Splunk Search

Community Activity

How to search across multiple lines I have a logfile that is not very orthogonal. It will include, for example, IP Address of an action one line, and th... by Mystere New Member in Splunk Search 04-26-2010 0 2	0	2
Can I create and delete tags using search expressions in Splunk 4.0? The tagcreate and tagdelete commands existed in Splunk 3.x, but they do not seem to be supported in Splunk 4.0. Any ... by maverick Splunk Employee in Splunk Search 04-26-2010 3 4	3	4
Is it possible to use typeahead with HiddenSearch/ExtendedFieldSearch? build an application limiting end-user searches to a single field (by using HiddenSearch/ExtendedFieldSearch modules)... by zliu Splunk Employee in Splunk Search 04-24-2010 0 1	0	1
Export a csv of all hosts and their sources? I need to generate a splunk coverage report that shows all of the hosts and all of the sources they are sending from.... by Peter Path Finder in Splunk Search 04-24-2010 0 5	0	5
Defining custom sourcetypes. I'm trying to define a custom set of fields for a sourcetype and am finding that the "train" command is a) tedious b)... by maxmichaels New Member in Splunk Search 04-23-2010 0 2	0	2
Sort rows in tables The results of a report show the following in a table: -variable value -Allowed 1 -Allowed_Tagged 1 -Blocked... by ghnwmlguy Explorer in Splunk Search 04-23-2010 1 4	1	4
Extracted fields are not visible in the UI i.e. from pickfields --input.conf [monitor:///etl/issrdr/scripts/tst/splunk/input/updates.csv] index=iss-rdr --props.conf [source::/et... by sreedhardudi New Member in Splunk Search 04-23-2010 0 4	0	4
What is the purpose of var/run/splunk/dispatch/.../metadata.csv? I have been having repeated warnings that the system is unable to read metadata.csv, which looks like it should be lo... by muebel SplunkTrust in Splunk Search 04-23-2010 1 1	1	1
Why do I get different Search Behavior depending on fields.conf? I'm running a search based on a field extracted at search time using props.conf. I've noticed that if I don't have a... by mzorzi Splunk Employee in Splunk Search 04-23-2010 3 4	3	4
Evaluate an event's repetition (logfail) over a time unit, if repetition is greater than X Good morning all! Today my goal is : evaluate suspicious logfail by a criteria (as follow). If "logfail" on the same... by nik_splunk Path Finder in Splunk Search 04-23-2010 2 4	2	4
How to search for a field value that has appeared as the value of some other field? I have a simple case where I want to see if the value of one field has shown up as the value of another field. rec=d... by the_wolverine Champion in Splunk Search 04-23-2010 1 3	1	3
Calculate the percentage for top X values of a field per day over time Hi I was wondering if it is possible to generate a chart based on the following criteria: “Display the top X perce... by sranga Path Finder in Splunk Search 04-23-2010 2 4	2	4
Calculate the percentage of logs with a certain criteria among all requests Hi Say I have the following log statements (generated throughout the day): id=111,type=2,field1=y id=141,type=2... by sranga Path Finder in Splunk Search 04-23-2010 1 7	1	7
simulating a SQL JOIN in Splunk I have indexed the contents of a relational database along with a log file. My log contains these fields: cost - thi... by Justin_Grant Contributor in Splunk Search 04-22-2010 8 6	8	6
Is there a way to list enabled apps from the CLI? I thought there was a way to enumerate the enabled and disabled apps from the CLI. Is this so, and if so, what is it? by gkanapathy Splunk Employee in Splunk Search 04-22-2010 2 7	2	7
Display both unique and total columns in a chart table Hi, am looking to pull together a table chart of our threat data that contains 3 columns: threat, totalhosts and uniq... by pj Contributor in Splunk Search 04-22-2010 1 1	1	1
How can I use Splunk to determine Phishing attempts? What are some methods of determining anomalous login behavior with Splunk? by Yancy Path Finder in Splunk Search 04-21-2010 2 3	2	3
How do I automatically tag new results? I need to create a custom chart in splunk and be able to tag the results of that search with a ticket number for trac... by mctester Communicator in Splunk Search 04-21-2010 2 1	2	1
Field extraction with kv/extract Hi, I am trying to extract fields of the form [key1=value with spaces] [key2=value with spaces] using the kv search ... by davidha New Member in Splunk Search 04-21-2010 0 3	0	3
Field extraction on post multikv field? Is it possible to create a field extraction on a field that only exists after piping through multikv? In other words... by Simon_Shelston Splunk Employee in Splunk Search 04-21-2010 0 3	0	3
Multiple Pie Charts from one search Hello, We have an app that pings urls to get the status codes. Each application has a separate url and so i use a s... by Hazel Communicator in Splunk Search 04-20-2010 3 7	3	7
Is it possible to present search results in the RSS feed? Currently, Splunk will provide a link to search results in the RSS feed. I guess I want an option like inline=True f... by hulahoop Splunk Employee in Splunk Search 04-17-2010 1 1	1	1
when Im using an earliest time value of -1mon, what does it do in cases like March 31st? on March 13th, -1mon maps to February 13th, at whatever the current time of day is. And -1mon@d maps to February 13t... by sideview SplunkTrust in Splunk Search 04-17-2010 2 1	2	1
Fields from external source I set up an external field lookup and got it working properly. Today I tried add a second. So far, I can only get o... by thepocketwade Path Finder in Splunk Search 04-16-2010 2 7	2	7
How to create stacked bar chart for http/https? is it possible to do a stacked bar chart where it splits it in two to show how much is https requests and how much is... by jrich523 Path Finder in Splunk Search 04-15-2010 1 2	1	2