| | I am trying batch upload like this from a light forwarder. But the files are not being consumed (there are only 2 sma... 0 5 | 0 | 5 | |
| | Search fails to correctly return all matching events when performing outer joins. The search below illustrates the pr... 1 3 | 1 | 3 | |
| | I have a long list of hosts/sources/sourcetypes I want to restrict a user to. Can I define a macro, then reference t... 1 6 | 1 | 6 | |
| | Splunk understands old school BSD-style syslog events effortlessly. For RFC 5424-style events, multiple data structu... 0 3 | 0 | 3 | |
| | We created a new index called "foo"; its size is about 6.6GB on disk. Our main index "main" is 66GB. Our daily index... 0 1 | 0 | 1 | |
| | So it appears that you can't rename a saved search through splunkweb. All the other parts seem to be editable, but n... 0 4 | 0 | 4 | |
| | Hi, Is there a way to have this search do following: get me all sources that related to windows (win*) - then calcul... 0 2 | 0 | 2 | |
| | In a chart, I need to set major unit to be one week (i.e adjacant tick marks need to be one week apart). How do I do ... 0 1 | 0 | 1 | |
| | For compliance purposes, how would I encrypt indexed data events on disk, such that it's secure while at rest? Also, ... 4 2 | 4 | 2 | |
| | I have a bit of an issue, as I typo'd a path change this morning, and ended up with about 8-10 hours of data being in... 2 5 | 2 | 5 | |
| | Hi I was wondering if there is a limit on the count of simultaneous queries/searches/jobs executed in a Splunk ins... 0 2 | 0 | 2 | |
| | New to splunk, testing things out but I've hit a wall... I'm trying to do remote windows event log collection on a W... 0 1 | 0 | 1 | |
| | I have the following output: DEV#: 0 DEVICE NAME: vpath0 TYPE: 2107900 POLICY: Optimized SERIAL: 123bac ... 0 11 | 0 | 11 | |
| | I know that Splunk can parse all different types of timestamps, but I've got a funky one. Here's the situation: AIX ... 1 6 | 1 | 6 | |
| | Hi, My instance of Splunk is monitoring a server log file that is updated at periods throughout the day. Splunk has ... 0 5 | 0 | 5 | |
| | I would like to know wether it is possible to filter remote windows eventlog based on the groups inside wmi.conf. I h... 0 6 | 0 | 6 | |
| | Team, I have a summary index that looks like this: <search string> | sistats count by UserAgent I also have a col... 1 4 | 1 | 4 | |
| | I am having some problems with the Google Maps app for Splunk. I am not seeing consistency of the maps. I expect the ... 1 2 | 1 | 2 | |
| | Hi all, i need to do a query about the number of login failed and succeeded in a time period. I'm auditing linux and ... 0 2 | 0 | 2 | |
| | Is it possible to restrict the admin user to login from for example 192.168.0.2 address only? 0 3 | 0 | 3 | |
| | I'm building a custom search command that performs some visualizations on a dataset outside of Splunk. It has to pars... 0 6 | 0 | 6 | |
| | When I attempt to do this, I get the following error: Error in 'UnifiedSearch': Unable to parse the 'Invalid RHS for... 0 3 | 0 | 3 | |
| | How would I go about running a search that compares the output to two searches and reports the difference between the... 1 3 | 1 | 3 | |
| | A user would like to click on the down arrow to the left of an event and leave a comment. I think I have seen this de... 1 4 | 1 | 4 | |
| | We have a monitoring system (WhatsUpGold) that periodically logs in to our windows machines and checks various condit... 1 2 | 1 | 2 | |
