Can I have it ... by nate1 Explorer in Splunk Search 06-25-2010 1 2	1	2
Metadata filtered by eventtype Can I use eventtype=myevent with \|metadata? example: \| metadata type=hosts \| eventtype=group_A I know tags work, ... by thall79 Communicator in Splunk Search 06-25-2010 0 1	0	1
find total unique sources over the last 30 days? I have what I think should be a simple search, but I'm not quite able to come up with a way to do it. Ultimately I g... by mfrost8 Builder in Splunk Search 06-25-2010 1 3	1	3
Correlating a start and stop event with transaction I'm trying to correlate start and stop events and having a much harder time than what the documentation implies in or... by ericdp Explorer in Splunk Search 06-25-2010 1 5	1	5
How to omit categories of log entries When we are browsing log files for problems, we often don't know exactly what we're looking for. But in a short peri... by r31floyd Engager in Splunk Search 06-25-2010 0 4	0	4
What is the syntax for finding top value of some field and increasing the limit? index="whatever" INFECTION \| top limit="15" misc by src When I attempt this search, the limit qualifier seems to be... by the_wolverine Champion in Splunk Search 06-24-2010 0 4	0	4
Restricting search results to or excluding Extracted Fields Hello, I would like to filter a search result, of irrelevant data, to display less information so its easier to spot... by Carmageddon New Member in Splunk Search 06-24-2010 0 10	0	10
metadata search for distributed environment I have 4 servers in a distributed environment. I use server a to login and do the search. When I use the search \| me... by sanju005ind Communicator in Splunk Search 06-24-2010 0 2	0	2
Debugging Custom Splunk Search Commands I have taken iplocation.py as a skeleton for a simple custom search command that adds another column to the search re... by enielson Explorer in Splunk Search 06-23-2010 4 2	4	2
REST calling last scheduled search Is there a way to have REST look up the latest results from a scheduled search and return them, not re-running the se... by Jason Motivator in Splunk Search 06-23-2010 2 1	2	1