| | Hi, I would like to rewrite bogus field values that are negative to 0. For example I would like to run the followin... 0 1 | 0 | 1 | |
| | I just set up a new splunk forwarder on a linux host. One of the inputs is a monitor of the /var/log/messages file. ... 1 3 | 1 | 3 | |
| | I'm running Splunk 4.1.3 on Windows 2008 R2 x64 and had a poweroutage. The splunkd service will not restart. Crash ... 0 1 | 0 | 1 | |
| | I have a REGEX configured (in transforms.conf) that works with my single line events, but appears to be failing on al... 1 3 | 1 | 3 | |
| | The heat map being the function that highlights outstanding values in a results table, accessible via the "Overlay" d... 0 1 | 0 | 1 | |
| | Currently in the Search App, the Summary page contains the lists of all my sources, sourcetypes, and hosts. However... 6 5 | 6 | 5 | |
| | Which search below is better or optimal from a performance perspective and why? sourcetype="mysoucetype" AND field1=... 4 3 | 4 | 3 | |
| | I've noticed that on Splunk 4.1.3 the timechart and chart commands, when used with "limit=0", the "count" aggregation... 0 2 | 0 | 2 | |
| | I have a field in some events that contains a time as a string. The times are in the format "2010-07-15-13", which t... 0 2 | 0 | 2 | |
| | Hello, I was trying to send a pdf report thru email by using a saved search, and in the email an error messages displ... 2 4 | 2 | 4 | |
| | I've tried to delete events for a particular source,say source="tcp:1234" | delete The operation was successful.How... 2 4 | 2 | 4 | |
| | I am building a search to find the average amount of time an action takes: sourcetype="timelog" | stats avg(reque... 0 1 | 0 | 1 | |
| | I run a metadata search that populates a summary page to link to all of my tags. The goal of the summary page is to ... 1 1 | 1 | 1 | |
| | We have a log line that looks like: Jul 14 15:47:34 127.0.0.1 1 [000004ff000216970000489c] Serv foo.com 158578_40df3... 0 1 | 0 | 1 | |
| | I can get email alerting to work just fine on my *nix Splunk instance. In Windows, it doesn't seem to work and I see... 0 1 | 0 | 1 | |
| | The problem is with the "pdfserver" module. Our saved search generates results of around 1,000 to 10,000+ events and... 0 1 | 0 | 1 | |
| | Hello, I'm trying PDF report server application on Splunk 4.1 on a Centos 5.4 x86_64 server. When I try to test the p... 1 7 | 1 | 7 | |
| | hello, my problem is: when I type the query in the search bar, such as: source="number.txt" it will so like that:... 0 5 | 0 | 5 | |
| | I get a lookup error "does not exist" after i upgraded to 4.1 almost in all apps, also my browser goes not responding... 0 1 | 0 | 1 | |
| | I have an Apache Access log which I'm searching for any .cgi or .pl file hit with the latest date it's been hit. Som... 2 2 | 2 | 2 | |
| | I have a saved search that I modified in the Splunkweb Manager. I look at the same search in the savedsearch.conf fi... 1 5 | 1 | 5 | |
| | I have a line graph that charts the consumed disk capacity for many hosts. It is very nice for giving a rough idea o... 2 1 | 2 | 1 | |
| | I would like to create an alert if the number on events is different in two subsearches. subsearch1 = "index=index1 ... 1 1 | 1 | 1 | |
| | I have setup alerts based on a scheduled search in the logs. The application writes a log messages every minute while... 1 1 | 1 | 1 | |
| | I could renamed the field of timechart. For example: Changed count to 'YYY' . But,I couldn't renamed the '_time' fiel... 0 1 | 0 | 1 | |
