Using Splunk

Using Splunk
Category Activity
jwestberg
I have a search where I have been using "latesttime=-2d@d" to specify the time range, like so: ... latesttime=-2d@d ...
by jwestberg Splunk Employee Splunk Employee in Splunk Search 06-18-2010
1 5
1
5
manuarora
I am doing a search which gives me two fields and say parent1 and child1...n so with parent and child I have 1 to n r...
by manuarora Explorer in Splunk Search 06-18-2010
1 6
1
6
ifeldshteyn
Hello there, Is it possible to chart a multivalued field against another multivalued field of the same size? For ex...
by ifeldshteyn Communicator in Splunk Search 06-18-2010
0 3
0
3
Jaci
We have many hosts running backups every night and report back if they are successful or not. I would like to simpli...
by Jaci Splunk Employee Splunk Employee in Splunk Search 06-17-2010
1 2
1
2
Lowell
I have a summary index search that does some simple stats (count) by host and sourcetype for WMI events. The problem...
by Lowell Super Champion in Splunk Search 06-17-2010
0 1
0
1
balt
Hello folks, I am having a difficult time extracting fields properly from the sudo.log file on several of our servers...
by balt New Member in Splunk Search 06-17-2010
0 2
0
2
jrodman
After upgrading, when accessing field extraction page in manager in 4.1, it doesn't work. This appears in splunkd.lo...
by jrodman Splunk Employee Splunk Employee in Splunk Search 06-17-2010
1 1
1
1
Starlette
For example DATA test1, test2, test3 so just add the DELIMS = "," in transforms and REPORT-test entry in pro...
by Starlette Contributor in Splunk Search 06-17-2010
0 2
0
2
esweeney
How can I learn the most about Splunk in the shortest amount of time?
by esweeney Splunk Employee Splunk Employee in Reporting 06-17-2010
6 6
6
6
bnolen
Hi all, I have logs in the following format 2010-06-17 02:04:55 user1 ip.add.ress.here GET /mysite/mypage.html 2010...
by bnolen Path Finder in Splunk Search 06-17-2010
2 1
2
1
joelshprentz
The What's New in Splunk 4.1 video shows an Incoming Activity chart at time 2:10. In the chart, small blocks dynamica...
by joelshprentz Path Finder in Dashboards & Visualizations 06-16-2010
2 2
2
2
sranga
Hi I am seeing some weirdness with one of the saved-searches that we have. One of these searches is of the form: ...
by sranga Path Finder in Splunk Search 06-16-2010
0 4
0
4
bbear
I have Splunk set up to monitor syslog on udp 514. Splunk is receiving event logs from several servers. When search...
by bbear Explorer in Splunk Search 06-16-2010
2 5
2
5
pjmenon
I am evaluating SPLUNK for my client. Reading previous questions tells me I can do this, but want to confirm. have 2...
by pjmenon Explorer in Splunk Search 06-16-2010
0 3
0
3
mtxpert
I tried for an hour but couldn't find the answer. I need to search my syslogs from a specific host for entries that d...
by mtxpert Engager in Splunk Search 06-15-2010
1 1
1
1
ebailey
We have a large number of 3.x splunk saved searches that I need to import into our new splunk 4.x distributed search ...
by ebailey Communicator in Reporting 06-15-2010
1 3
1
3
twinspop
Trying to get a transaction search to work. The transaction is logged in 2 different log sources, with the matching f...
by twinspop Influencer in Splunk Search 06-15-2010
0 2
0
2
Lowell
Anyone familiar with the following message? I found this in search.log. WARN MetaDataCache - not all cwpairs we...
by Lowell Super Champion in Splunk Search 06-15-2010
0 1
0
1
Hazel
Hello, We currently have a Splunk setup as follows UAT: Three indexers (NY, LDN, SGP), each collect data from forwa...
by Hazel Communicator in Splunk Search 06-15-2010
0 5
0
5
hans
If I have one event such as: 2010-06-10 15:01:16,882 .main INFO :: x=1 x=12 x=154 x=123 x=123 will it be able t...
by hans Splunk Employee Splunk Employee in Splunk Search 06-14-2010
0 5
0
5
GratefulDude
I would like to create a report that counts the number of times I see an error log in one file with a count of events...
by GratefulDude Explorer in Splunk Search 06-14-2010
0 3
0
3
Lowell
Does anyone know what this message means? 06-14-2010 15:45:14.859 WARN SearchResults - Corrupt csv header, 2 col...
by Lowell Super Champion in Splunk Search 06-14-2010
0 1
0
1
GratefulDude
I have application logs that will create a log when a user makes a request like: 2010-02-17 16:13:28.515 host1:11...
by GratefulDude Explorer in Splunk Search 06-14-2010
2 6
2
6
aoates
We’re looking for a way to support a number of identical named environments, such as UIT1, UIT2, etc. Each environm...
by aoates Splunk Employee Splunk Employee in Splunk Search 06-14-2010
2 4
2
4
pmelchiori
Hi, I need to export using CLI the Splunk search results. I've created a Windows Custom Search, now I want to export ...
by pmelchiori Explorer in Splunk Search 06-14-2010
0 3
0
3
Splunk Learning

Splunk has training and education options for everyone, whether it's your first or fiftieth deployment.

Get Started

Announcements
Register for Upcoming Live Tech Talks! Security and Observability Editions are held every month.

How digitally resilient are you? Take a quick Digital Resilience Assessment to find out if you're prepared for disruption!
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...
Top Karma Authors