cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
jt_splunk
Explorer
Member since: ‎04-06-2012
‎06-05-2020
Community Statistics
Posts 9
Solutions 1
Karma Given 0
Karma Received 2
Member Since ‎04-06-2012
Activity Feed
Topics I've Started
No posts to display.
View All

Re: How to search events that occur at least one p...

by in Splunk Search
‎04-12-2012 01:56 AM
‎04-12-2012 01:56 AM
I just verified in 4.3.1 that where is still a current and active search keyword. So "| where count > 4" should work for you. What results are you getting when you use just the where portion? ... View more

Re: How to search events that occur at least one p...

by in Splunk Search
‎04-10-2012 03:33 AM
1 Karma
‎04-10-2012 03:33 AM
1 Karma
If I understand correctly, for each day of the week, you only care if an event is present or not. Then, you want to know if that event occurs over the course of 5 days, right? Try this: source="/var/log/alerts_splunk.log" hostname="" (name="df." AND value>99) OR (name="*.var" AND value>95) | dedup date_wday hostname name | stats count by hostname name value | where count > 4 | sort value desc ... View more

Re: Search head CPU Utilization

by in Monitoring Splunk
‎04-06-2012 03:52 AM
‎04-06-2012 03:52 AM
The default search app has 2 dashboards which will tell you CPU utilization issues related to indexing and searching. They can be accessed by: http:// :8000/en-US/app/search/search_detail_activity http:// :8000/en-US/app/search/index_status Also, what version of Splunk are you using? I had similar issues when I upgraded from 4.2 to 4.3. Then I upgraded to 4.3.1 and the problem went away. ... View more

Re: How to filter events with exporttool?

by in Other Usage
‎04-06-2012 03:43 AM
1 Karma
‎04-06-2012 03:43 AM
1 Karma
If you paste your search directly into the splunk web interface, do you get the expected results? If so, have you tried running "splunk search" from the cmd line instead of "exporttool"? Do you get the same results as in the GUI? ... View more

Re: Merge two rows in one

by in Splunk Search
‎04-06-2012 03:28 AM
‎04-06-2012 03:28 AM
Have you looked into transaction (http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/transaction)? ... View more

Re: insecurelogin fails

by in Alerting
‎04-06-2012 03:26 AM
‎04-06-2012 03:26 AM
What happens if you copy & paste your iframe link directly into your browser? If you have to "log in" (which you kind of imply at the end of your post) then your insecure login setup is wrong. There should be no login required with that link. ... View more

Re: Indexed CSV wont line break?

by in Getting Data In
‎04-06-2012 02:41 AM
‎04-06-2012 02:41 AM
The only time I've run into this is when the application that generated the csv file had corrupt data coming in. Can you post a sample of your data? If you're sure your dataset is clean, you may want to look at enabling SHOULD_LINEMERGE and then tweaking MUST_NOT_BREAK_BEFORE discussed here: http://docs.splunk.com/Documentation/Splunk/latest/Data/Indexmulti-lineevents. ... View more

Re: Trying to build a field in search then compar...

by in Splunk Search
‎04-06-2012 02:34 AM
‎04-06-2012 02:34 AM
Instead of: "| table Wanted_Account" Can you do something like this: "| search Wanted_Account!=*" ... View more

Re: How to search events that occur at least one p...

by in Splunk Search
‎04-06-2012 02:24 AM
‎04-06-2012 02:24 AM
Depending on your dataset, it shouldn't be that hard. Try something like this (modify the dates accordingly): earliest=3/18/2012:0:0:0 latest=3/23/2012:0:0:0 | dedup date_wday | stats c by | where c > 4 If you want a relative timeframe, make earliest=-7d. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All