I have sendmail logs which have an action field which can be DELIVER, DROP or QUARANTINE.
What I am trying to do is combine the restult of a "ctable Subject Action" query with a "chart dc(A...
I've got a search like this against a collection of Web logs:
sourcetype="access_common" | ctable uri_path host
The result is a ctable with URLs down the left, a count column for each of our s...
Afternoon Splunk Community
Can you help me solve a problem?
I have been asked to supply a report showing numbers of staff entering our 2 office buildings (Building A, Building B)
Mon-Fri bro...
After upgrading to 4.1 from 4.0.10 I am unable to get fields using a search from python script. The simplified version :
from splunk import auth, search
import time
import csv
import os.path
aut...
"daysago=5 | ctable host date_wday" produces a table with hosts on rows, dates on columns, and total message count in the cells, but takes a while as it must go through all the logs and count them....
Hi,
I am having some inconsistent search results and I'm not terribly sure why.
search #1:
earliest=-7d latest=-2h sourcetype=x type=delta status=fatal | ctable type status
Which r...
I've got a collection of Web log data where we like to see the URLs counted by host:
sourcetype="access_common" | chart count over uri_path by host
We've got a couple of different server types ...
I have two fields: EventCode (66 distinct values) and date_mday (28 distinct values)
But when I run:
' * | contingency EventCode date_mday '
On over 1.2M events I get no results. What am ...