Thread Info | |||||
---|---|---|---|---|---|
Use Case: Correlate logon events from a Windows desktop to events on the domain controller.
Sample (shortened) eve...
by
hulahoop
Splunk Employee
in
Splunk Search
01-21-2010
|
2
|
9
| |||
I've got an application that logs status events. The values in these events generally will not change. Is there a sea...
by
matt
Splunk Employee
in
Splunk Search
01-27-2010
|
1
|
1
| |||
What is wrong with the way I'm using eval here?
source="/some.audit.log" "End" "/foo/baz"
| rex field=_raw "(?P<Re...
by
dinh
Path Finder
in
Splunk Search
01-23-2010
|
0
|
5
| |||
Sometimes I come across an event in my index that I'd like to refer to later, either as part of an investigation or t...
by
Johnvey
Contributor
in
Splunk Search
01-22-2010
|
1
|
3
| |||
I have a saved seach setup to check every minute for file changes. I have the start time set for [-1m] to search back...
by
Mick
Splunk Employee
in
Splunk Search
01-22-2010
|
2
|
1
| |||
I have a log which often has redundant events, where "redundant" is defined as 2+ events, on subsequent lines, where ...
by
Justin_Grant
Contributor
in
Splunk Search
01-15-2010
|
0
|
2
| |||
I need to understand how adding fields to raw data will increase our index size growth. We are in the process of addi...
by
Mick
Splunk Employee
in
Splunk Search
01-21-2010
|
2
|
1
| |||
I need to share all of the field extractions in my app with all of the other apps on the system. What is the most eff...
by
matt
Splunk Employee
in
Splunk Search
01-14-2010
|
2
|
5
| |||
$SPLUNK_HOME/var/lib/splunk/defaultdb/db/Sources.data
On a fresh install I see this file has something like this:...
by
matt
Splunk Employee
in
Splunk Search
01-20-2010
|
1
|
2
| |||
[UPDATE: from the answer below, it sounds like what I'm looking for is not supported in the product today. I'm tackin...
by
Justin_Grant
Contributor
in
Splunk Search
01-19-2010
|
18
|
2
| |||
I wrote a search operator that takes actions external to splunk. It has to take an action to 'complete' its operation...
by
jrodman
Splunk Employee
in
Splunk Search
01-14-2010
|
1
|
2
| |||
Because wc -l of the input doesn't match my event count, and I'm trying to troubleshoot.
by
V_at_Splunk
Splunk Employee
in
Splunk Search
01-14-2010
|
1
|
2
|