Splunk Search

Community Activity

Find a misconfigured host time? I'm seeing this in my splunkd.log: 07-09-2010 12:53:21.299 WARN DateParserVerbose - Time parsed (Fri Jul 9 12:53:1... by b1nki3 Explorer in Splunk Search 07-09-2010 0 2	0	2
inclusion of .csv file in search I remember being able to include a standard text file, perhaps a .csv, in the 3.x branch. The search would then itera... by b1nki3 Explorer in Splunk Search 07-09-2010 1 3	1	3
Can a search be terminated prematurely based on a condition established within that search? Is there a kind of conditional search command that can be used to stop or prematurely terminate a search based on a g... by Lowell Super Champion in Splunk Search 07-08-2010 2 2	2	2
Help with subsearches We are required to produce monthly audits of access to files that are covered by SOX. There are 8 groups of folders ... by jambajuice Communicator in Splunk Search 07-08-2010 0 1	0	1
Can alert condition be set in command line search Hi. How would I run a search command in command line. The problem is that I would also like to set an alert condition... by alextsui Path Finder in Splunk Search 07-08-2010 3 3	3	3
Informix Audit Regular Expression I have the following content in the log file ==== ONLN\|2010-07-06 13:53:52.000\|test.tester.com\|1068\|db_server_name\|... by klkumar10 Explorer in Splunk Search 07-08-2010 0 5	0	5
Howto Chart Fields by Host I am indexing results from facter which logs information about each host. I can get the most up to date list of thes... by muebel SplunkTrust in Splunk Search 07-07-2010 0 4	0	4
Comparing two fields with > operator Hello, I am trying to compare two fields with a simple operator but it does not seem to perform as expected. I am s... by srw46 Path Finder in Splunk Search 07-07-2010 1 2	1	2
Searching for the empty string In a datasource that uses single quotes as the event delimiter, like so: field1='value1' field2='value2' field3='' ... by jwestberg Splunk Employee in Splunk Search 07-07-2010 2 10	2	10
Can splunk help me further analyze/refine the durations of my transactions? Hi, We've created two transactions to correlate logs spanning several components. We needed to define alias terms ... by treena Explorer in Splunk Search 07-06-2010 5 6	5	6
WMI kv field extraction is very slow... (How to make your WMI searches 20x faster) I'm running into some really slow performance searching on WMI sources. In this case I'm just trying to get some gen... by Lowell Super Champion in Splunk Search 07-06-2010 1 3	1	3
Frequency of events - how often an event was logged Does anyone have a good way (or am I missing the something obvious?) of calculating for a defined time range the aver... by Derek Path Finder in Splunk Search 07-06-2010 0 2	0	2
Regarding Splunk's eval random() function Since it does not appear that you can pass a number into the random() function, I'm curious to know what is being use... by maverick Splunk Employee in Splunk Search 07-06-2010 3 3	3	3
Different field value result - props.conf versus rex - using same regular expression I have an event that is coming from a Windows forwarder. When you view the event in the log file on the server it loo... by Derek Path Finder in Splunk Search 07-03-2010 0 2	0	2
Repeating regex to fill multivalue field Ok. Not having a spectacular regex day... I have this: Recipients: joe.smith@mig.mydomain.com, jane.smith@mig.mydom... by Derek Path Finder in Splunk Search 07-02-2010 1 2	1	2
Saved Searches not emailing out I have saved searches and all of a sudden with no changes they are returning this error to the python.log file. ERRO... by jtwcarboy New Member in Splunk Search 07-02-2010 0 7	0	7
Unable to get the open transactions whose events match the startsWith clause only I'm unable to list the transactions that have events matching with startWith clause but no events for endsWith clause... by Krishna_R Path Finder in Splunk Search 07-01-2010 1 9	1	9
simple field extraction not working I've been breaking my head over this very simple field extraction. My extraction (see eg., below) has problems beca... by pjmenon Explorer in Splunk Search 07-01-2010 0 21	0	21
is * supported? Is the wildcard search star * supported by logs in splunk? Im trying to see if splunk is seeing changes being made in... by riderofyamaha Explorer in Splunk Search 07-01-2010 0 3	0	3
How to use command "splunk resurrect". Hi, question about restoration of indexed data. I know how to restore(or search old) indexes data by putting necessa... by melonman Motivator in Splunk Search 06-30-2010 1 1	1	1
How can I get CLI searches to appear in the Job Manager? It looks like the Job Manager currently does not allow me to track CLI searches. Is there some way I can get a jobid... by the_wolverine Champion in Splunk Search 06-29-2010 2 2	2	2
Incomplete data returned after subsearch or join Hello, I found that when I use subsearch or join command to join data, I can't make splunk to return the complete ... by kalitbri Explorer in Splunk Search 06-29-2010 0 3	0	3
eval expression usage Greetings. I am trying to use an expression in the search string that will not display certain IP addresses. I have ... by bbear Explorer in Splunk Search 06-29-2010 1 4	1	4
Extracting number of fields from a multi line event Hello, I am trying to extract fields from an event which looks like this (I have multiple events) total time (ms): ... by hiwell Explorer in Splunk Search 06-29-2010 0 3	0	3
Custom Field Extractions not visible in search head... Hey guys, We are monitoring 2 specific CSV Log files on one indexer. I setup the appropriate custom field extractio... by balbano Contributor in Splunk Search 06-29-2010 0 6	0	6