Thread Info | |||||
---|---|---|---|---|---|
There are some who are really good at regular expression, some okay, and the rest who downright are lost beyond a spl...
by
matt_1
Explorer
in
Splunk Search
02-25-2010
|
2
|
1
| |||
Does maxresults in limits.conf have an effect when piping results to the stats command? For example, if I run a searc...
by
kbecker
Communicator
in
Splunk Search
02-26-2010
|
2
|
1
| |||
I have millions of events being indexed by Splunk now and I suspect something is happening within my IT environment a...
by
maverick
Splunk Employee
in
Splunk Search
02-24-2010
|
1
|
1
| |||
Hi Splunkers,
I have a sample Perforce log file and I'm trying to extract the code contributors. Here is an exampl...
by
Nicholas_Key
Splunk Employee
in
Splunk Search
02-22-2010
|
2
|
2
| |||
How do i use the same search strings in splunks UI on the command line?
by
Chris_R_
Splunk Employee
in
Splunk Search
02-17-2010
|
0
|
4
| |||
There are plenty of ways to specify the exact time range or maximum range between two events in a search. But I need ...
by
Tisiphone
Engager
in
Splunk Search
02-18-2010
|
3
|
1
| |||
explain the significance of the connected flag in transaction
by
Ledion_Bitincka
Splunk Employee
in
Splunk Search
02-11-2010
|
2
|
1
| |||
Dan Goldburt asks: I'm consistently getting the following request from customers: "can I see where each event came fr...
by
Ledion_Bitincka
Splunk Employee
in
Splunk Search
02-11-2010
|
1
|
1
| |||
Such a helpful command, and yet doesn't work for me...
by
V_at_Splunk
Splunk Employee
in
Splunk Search
01-17-2010
|
1
|
3
| |||
When I run this search -
source="*conn.log" | rex field=_raw "\.IP = '(?<connectionIp>[^']+)" | fields host, conne...
by
Mick
Splunk Employee
in
Splunk Search
02-05-2010
|
4
|
1
| |||
We are attempting to create a report that compares message traffic for the past two complete weeks.
We have this ...
by
Mick
Splunk Employee
in
Splunk Search
02-04-2010
|
0
|
2
| |||
Any recommended best practices for managing eventtypes and their corresponding tags?
I've found the Splunk Common ...
by
Yancy
Path Finder
in
Splunk Search
02-02-2010
|
0
|
2
| |||
What is wrong with this regex?
(?P<AUTH_PIN_TYPE>[^ ]+)( [^ ]+){2}$
The interactive field extractor gives this...
by
dinh
Path Finder
in
Splunk Search
01-30-2010
|
0
|
5
| |||
I am using the transaction command to sessionize web access log events and therefore have made referer, uri etc. into...
by
cfrln
Explorer
in
Splunk Search
01-29-2010
|
4
|
3
| |||
Let say I have events coming in everyday and I want to group the events as Monday's events, Tuesday's events, and so ...
by
hans
Splunk Employee
in
Splunk Search
01-15-2010
|
1
|
2
| |||
Use Case: Find Juniper firewall events where the source/destination IP (Src_Zone/Dst_Zone) does or does not belong in...
by
hulahoop
Splunk Employee
in
Splunk Search
01-21-2010
|
5
|
5
| |||
Use Case: Correlate logon events from a Windows desktop to events on the domain controller.
Sample (shortened) eve...
by
hulahoop
Splunk Employee
in
Splunk Search
01-21-2010
|
2
|
9
| |||
I've got an application that logs status events. The values in these events generally will not change. Is there a sea...
by
matt
Splunk Employee
in
Splunk Search
01-27-2010
|
1
|
1
| |||
What is wrong with the way I'm using eval here?
source="/some.audit.log" "End" "/foo/baz"
| rex field=_raw "(?P<Re...
by
dinh
Path Finder
in
Splunk Search
01-23-2010
|
0
|
5
| |||
Sometimes I come across an event in my index that I'd like to refer to later, either as part of an investigation or t...
by
Johnvey
Contributor
in
Splunk Search
01-22-2010
|
1
|
3
| |||
I have a saved seach setup to check every minute for file changes. I have the start time set for [-1m] to search back...
by
Mick
Splunk Employee
in
Splunk Search
01-22-2010
|
2
|
1
| |||
I have a log which often has redundant events, where "redundant" is defined as 2+ events, on subsequent lines, where ...
by
Justin_Grant
Contributor
in
Splunk Search
01-15-2010
|
0
|
2
| |||
I need to understand how adding fields to raw data will increase our index size growth. We are in the process of addi...
by
Mick
Splunk Employee
in
Splunk Search
01-21-2010
|
2
|
1
| |||
I need to share all of the field extractions in my app with all of the other apps on the system. What is the most eff...
by
matt
Splunk Employee
in
Splunk Search
01-14-2010
|
2
|
5
| |||
$SPLUNK_HOME/var/lib/splunk/defaultdb/db/Sources.data
On a fresh install I see this file has something like this:...
by
matt
Splunk Employee
in
Splunk Search
01-20-2010
|
1
|
2
|