| | I have a number of hosts that have a certain tag on them (let's say "sensitive"). I want to look for account lockout ... 1 2 | 1 | 2 | |
| | Is it possible with subsearch to pass a list of search results to the outside search? similar to a SQL correlated sub... 3 3 | 3 | 3 | |
| | Given a sequence of general to specific events (like product browsing a pages, followed by particular product pages)... 2 2 | 2 | 2 | |
| | I'm trying to map search performance to specific searches. I have to discover if its possible to marry up a job ID t... 2 8 | 2 | 8 | |
| | The asterisk character is not matching all characters. A search for : rectype="bl*query" returns 0 matching event... 10 5 | 10 | 5 | |
| | In a dashboard we're working with we are displaying a table of events and the times always have 000 as the millisecon... 1 1 | 1 | 1 | |
| | Livetail was around in version 3.x and went away in 4.0. When is it coming back? 2 1 | 2 | 1 | |
| | I'm running summary searches and the splunk-system-user keeps hitting a quota limit. 04-12-2010 16:50:28.436 ERR... 3 1 | 3 | 1 | |
| | Hi folks Is there a way to manually migrate saved searches from splunk 3.x to 4.x? The problem is that I didn't upgr... 1 2 | 1 | 2 | |
| | Hi All... i'll first describe my scenario.. i have logs that contains entries regarding open ports like: 1-1-2000 ... 0 2 | 0 | 2 | |
| | I want to lock down a user to seeing only one app. I figured out how to set their default dashboard, but i want this... 2 1 | 2 | 1 | |
| | Can I do a live search over multiple Splunk indexers? 1 2 | 1 | 2 | |
| | If there are no results found when a dashboard is rendered instead of having a "NO RESULTS FOUND" message in the dash... 2 1 | 2 | 1 | |
| | My search returns 10 fields in each event and I want to create a table with one row per event and columns for 3 of th... 0 6 | 0 | 6 | |
| | instead of /var/run/splunk? I would like to stay away from having to point to or move the file in a script. 2 1 | 2 | 1 | |
| | Hi! I posted this in the Splunk Forums the other day but I stumbled on Answers this morning and it seems like it m... 1 5 | 1 | 5 | |
| | Hi, We get many alerts sent to us about cpu health under the email heading SERVER HEALTH ALERT - followed by tags. ... 0 4 | 0 | 4 | |
| | Wanted to see what is/are the possible methods to do so. One way I could think of is to export the results using out... 1 7 | 1 | 7 | |
| | I use the following query against a Cisco as5400 to find the number of calls per hour during a day. 10.200.90.19 Cal... 0 4 | 0 | 4 | |
| | After upgrading to 4.1 from 4.0.10 I am unable to get fields using a search from python script. The simplified versio... 0 2 | 0 | 2 | |
| | I am trying to get scripted auth working on the new 4.1. I had a configuration on 3.4.x that worked great but after m... 0 2 | 0 | 2 | |
| | What are the searches required to search across Windows Event Logs for: most recent events of a particular event ID ... 2 1 | 2 | 1 | |
| | Splunk does such an awesome job with distributed search. It seems like all my data is on one server (my search head)... 1 2 | 1 | 2 | |
| | When I run a search on my custom dashboard, I get a notification bar on top stating the status of the dashboard queri... 2 6 | 2 | 6 | |
| | After upgrading to Splunk 4.1 from 4.0.10 today, we find that we can no longer run searches. splunkd.log shows: 04-... 4 1 | 4 | 1 | |
