Splunk Search

Community Activity

Informix Audit Regular Expression I have the following content in the log file ==== ONLN\|2010-07-06 13:53:52.000\|test.tester.com\|1068\|db_server_name\|... by klkumar10 Explorer in Splunk Search 07-08-2010 0 5	0	5
Howto Chart Fields by Host I am indexing results from facter which logs information about each host. I can get the most up to date list of thes... by muebel SplunkTrust in Splunk Search 07-07-2010 0 4	0	4
Comparing two fields with > operator Hello, I am trying to compare two fields with a simple operator but it does not seem to perform as expected. I am s... by srw46 Path Finder in Splunk Search 07-07-2010 1 2	1	2
Searching for the empty string In a datasource that uses single quotes as the event delimiter, like so: field1='value1' field2='value2' field3='' ... by jwestberg Splunk Employee in Splunk Search 07-07-2010 2 10	2	10
Can splunk help me further analyze/refine the durations of my transactions? Hi, We've created two transactions to correlate logs spanning several components. We needed to define alias terms ... by treena Explorer in Splunk Search 07-06-2010 5 6	5	6
WMI kv field extraction is very slow... (How to make your WMI searches 20x faster) I'm running into some really slow performance searching on WMI sources. In this case I'm just trying to get some gen... by Lowell Super Champion in Splunk Search 07-06-2010 1 3	1	3
Frequency of events - how often an event was logged Does anyone have a good way (or am I missing the something obvious?) of calculating for a defined time range the aver... by Derek Path Finder in Splunk Search 07-06-2010 0 2	0	2
Regarding Splunk's eval random() function Since it does not appear that you can pass a number into the random() function, I'm curious to know what is being use... by maverick Splunk Employee in Splunk Search 07-06-2010 3 3	3	3
Different field value result - props.conf versus rex - using same regular expression I have an event that is coming from a Windows forwarder. When you view the event in the log file on the server it loo... by Derek Path Finder in Splunk Search 07-03-2010 0 2	0	2
Repeating regex to fill multivalue field Ok. Not having a spectacular regex day... I have this: Recipients: joe.smith@mig.mydomain.com, jane.smith@mig.mydom... by Derek Path Finder in Splunk Search 07-02-2010 1 2	1	2
Saved Searches not emailing out I have saved searches and all of a sudden with no changes they are returning this error to the python.log file. ERRO... by jtwcarboy New Member in Splunk Search 07-02-2010 0 7	0	7
Unable to get the open transactions whose events match the startsWith clause only I'm unable to list the transactions that have events matching with startWith clause but no events for endsWith clause... by Krishna_R Path Finder in Splunk Search 07-01-2010 1 9	1	9
simple field extraction not working I've been breaking my head over this very simple field extraction. My extraction (see eg., below) has problems beca... by pjmenon Explorer in Splunk Search 07-01-2010 0 21	0	21
is * supported? Is the wildcard search star * supported by logs in splunk? Im trying to see if splunk is seeing changes being made in... by riderofyamaha Explorer in Splunk Search 07-01-2010 0 3	0	3
How to use command "splunk resurrect". Hi, question about restoration of indexed data. I know how to restore(or search old) indexes data by putting necessa... by melonman Motivator in Splunk Search 06-30-2010 1 1	1	1
How can I get CLI searches to appear in the Job Manager? It looks like the Job Manager currently does not allow me to track CLI searches. Is there some way I can get a jobid... by the_wolverine Champion in Splunk Search 06-29-2010 2 2	2	2
Incomplete data returned after subsearch or join Hello, I found that when I use subsearch or join command to join data, I can't make splunk to return the complete ... by kalitbri Explorer in Splunk Search 06-29-2010 0 3	0	3
eval expression usage Greetings. I am trying to use an expression in the search string that will not display certain IP addresses. I have ... by bbear Explorer in Splunk Search 06-29-2010 1 4	1	4
Extracting number of fields from a multi line event Hello, I am trying to extract fields from an event which looks like this (I have multiple events) total time (ms): ... by hiwell Explorer in Splunk Search 06-29-2010 0 3	0	3
Custom Field Extractions not visible in search head... Hey guys, We are monitoring 2 specific CSV Log files on one indexer. I setup the appropriate custom field extractio... by balbano Contributor in Splunk Search 06-29-2010 0 6	0	6
Compare 2 fields Basically I have a line of data that looks like this: Jun 28 14:15:10 sc4-app04.mcafeesecure.com portal: ACCESS Clic... by mcafeesecure Explorer in Splunk Search 06-29-2010 3 3	3	3
I'm being audited. Can i give my auditor a list of hosts and the indexes their data is in? An auditor is requesting that we furnish them with a list of all servers logging to splunk and the index they are bei... by Michael_Wilde Splunk Employee in Splunk Search 06-29-2010 1 2	1	2
Editing logs at index time I have splunk indexing a local file that is being continuously written to and I need the first word in each event to ... by mawwx3 Explorer in Splunk Search 06-28-2010 0 4	0	4
How to collapse unneeded lines in the search result for a very long event? Search string "mismatch". The single event is about 2-3K lines or more. In the lines of text there are 5 lines with ... by zliu Splunk Employee in Splunk Search 06-28-2010 1 6	1	6
Windows security event log regex help I need a regex that can process all security events with eventid 540 that don't contain $, SYSTEM, or ANONYMOUS LOGON... by chowell Explorer in Splunk Search 06-28-2010 0 2	0	2