| | Is there a way to set tags based off a wild card value? IE I have the following hosts and I want to apply the 'test'... 0 2 | 0 | 2 | |
| | can I get transaction to show hostname or sourcetype for each event within? I'd like to be able to pass a transactio... 0 5 | 0 | 5 | |
| | Is the output of 'splunk list monitor' clipped at all? I have a directory with (approx) 50 log files, but the outp... 3 4 | 3 | 4 | |
| | In inputs.conf and props.conf, the wildcards ... and * are supported for use in the spec headers. What do they trans... 2 3 | 2 | 3 | |
| | While the following extraction below works, I wanted to see if I could extract both custom fields EAR_FILE and DOMAIN... 2 2 | 2 | 2 | |
| | When searching for lost forwarders a host with an all caps name is returned as lost when the same host with a lower c... 0 3 | 0 | 3 | |
| | I am expecting to see each record as an event, but the result is not as expected. Some records are displayed as indi... 0 1 | 0 | 1 | |
| | If I have data like this: src=1.1.1.1 dst=2.2.2.2 can I create a mvfield of ip's? like: ips=1.1.1.1,2.2.2.2 FRO... 1 2 | 1 | 2 | |
| | If I have data that looks like (date) srcip=x.x.x.x dstip=y.y.y.y How can I create a single list of all unique IPs... 1 6 | 1 | 6 | |
| | If we have an indexer configured w/a raid 5 or raid 6 array is this going to negatively affect performance? 2 4 | 2 | 4 | |
| | I am currently running a eval version of Splunk 4.0.9 on a Windows 2008 64Bit Host. Our purchase of Splunk has been a... 1 1 | 1 | 1 | |
| | Hi, we are currently testing a Palo Alto app sec firewall and are sending some test logs over to the central indexer ... 0 6 | 0 | 6 | |
| | I would like to deploy Light Forwarders at our remote locations to act as a syslog server. Can light forwarder be con... 2 2 | 2 | 2 | |
| | I've got a summary index query which currently matches only one (1) event in my existing data. I've run the fill_sum... 0 3 | 0 | 3 | |
| | After a Splunk restart without any configuration changes, I can no longer issue any Splunk CLI commands such as these... 3 1 | 3 | 1 | |
| | Hi I need to extract a splunk app file (.spl) created in v4.1.2 onto a non splunk machine (linux workstation) to car... 0 4 | 0 | 4 | |
| | I've found how to get data from a remote users Security Log but we are after a centralised area to keep these logs. I... 0 3 | 0 | 3 | |
| | Is there a way to report on the position of an event relative to the rest of the events in the result set? For examp... 0 2 | 0 | 2 | |
| | I am revisiting splunk to see if it will meet our goals. Right now I am working on the initial index of our data gat... 0 4 | 0 | 4 | |
| | How can I use lookups for a source CSV file that is not under the Splunk code tree? I am using Splunk 4.0.10. CSV lo... 1 1 | 1 | 1 | |
| | Our indexer and all forwarders are running 4.1.2. Recently we developed a need to send events from our forwarders in... 1 3 | 1 | 3 | |
| | What is the relationship between size of logs received by Splunk indexing servers versus indexing volume? On the load... 0 1 | 0 | 1 | |
| | I have a deployment server app with a single inputs.conf file. [tcp://localhost:9997] sourcetype = tcp-raw index = p... 1 2 | 1 | 2 | |
| | Is it possible to change the axis titles for line charts? I can do so with column charts <option name="charting.pr... 0 1 | 0 | 1 | |
| | I want to use Splunk to monitor the error output of a telephone switch. I can easily see the data by connecting to th... 0 5 | 0 | 5 | |
