Splunk Search

Community Activity

What is the minimum free space value for a search? After upgrading to Splunk 4.1 from 4.0.10 today, we find that we can no longer run searches. splunkd.log shows: 04-... by Alan_Bradley Path Finder in Splunk Search 04-05-2010 4 1	4	1
Switching saved, scheduled searches to real time If I have a bunch of saved searches I run hourly, what should I consider before switching any or all of them to real ... by SteveS Splunk Employee in Splunk Search 04-05-2010 2 2	2	2
field extraction: matching a similar field more than once? I'm using Splunk 4.0.10. I've been working on doing field extractions (transforms.conf) on a DB2 log file. I've man... by mfrost8 Builder in Splunk Search 04-05-2010 0 1	0	1
What pipeline processor does sed pre-indexing run in? Question: What pipeline module does the sed pre-indexing code run in. I have the following props.conf in my app an... by zscgeek Path Finder in Splunk Search 04-05-2010 1 1	1	1
ERROR splunklogger - Uncaught exception in pipeline execution (tail) - getting next event Saw this error in splunklogger.log. What does it mean? by Jaci Splunk Employee in Splunk Search 04-01-2010 1 1	1	1
I have some Cisco syslog messages and not all of the fields are being extracted. We are indexing a lot of Cisco syslog messages. I notice that the host field is extracted correctly, but src/dst IP a... by rsimmons Splunk Employee in Splunk Search 04-01-2010 3 3	3	3
How do I set a timerange to be the last full 7 days? I have a script that populates the previous day's data early in the following morning. How do I set a time range such... by Peter Path Finder in Splunk Search 04-01-2010 2 3	2	3
Select Fields at search time I've got a field extraction defined in my props.conf, but now I want to be able to select it in a search without usin... by thepocketwade Path Finder in Splunk Search 04-01-2010 1 5	1	5
What is the procedure to build your own Splunk (search related) function? I have heard that this is possible - please correct me if I am wrong. Firstly, the reason I want to do this. We inde... by Glenn Builder in Splunk Search 04-01-2010 0 4	0	4
How do I account for many concurrent users when designing my hardware requirements I'm curious how to plan a deployment where i have many concurrent searches. I understand how to account for indexing... by Erik_Swan Splunk Employee in Splunk Search 03-29-2010 1 1	1	1
Can I make my dashboards load faster by scheduling the searches? I understand summary indexing can drastically improve the load time of my dashboards. In addition, if I schedule eac... by hulahoop Splunk Employee in Splunk Search 03-26-2010 7 5	7	5
Do search-time fields have performance considerations? Are search-time fields slow? Can I rely on them to efficiently sort through my data? Are there significant differenc... by jrodman Splunk Employee in Splunk Search 03-24-2010 5 4	5	4
How to find top 5 input data volumes of the day? I got Your index exceeded your 20.00 GB/day limit again. I would like to know which data inputs cause this. by Alan_Bradley Path Finder in Splunk Search 03-21-2010 0 2	0	2
How to subtract two specific requestTime For every Retention key (already extracted by Splunk: 20181947800000) I want to subtract the requestTime="2009-05-26T... by Alan_Bradley Path Finder in Splunk Search 03-19-2010 0 1	0	1
Search for disappeared and new hosts Hi I would like to have a way to find out whether hosts have stopped logging to our central log infrastructure or i... by chris Motivator in Splunk Search 03-19-2010 0 3	0	3
How can I create a stacked line graph with multiple values from the same log line? I am having trouble getting my head around the search required to graph multiple values from the same log event. It s... by Glenn Builder in Splunk Search 03-18-2010 2 5	2	5
Creating a parameterized transaction search Our office has a specific TRANSACTION search we do frequently to track all events related to a particular user. The s... by Justin_Grant Contributor in Splunk Search 03-16-2010 0 5	0	5
How to use 2 timeranges in a single search? I'd like to provide a table where the event count for today and yesterday are displayed. For example, count by statu... by hulahoop Splunk Employee in Splunk Search 03-16-2010 0 2	0	2
Does SEDCMD use PCRE regular expressions? I know that in general, regular expressions in Splunk use PCRE (or a modified PCRE for matching in props.conf source ... by gkanapathy Splunk Employee in Splunk Search 03-15-2010 3 1	3	1
How to optimize performance for scripted lookups? I would like to use a lookup into an external database to add fields to my events, but need some advice about perform... by Justin_Grant Contributor in Splunk Search 03-15-2010 2 3	2	3
What are the defaults for the dbinspect command? On the Search App > Status > Index activity dashboard, there is an Index health report showing the bucket spread over... by hulahoop Splunk Employee in Splunk Search 03-13-2010 1 1	1	1
Trying to combine two regexes into one I'm trying to throw out search results from a couple of different ip ranges. Currently I'm working with 2, but I mig... by thepocketwade Path Finder in Splunk Search 03-12-2010 3 4	3	4
Is it possible to include metadata in keyword searches? It is a subtlety of the search language that keyword searches run against the raw event data only. To search metadat... by hulahoop Splunk Employee in Splunk Search 03-09-2010 1 2	1	2
How can I limit the number of results that can be returned in a search (in UI)? I'd like to limit certain users from running expensive searches by limiting the number of results that can be returne... by the_wolverine Champion in Splunk Search 03-09-2010 2 1	2	1
How do I change the default granularity on a chart? How do I change the default granularity on a chart? It appears I'm hitting a limit somewhere and I'm not getting as ... by dskillman Splunk Employee in Splunk Search 03-04-2010 5 2	5	2