Thread Info | |||||
---|---|---|---|---|---|
There are plenty of ways to specify the exact time range or maximum range between two events in a search. But I need ...
by
Tisiphone
Engager
in
Splunk Search
02-18-2010
|
3
|
1
| |||
explain the significance of the connected flag in transaction
by
Ledion_Bitincka
Splunk Employee
in
Splunk Search
02-11-2010
|
2
|
1
| |||
Dan Goldburt asks: I'm consistently getting the following request from customers: "can I see where each event came fr...
by
Ledion_Bitincka
Splunk Employee
in
Splunk Search
02-11-2010
|
1
|
1
| |||
Such a helpful command, and yet doesn't work for me...
by
V_at_Splunk
Splunk Employee
in
Splunk Search
01-17-2010
|
1
|
3
| |||
When I run this search -
source="*conn.log" | rex field=_raw "\.IP = '(?<connectionIp>[^']+)" | fields host, conne...
by
Mick
Splunk Employee
in
Splunk Search
02-05-2010
|
4
|
1
| |||
We are attempting to create a report that compares message traffic for the past two complete weeks.
We have this ...
by
Mick
Splunk Employee
in
Splunk Search
02-04-2010
|
0
|
2
| |||
Any recommended best practices for managing eventtypes and their corresponding tags?
I've found the Splunk Common ...
by
Yancy
Path Finder
in
Splunk Search
02-02-2010
|
0
|
2
| |||
What is wrong with this regex?
(?P<AUTH_PIN_TYPE>[^ ]+)( [^ ]+){2}$
The interactive field extractor gives this...
by
dinh
Path Finder
in
Splunk Search
01-30-2010
|
0
|
5
| |||
I am using the transaction command to sessionize web access log events and therefore have made referer, uri etc. into...
by
cfrln
Explorer
in
Splunk Search
01-29-2010
|
4
|
3
| |||
Let say I have events coming in everyday and I want to group the events as Monday's events, Tuesday's events, and so ...
by
hans
Splunk Employee
in
Splunk Search
01-15-2010
|
1
|
2
| |||
Use Case: Find Juniper firewall events where the source/destination IP (Src_Zone/Dst_Zone) does or does not belong in...
by
hulahoop
Splunk Employee
in
Splunk Search
01-21-2010
|
5
|
5
| |||
Use Case: Correlate logon events from a Windows desktop to events on the domain controller.
Sample (shortened) eve...
by
hulahoop
Splunk Employee
in
Splunk Search
01-21-2010
|
2
|
9
| |||
I've got an application that logs status events. The values in these events generally will not change. Is there a sea...
by
matt
Splunk Employee
in
Splunk Search
01-27-2010
|
1
|
1
| |||
What is wrong with the way I'm using eval here?
source="/some.audit.log" "End" "/foo/baz"
| rex field=_raw "(?P<Re...
by
dinh
Path Finder
in
Splunk Search
01-23-2010
|
0
|
5
| |||
Sometimes I come across an event in my index that I'd like to refer to later, either as part of an investigation or t...
by
Johnvey
Contributor
in
Splunk Search
01-22-2010
|
1
|
3
| |||
I have a saved seach setup to check every minute for file changes. I have the start time set for [-1m] to search back...
by
Mick
Splunk Employee
in
Splunk Search
01-22-2010
|
2
|
1
| |||
I have a log which often has redundant events, where "redundant" is defined as 2+ events, on subsequent lines, where ...
by
Justin_Grant
Contributor
in
Splunk Search
01-15-2010
|
0
|
2
| |||
I need to understand how adding fields to raw data will increase our index size growth. We are in the process of addi...
by
Mick
Splunk Employee
in
Splunk Search
01-21-2010
|
2
|
1
| |||
I need to share all of the field extractions in my app with all of the other apps on the system. What is the most eff...
by
matt
Splunk Employee
in
Splunk Search
01-14-2010
|
2
|
5
| |||
$SPLUNK_HOME/var/lib/splunk/defaultdb/db/Sources.data
On a fresh install I see this file has something like this:...
by
matt
Splunk Employee
in
Splunk Search
01-20-2010
|
1
|
2
| |||
[UPDATE: from the answer below, it sounds like what I'm looking for is not supported in the product today. I'm tackin...
by
Justin_Grant
Contributor
in
Splunk Search
01-19-2010
|
18
|
2
| |||
I wrote a search operator that takes actions external to splunk. It has to take an action to 'complete' its operation...
by
jrodman
Splunk Employee
in
Splunk Search
01-14-2010
|
1
|
2
| |||
Because wc -l of the input doesn't match my event count, and I'm trying to troubleshoot.
by
V_at_Splunk
Splunk Employee
in
Splunk Search
01-14-2010
|
1
|
2
|