| | After upgrading to Splunk 4.1 from 4.0.10 today, we find that we can no longer run searches. splunkd.log shows: 04-... 4 1 | 4 | 1 | |
| | If I have a bunch of saved searches I run hourly, what should I consider before switching any or all of them to real ... 2 2 | 2 | 2 | |
| | I'm using Splunk 4.0.10. I've been working on doing field extractions (transforms.conf) on a DB2 log file. I've man... 0 1 | 0 | 1 | |
| | Question: What pipeline module does the sed pre-indexing code run in. I have the following props.conf in my app an... 1 1 | 1 | 1 | |
| | I have a lot of saved searches that populate my summary index and I do not want them to be viewable in the saved sear... 5 3 | 5 | 3 | |
| | Saw this error in splunklogger.log. What does it mean? 1 1 | 1 | 1 | |
| | We are indexing a lot of Cisco syslog messages. I notice that the host field is extracted correctly, but src/dst IP a... 3 3 | 3 | 3 | |
| | I have a script that populates the previous day's data early in the following morning. How do I set a time range such... 2 3 | 2 | 3 | |
| | I've got a field extraction defined in my props.conf, but now I want to be able to select it in a search without usin... 1 5 | 1 | 5 | |
| | It'd be cool if I could add some line breaks to my search so that visual inspection of what I was typing was a little... 5 4 | 5 | 4 | |
| | I have heard that this is possible - please correct me if I am wrong. Firstly, the reason I want to do this. We inde... 0 4 | 0 | 4 | |
| | I'm curious how to plan a deployment where i have many concurrent searches. I understand how to account for indexing... 1 1 | 1 | 1 | |
| | I understand summary indexing can drastically improve the load time of my dashboards. In addition, if I schedule eac... 7 5 | 7 | 5 | |
| | Are search-time fields slow? Can I rely on them to efficiently sort through my data? Are there significant differenc... 5 4 | 5 | 4 | |
| | Is it possible to force the results to be used in a report to be case insensitive? For example UDP and udp are shown ... 1 1 | 1 | 1 | |
| | I got Your index exceeded your 20.00 GB/day limit again. I would like to know which data inputs cause this. 0 2 | 0 | 2 | |
| | For every Retention key (already extracted by Splunk: 20181947800000) I want to subtract the requestTime="2009-05-26T... 0 1 | 0 | 1 | |
| | We get an alert from sourcetype=ps as a result of running this save search: (authentication failure) OR (Account * to... 0 1 | 0 | 1 | |
| | Hi I would like to have a way to find out whether hosts have stopped logging to our central log infrastructure or i... 0 3 | 0 | 3 | |
| | I am having trouble getting my head around the search required to graph multiple values from the same log event. It s... 2 5 | 2 | 5 | |
| | Our office has a specific TRANSACTION search we do frequently to track all events related to a particular user. The s... 0 5 | 0 | 5 | |
| | I'd like to provide a table where the event count for today and yesterday are displayed. For example, count by statu... 0 2 | 0 | 2 | |
| | I know that in general, regular expressions in Splunk use PCRE (or a modified PCRE for matching in props.conf source ... 3 1 | 3 | 1 | |
| | I would like to use a lookup into an external database to add fields to my events, but need some advice about perform... 2 3 | 2 | 3 | |
| | On the Search App > Status > Index activity dashboard, there is an Index health report showing the bucket spread over... 1 1 | 1 | 1 | |
