Splunk Search

Community Activity

What is the syntax for finding top value of some field and increasing the limit? index="whatever" INFECTION \| top limit="15" misc by src When I attempt this search, the limit qualifier seems to be... by the_wolverine Champion in Splunk Search 06-24-2010 0 4	0	4
Restricting search results to or excluding Extracted Fields Hello, I would like to filter a search result, of irrelevant data, to display less information so its easier to spot... by Carmageddon New Member in Splunk Search 06-24-2010 0 10	0	10
metadata search for distributed environment I have 4 servers in a distributed environment. I use server a to login and do the search. When I use the search \| me... by sanju005ind Communicator in Splunk Search 06-24-2010 0 2	0	2
Debugging Custom Splunk Search Commands I have taken iplocation.py as a skeleton for a simple custom search command that adds another column to the search re... by enielson Explorer in Splunk Search 06-23-2010 4 2	4	2
REST calling last scheduled search Is there a way to have REST look up the latest results from a scheduled search and return them, not re-running the se... by Jason Motivator in Splunk Search 06-23-2010 2 1	2	1
How do I get the diff.py command to work? I moved my Splunk instance to another machine and I'm getting the following error message: 2010-06-15 16:20:24,739 ER... by rsimmons Splunk Employee in Splunk Search 06-23-2010 0 1	0	1
Cannot use auto_finalize_ec in search I find the document about auto finalize in this page http://zh-hant.splunk.com/base/Documentation/latest/Developer/RE... by Jaci Splunk Employee in Splunk Search 06-23-2010 1 2	1	2
Multivalue Regex capture If I have an event with more than one IP addres in it, how can I write a regex that will capture all of the IP's? Ex... by Derek Path Finder in Splunk Search 06-23-2010 0 1	0	1
Working with eventtypes: how to solve duplicated rows into results Good morning, I'm developing for a customer a very simple search. tag=mysourcetype tag=myeventtype startdaysago=7 ... by nik_splunk Path Finder in Splunk Search 06-23-2010 0 5	0	5
Pros and Cons: External lookup script vs custom search command? What are the pros and cons to using an external lookup script vs a custom search command when the purpose is simply t... by Lowell Super Champion in Splunk Search 06-22-2010 1 1	1	1
Calculate diff between two entries in a transaction? I'm trying to calculate the amount of time between two events and I'm having a lot of trouble. Because of some requi... by ericdp Explorer in Splunk Search 06-22-2010 0 2	0	2
one-way distributed searches Given servers A and B, how do you search both A AND B from server A, but disallow B from searching against A? by amrit Splunk Employee in Splunk Search 06-22-2010 3 3	3	3
How do I display percentage of 500 errors on a per-URI basis? So, I have a big set of web stats for a given time in a search. Basically, I want it broken down by uri_path and for ... by kdankmyer Engager in Splunk Search 06-21-2010 1 3	1	3
Comparing two data sets from the same timeframe and index? I am trying to compare the results of two searches that share a common timeframe and index, with a negation. The comm... by Tisiphone_1 Explorer in Splunk Search 06-19-2010 0 2	0	2
flashtimeline: Results and events sorted in same time order? In a view like the flashtimeline, there is a selector to choose between the results of the search and the log events ... by smisplunk Path Finder in Splunk Search 06-18-2010 0 6	0	6
Searching for all events before a specific date specified in the search string I have a search where I have been using "latesttime=-2d@d" to specify the time range, like so: ... latesttime=-2d@d ... by jwestberg Splunk Employee in Splunk Search 06-18-2010 1 5	1	5
Output of search to another search I am doing a search which gives me two fields and say parent1 and child1...n so with parent and child I have 1 to n r... by manuarora Explorer in Splunk Search 06-18-2010 1 6	1	6
Question about MVfields Hello there, Is it possible to chart a multivalued field against another multivalued field of the same size? For ex... by ifeldshteyn Communicator in Splunk Search 06-18-2010 0 3	0	3
Search help - reporting backup status We have many hosts running backups every night and report back if they are successful or not. I would like to simpli... by Jaci Splunk Employee in Splunk Search 06-17-2010 1 2	1	2
Is it possible to do an index-only search without loading the raw event? I have a summary index search that does some simple stats (count) by host and sourcetype for WMI events. The problem... by Lowell Super Champion in Splunk Search 06-17-2010 0 1	0	1
Regex for Sudo.log extractions Hello folks, I am having a difficult time extracting fields properly from the sudo.log file on several of our servers... by balt New Member in Splunk Search 06-17-2010 0 2	0	2
After upgrade to splunk 4.1, I try to access the field extractions page in manager, and it doesn't work. After upgrading, when accessing field extraction page in manager in 4.1, it doesn't work. This appears in splunkd.lo... by jrodman Splunk Employee in Splunk Search 06-17-2010 1 1	1	1
How does Splunk handle data with comma separated fields containing zero values For example DATA test1, test2, test3 so just add the DELIMS = "," in transforms and REPORT-test entry in pro... by Starlette Contributor in Splunk Search 06-17-2010 0 2	0	2
Using Splunk to count within a search - users to ip addresses Hi all, I have logs in the following format 2010-06-17 02:04:55 user1 ip.add.ress.here GET /mysite/mypage.html 2010... by bnolen Path Finder in Splunk Search 06-17-2010 2 1	2	1
Summary Index & sistats Hi I am seeing some weirdness with one of the saved-searches that we have. One of these searches is of the form: ... by sranga Path Finder in Splunk Search 06-16-2010 0 4	0	4