Splunk Search

Community Activity

Making a lookup optional? (Or, how to build a multi-level lookup?) I have a scenario where I would like to do a two-layered lookup. I'm essentially doing an IP address lookup against ... by Lowell Super Champion in Splunk Search 06-25-2010 6 4	6	4
Create field names automatically from line in file Below are the first 7 lines of a file that I want to index. The additional lines all look like line 7. Can I have it ... by nate1 Explorer in Splunk Search 06-25-2010 1 2	1	2
Metadata filtered by eventtype Can I use eventtype=myevent with \|metadata? example: \| metadata type=hosts \| eventtype=group_A I know tags work, ... by thall79 Communicator in Splunk Search 06-25-2010 0 1	0	1
find total unique sources over the last 30 days? I have what I think should be a simple search, but I'm not quite able to come up with a way to do it. Ultimately I g... by mfrost8 Builder in Splunk Search 06-25-2010 1 3	1	3
Correlating a start and stop event with transaction I'm trying to correlate start and stop events and having a much harder time than what the documentation implies in or... by ericdp Explorer in Splunk Search 06-25-2010 1 5	1	5
How to omit categories of log entries When we are browsing log files for problems, we often don't know exactly what we're looking for. But in a short peri... by r31floyd Engager in Splunk Search 06-25-2010 0 4	0	4
What is the syntax for finding top value of some field and increasing the limit? index="whatever" INFECTION \| top limit="15" misc by src When I attempt this search, the limit qualifier seems to be... by the_wolverine Champion in Splunk Search 06-24-2010 0 4	0	4
Restricting search results to or excluding Extracted Fields Hello, I would like to filter a search result, of irrelevant data, to display less information so its easier to spot... by Carmageddon New Member in Splunk Search 06-24-2010 0 10	0	10
metadata search for distributed environment I have 4 servers in a distributed environment. I use server a to login and do the search. When I use the search \| me... by sanju005ind Communicator in Splunk Search 06-24-2010 0 2	0	2
Debugging Custom Splunk Search Commands I have taken iplocation.py as a skeleton for a simple custom search command that adds another column to the search re... by enielson Explorer in Splunk Search 06-23-2010 4 2	4	2
REST calling last scheduled search Is there a way to have REST look up the latest results from a scheduled search and return them, not re-running the se... by Jason Motivator in Splunk Search 06-23-2010 2 1	2	1
How do I get the diff.py command to work? I moved my Splunk instance to another machine and I'm getting the following error message: 2010-06-15 16:20:24,739 ER... by rsimmons Splunk Employee in Splunk Search 06-23-2010 0 1	0	1
Cannot use auto_finalize_ec in search I find the document about auto finalize in this page http://zh-hant.splunk.com/base/Documentation/latest/Developer/RE... by Jaci Splunk Employee in Splunk Search 06-23-2010 1 2	1	2
Multivalue Regex capture If I have an event with more than one IP addres in it, how can I write a regex that will capture all of the IP's? Ex... by Derek Path Finder in Splunk Search 06-23-2010 0 1	0	1
Working with eventtypes: how to solve duplicated rows into results Good morning, I'm developing for a customer a very simple search. tag=mysourcetype tag=myeventtype startdaysago=7 ... by nik_splunk Path Finder in Splunk Search 06-23-2010 0 5	0	5
Pros and Cons: External lookup script vs custom search command? What are the pros and cons to using an external lookup script vs a custom search command when the purpose is simply t... by Lowell Super Champion in Splunk Search 06-22-2010 1 1	1	1
Calculate diff between two entries in a transaction? I'm trying to calculate the amount of time between two events and I'm having a lot of trouble. Because of some requi... by ericdp Explorer in Splunk Search 06-22-2010 0 2	0	2
one-way distributed searches Given servers A and B, how do you search both A AND B from server A, but disallow B from searching against A? by amrit Splunk Employee in Splunk Search 06-22-2010 3 3	3	3
How do I display percentage of 500 errors on a per-URI basis? So, I have a big set of web stats for a given time in a search. Basically, I want it broken down by uri_path and for ... by kdankmyer Engager in Splunk Search 06-21-2010 1 3	1	3
Comparing two data sets from the same timeframe and index? I am trying to compare the results of two searches that share a common timeframe and index, with a negation. The comm... by Tisiphone_1 Explorer in Splunk Search 06-19-2010 0 2	0	2
flashtimeline: Results and events sorted in same time order? In a view like the flashtimeline, there is a selector to choose between the results of the search and the log events ... by smisplunk Path Finder in Splunk Search 06-18-2010 0 6	0	6
Searching for all events before a specific date specified in the search string I have a search where I have been using "latesttime=-2d@d" to specify the time range, like so: ... latesttime=-2d@d ... by jwestberg Splunk Employee in Splunk Search 06-18-2010 1 5	1	5
Output of search to another search I am doing a search which gives me two fields and say parent1 and child1...n so with parent and child I have 1 to n r... by manuarora Explorer in Splunk Search 06-18-2010 1 6	1	6
Question about MVfields Hello there, Is it possible to chart a multivalued field against another multivalued field of the same size? For ex... by ifeldshteyn Communicator in Splunk Search 06-18-2010 0 3	0	3
Search help - reporting backup status We have many hosts running backups every night and report back if they are successful or not. I would like to simpli... by Jaci Splunk Employee in Splunk Search 06-17-2010 1 2	1	2