Splunk Search

Community Activity

Consolidate fields at search time How can I consolidate 2 or more fields into one new field at search time? e.g. ...\| fields a,b,c \| d In the above I... by Josh Path Finder in Splunk Search 04-28-2010 0 7	0	7
Field Extractions Hello, I am trying to configure a props/transforms and it is not working. it does not come up as an extra field tha... by Hazel Communicator in Splunk Search 04-28-2010 1 3	1	3
Showing multiline _raw data in a table Hello, I am rewriting this - hope it makes more sense. I have config files, which I am passing into splunk as follo... by Hazel Communicator in Splunk Search 04-28-2010 0 6	0	6
How can I see what the source and sourcetype are for an Event In Previous versions of splunk on the search interface a "source" and "sourcetype" were reported underneath each in e... by igotimac Engager in Splunk Search 04-26-2010 1 2	1	2
Breaking unusual log files Hi All, I am having trouble breaking up the log file below: Each log entry starts with id:#################### and ... by Josh Path Finder in Splunk Search 04-26-2010 1 5	1	5
Viewing URLs by IP over time In the Splunk 4.1 webcast earlier this week, one of the presenters showed a combined_access report that looked to pro... by prodport New Member in Splunk Search 04-26-2010 0 2	0	2
What is the TimeRangePIcker? After upgrading to version 4.1.1, build 78281, Splunk shows a JavaScript prompt with the following error in the searc... by rayfoo Path Finder in Splunk Search 04-26-2010 1 3	1	3
How to search across multiple lines I have a logfile that is not very orthogonal. It will include, for example, IP Address of an action one line, and th... by Mystere New Member in Splunk Search 04-26-2010 0 2	0	2
Can I create and delete tags using search expressions in Splunk 4.0? The tagcreate and tagdelete commands existed in Splunk 3.x, but they do not seem to be supported in Splunk 4.0. Any ... by maverick Splunk Employee in Splunk Search 04-26-2010 3 4	3	4
Is it possible to use typeahead with HiddenSearch/ExtendedFieldSearch? build an application limiting end-user searches to a single field (by using HiddenSearch/ExtendedFieldSearch modules)... by zliu Splunk Employee in Splunk Search 04-24-2010 0 1	0	1
Export a csv of all hosts and their sources? I need to generate a splunk coverage report that shows all of the hosts and all of the sources they are sending from.... by Peter Path Finder in Splunk Search 04-24-2010 0 5	0	5
Defining custom sourcetypes. I'm trying to define a custom set of fields for a sourcetype and am finding that the "train" command is a) tedious b)... by maxmichaels New Member in Splunk Search 04-23-2010 0 2	0	2
Sort rows in tables The results of a report show the following in a table: -variable value -Allowed 1 -Allowed_Tagged 1 -Blocked... by ghnwmlguy Explorer in Splunk Search 04-23-2010 1 4	1	4
Extracted fields are not visible in the UI i.e. from pickfields --input.conf [monitor:///etl/issrdr/scripts/tst/splunk/input/updates.csv] index=iss-rdr --props.conf [source::/et... by sreedhardudi New Member in Splunk Search 04-23-2010 0 4	0	4
What is the purpose of var/run/splunk/dispatch/.../metadata.csv? I have been having repeated warnings that the system is unable to read metadata.csv, which looks like it should be lo... by muebel SplunkTrust in Splunk Search 04-23-2010 1 1	1	1
Why do I get different Search Behavior depending on fields.conf? I'm running a search based on a field extracted at search time using props.conf. I've noticed that if I don't have a... by mzorzi Splunk Employee in Splunk Search 04-23-2010 3 4	3	4
Evaluate an event's repetition (logfail) over a time unit, if repetition is greater than X Good morning all! Today my goal is : evaluate suspicious logfail by a criteria (as follow). If "logfail" on the same... by nik_splunk Path Finder in Splunk Search 04-23-2010 2 4	2	4
How to search for a field value that has appeared as the value of some other field? I have a simple case where I want to see if the value of one field has shown up as the value of another field. rec=d... by the_wolverine Champion in Splunk Search 04-23-2010 1 3	1	3
Calculate the percentage for top X values of a field per day over time Hi I was wondering if it is possible to generate a chart based on the following criteria: “Display the top X perce... by sranga Path Finder in Splunk Search 04-23-2010 2 4	2	4
Calculate the percentage of logs with a certain criteria among all requests Hi Say I have the following log statements (generated throughout the day): id=111,type=2,field1=y id=141,type=2... by sranga Path Finder in Splunk Search 04-23-2010 1 7	1	7
simulating a SQL JOIN in Splunk I have indexed the contents of a relational database along with a log file. My log contains these fields: cost - thi... by Justin_Grant Contributor in Splunk Search 04-22-2010 8 6	8	6
Is there a way to list enabled apps from the CLI? I thought there was a way to enumerate the enabled and disabled apps from the CLI. Is this so, and if so, what is it? by gkanapathy Splunk Employee in Splunk Search 04-22-2010 2 7	2	7
Display both unique and total columns in a chart table Hi, am looking to pull together a table chart of our threat data that contains 3 columns: threat, totalhosts and uniq... by pj Contributor in Splunk Search 04-22-2010 1 1	1	1
How can I use Splunk to determine Phishing attempts? What are some methods of determining anomalous login behavior with Splunk? by Yancy Path Finder in Splunk Search 04-21-2010 2 3	2	3
How do I automatically tag new results? I need to create a custom chart in splunk and be able to tag the results of that search with a ticket number for trac... by mctester Communicator in Splunk Search 04-21-2010 2 1	2	1