| | Let's say you have two fields like so: a=0001L b=0002L What's the best way to force the eval command to see these ... 1 9 | 1 | 9 | |
| | Hello, i want all records from some hosts. How can i find records from hosts that match: host=chvj[34]04ld8[246] ? ... 1 2 | 1 | 2 | |
| | How can I submit an Enhancement Request (ER) / Request for Enhancement (RFE) to Splunk>? 7 2 | 7 | 2 | |
| | Hey, I have the following saved search in my Splunk instance which I saved as a search macro: sourcetype="log-file-... 1 6 | 1 | 6 | |
| | I am abit new to Splunk. I have setup the ossec server with: 6.7.8.9 10002 using the IP of the SPLUNK ser... 0 4 | 0 | 4 | |
| | I am trying to run the searches that come with the Ironport Web Security portion of Cisco Security for Splunk, and no... 0 1 | 0 | 1 | |
| | Hi all, i need to search the average number from the count by day of an event. for example if i have 3 5 and 4 event... 1 6 | 1 | 6 | |
| | Hey, I have written the following advanced dashboard that allows me to view results in a simple table based on what ... 0 4 | 0 | 4 | |
| | I find myself continually mystified by Splunk's strategy for placing things like event types, saved searches etc. How... 0 1 | 0 | 1 | |
| | I've got data that looks (functionally) like this: Event 1 contains String-A Field-X Event 2 contains String-B Field... 0 4 | 0 | 4 | |
| | I was wondering if there is a switch for the MSI installation that will limit the log files to current data only on i... 0 3 | 0 | 3 | |
| | This is largely an observation unless i am missing something: on the *nix app of the free version of splunk some file... 2 1 | 2 | 1 | |
| | I am checking out a sample application where an eventtype's search contains "sourcetype=..." . I having difficulty d... 1 4 | 1 | 4 | |
| | How do I know which index forwarded data goes to receiver instance ? I'm not sure about that, but i've created 2 inde... 1 2 | 1 | 2 | |
| | Our web server logs have percent symbols in the entries. I am able to search for certain logs by using REGEX (e.g. RE... 0 4 | 0 | 4 | |
| | I've got a saved search that's emailing me results up to this morning it was sending the results in a table with the ... 1 3 | 1 | 3 | |
| | If I close my web browser with search results up, then on restart of the web browser I end up at the "flashtimeline" ... 1 4 | 1 | 4 | |
| | I have a Power user who is creating his own lookup files. This works great but he's unable to share the file for oth... 2 1 | 2 | 1 | |
| | I recently made a stab at porting the lsof *nix app to AIX. I realize this is an unsupported configuration, but we AI... 0 2 | 0 | 2 | |
| | Hello, After playing with Splunk, I was able to create a save search that would email us if an IP address has more th... 0 1 | 0 | 1 | |
| | How do I monitor how often my users are using Splunk? 0 1 | 0 | 1 | |
| | Good Morning, I have a question that I would love to be answered if possible. I have written the following xml c... 0 11 | 0 | 11 | |
| | I have a configuration on a splunk indexer including search time fields extractions (using a DELIMS/FIELDS config in ... 2 5 | 2 | 5 | |
| | Hello. My logs contain Simple Chinese characters. After setting CHARSET = GB2312 in the props.conf, some Chinese char... 0 2 | 0 | 2 | |
| | Hi All I have an advanced dashboard that contains summary info. Business user would like a button to press which give... 0 5 | 0 | 5 | |
