Splunk Search

Community Activity

exclude 'sendmail' in search options I am using the following in my search options: index="my_site_hosts" "hostABC" "failed" The results displays sendm... by subhap Engager in Splunk Search 07-23-2010 1 2	1	2
Changing AM/PM to 24 hours in search timeline Hi all, Is it possible to change the display of Flashtimeline (for example, the one used in the "search" app) to dis... by bojanz Communicator in Splunk Search 07-22-2010 2 3	2	3
Combining multiple fields for reporting I'm trying to get my results into a single field called Percent_CPU_Load. However, since the field is defined twice, ... by Beth Engager in Splunk Search 07-21-2010 0 2	0	2
Search App and main page overall statistics So on the main page of the Search app you have the 'Global Summary' and 'All indexed data' section which has the sour... by skippylou Communicator in Splunk Search 07-21-2010 1 2	1	2
search command for work time i have one question I want to search time Daily from 9 am to 6:00 pm How can to use search command ? Thank you for y... by shirolu Explorer in Splunk Search 07-21-2010 3 8	3	8
Eval time between events for transaction by group? Hi, I'd like to do a report that tells me how long a forwarder hasn't been active. I use transaction to join similar ... by gljiva Path Finder in Splunk Search 07-21-2010 2 5	2	5
Run search to determine if forwarder has splunkweb enabled? Is there a search string that would report on the status of splunkweb on each forwarding host? by muebel SplunkTrust in Splunk Search 07-20-2010 3 2	3	2
One-liner to print scheduled searches? Is there a command via splunk.exe or some other /bin tool that would output all scheduled searches in a particular in... by muebel SplunkTrust in Splunk Search 07-20-2010 2 2	2	2
Evaluate search with lookup field? Hi, I'm having problem with evaluating expression using lookup field. I create a lookup fileld by executing this sear... by gljiva Path Finder in Splunk Search 07-20-2010 0 2	0	2
Joining Transactions Hello, I have two searches that use transactions to get part of a table of results that I want. Firstly, index="... by Hazel Communicator in Splunk Search 07-20-2010 1 5	1	5
quick fields question. Time connected/time disconnect? I want my table to show a column with what time a username connected to the network and another column showing when t... by riderofyamaha Explorer in Splunk Search 07-19-2010 0 6	0	6
Splunk Searching Commands/Strings Im fairly new to splunk (and linux for that matter) but I am trying to find a Web Page or Manual or whaeter that will... by ljeffery New Member in Splunk Search 07-19-2010 0 1	0	1
Rewriting value of field if value is negative Hi, I would like to rewrite bogus field values that are negative to 0. For example I would like to run the followin... by mcwomble Path Finder in Splunk Search 07-17-2010 0 1	0	1
Follow event from source forwarder to indexer; how to troubleshoot a missing sourcetype I just set up a new splunk forwarder on a linux host. One of the inputs is a monitor of the /var/log/messages file. ... by muebel SplunkTrust in Splunk Search 07-16-2010 1 3	1	3
Splunkd won't restart after power failure I'm running Splunk 4.1.3 on Windows 2008 R2 x64 and had a poweroutage. The splunkd service will not restart. Crash ... by meatago Explorer in Splunk Search 07-16-2010 0 1	0	1
How can I configure REGEX to recognize/match on a multi-line event? I have a REGEX configured (in transforms.conf) that works with my single line events, but appears to be failing on al... by the_wolverine Champion in Splunk Search 07-16-2010 1 3	1	3
Which of these two searches is more performant or optimized, if at all? Which search below is better or optimal from a performance perspective and why? sourcetype="mysoucetype" AND field1=... by maverick Splunk Employee in Splunk Search 07-16-2010 4 3	4	3
Timechart and Chart display buggy column "count" when using "limit=0" I've noticed that on Splunk 4.1.3 the timechart and chart commands, when used with "limit=0", the "count" aggregation... by Paolo_Prigione Builder in Splunk Search 07-15-2010 0 2	0	2
mktime/strptime error (not working as documented) I have a field in some events that contains a time as a string. The times are in the format "2010-07-15-13", which t... by npt05001 Engager in Splunk Search 07-15-2010 0 2	0	2
Unable to delete events? I've tried to delete events for a particular source,say source="tcp:1234" \| delete The operation was successful.How... by remy06 Contributor in Splunk Search 07-15-2010 2 4	2	4
Multi-column stats: average and count for a column I am building a search to find the average amount of time an action takes: sourcetype="timelog" \| stats avg(reque... by isnoop New Member in Splunk Search 07-15-2010 0 1	0	1
How can I exclude a subset of tags from my metadata search? I run a metadata search that populates a summary page to link to all of my tags. The goal of the summary page is to ... by Simeon Splunk Employee in Splunk Search 07-14-2010 1 1	1	1
Parsing us and ms times (e.g. q=15ms) We have a log line that looks like: Jul 14 15:47:34 127.0.0.1 1 [000004ff000216970000489c] Serv foo.com 158578_40df3... by Oren Explorer in Splunk Search 07-14-2010 0 1	0	1
How to get the values inside search hello, my problem is: when I type the query in the search bar, such as: source="number.txt" it will so like that:... by sony_1688 New Member in Splunk Search 07-13-2010 0 5	0	5
Lookup error after upgrading to 4.1 I get a lookup error "does not exist" after i upgraded to 4.1 almost in all apps, also my browser goes not responding... by mohmed935 Engager in Splunk Search 07-13-2010 0 1	0	1