Splunk Search

Community Activity

How to search for a field value that has appeared as the value of some other field? I have a simple case where I want to see if the value of one field has shown up as the value of another field. rec=d... by the_wolverine Champion in Splunk Search 04-23-2010 1 3	1	3
Calculate the percentage for top X values of a field per day over time Hi I was wondering if it is possible to generate a chart based on the following criteria: “Display the top X perce... by sranga Path Finder in Splunk Search 04-23-2010 2 4	2	4
Calculate the percentage of logs with a certain criteria among all requests Hi Say I have the following log statements (generated throughout the day): id=111,type=2,field1=y id=141,type=2... by sranga Path Finder in Splunk Search 04-23-2010 1 7	1	7
simulating a SQL JOIN in Splunk I have indexed the contents of a relational database along with a log file. My log contains these fields: cost - thi... by Justin_Grant Contributor in Splunk Search 04-22-2010 8 6	8	6
Is there a way to list enabled apps from the CLI? I thought there was a way to enumerate the enabled and disabled apps from the CLI. Is this so, and if so, what is it? by gkanapathy Splunk Employee in Splunk Search 04-22-2010 2 7	2	7
Display both unique and total columns in a chart table Hi, am looking to pull together a table chart of our threat data that contains 3 columns: threat, totalhosts and uniq... by pj Contributor in Splunk Search 04-22-2010 1 1	1	1
How can I use Splunk to determine Phishing attempts? What are some methods of determining anomalous login behavior with Splunk? by Yancy Path Finder in Splunk Search 04-21-2010 2 3	2	3
How do I automatically tag new results? I need to create a custom chart in splunk and be able to tag the results of that search with a ticket number for trac... by mctester Communicator in Splunk Search 04-21-2010 2 1	2	1
Field extraction with kv/extract Hi, I am trying to extract fields of the form [key1=value with spaces] [key2=value with spaces] using the kv search ... by davidha New Member in Splunk Search 04-21-2010 0 3	0	3
Field extraction on post multikv field? Is it possible to create a field extraction on a field that only exists after piping through multikv? In other words... by Simon_Shelston Splunk Employee in Splunk Search 04-21-2010 0 3	0	3
Multiple Pie Charts from one search Hello, We have an app that pings urls to get the status codes. Each application has a separate url and so i use a s... by Hazel Communicator in Splunk Search 04-20-2010 3 7	3	7
Is it possible to present search results in the RSS feed? Currently, Splunk will provide a link to search results in the RSS feed. I guess I want an option like inline=True f... by hulahoop Splunk Employee in Splunk Search 04-17-2010 1 1	1	1
when Im using an earliest time value of -1mon, what does it do in cases like March 31st? on March 13th, -1mon maps to February 13th, at whatever the current time of day is. And -1mon@d maps to February 13t... by sideview SplunkTrust in Splunk Search 04-17-2010 2 1	2	1
Fields from external source I set up an external field lookup and got it working properly. Today I tried add a second. So far, I can only get o... by thepocketwade Path Finder in Splunk Search 04-16-2010 2 7	2	7
How to create stacked bar chart for http/https? is it possible to do a stacked bar chart where it splits it in two to show how much is https requests and how much is... by jrich523 Path Finder in Splunk Search 04-15-2010 1 2	1	2
Field extraction with duplicate values in fields Splunk 4.0.10 I have a log file that has 5 fields, date, time, account, received, authorized. It looks like this: 4... by kmattern Builder in Splunk Search 04-14-2010 0 3	0	3
display average hits per minute for each hour for a time range how do i show the average number of hits per minute for each hour? basically i have a system that will, on peak hour... by jrich523 Path Finder in Splunk Search 04-14-2010 3 1	3	1
Nested inputs (Splunk 4.1) Hi folks I have a directory structure on my server box (with splunk LWF) like this: /foo/bar/node1/server1/SystemOu... by Simon Contributor in Splunk Search 04-14-2010 1 3	1	3
How do you exclude certain days from a time range? If you have a time range and certain days contain data you'd like to exclude can you drop the days from your search r... by Marinus Communicator in Splunk Search 04-14-2010 4 2	4	2
Detect absence of an event I would like to be able to see if a user logs in via ssh but doesn't log out within 30 minutes. For example 12:28:4... by netwrkr Communicator in Splunk Search 04-14-2010 2 1	2	1
How to map an IP to a hostname in the splunk hosts list? My understanding is that this is now done via a splunk config file. How? by the_wolverine Champion in Splunk Search 04-14-2010 2 1	2	1
What is a search head? I see lots of reference to search heads as a way to improve search performance. I can't find a search head section o... by Alan_Bradley Path Finder in Splunk Search 04-14-2010 0 2	0	2
Using host tags (or similar) when searching on fields? I have a number of hosts that have a certain tag on them (let's say "sensitive"). I want to look for account lockout ... by Ayn Legend in Splunk Search 04-13-2010 1 2	1	2
Subsearch like correlated subquery in SQL Is it possible with subsearch to pass a list of search results to the outside search? similar to a SQL correlated sub... by Yancy Path Finder in Splunk Search 04-13-2010 3 3	3	3
What is the best way to handle sequential event funnels? Given a sequence of general to specific events (like product browsing a pages, followed by particular product pages)... by andynu Engager in Splunk Search 04-13-2010 2 2	2	2