×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
b4ggio
Explorer
Member since: ‎02-24-2011
‎06-05-2020
Community Statistics
Posts 6
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎02-24-2011
Activity Feed
View All

Re: Transactions/Stats?

by in Splunk Search
‎07-19-2011 09:16 AM
‎07-19-2011 09:16 AM
I cannot reference the field that has been extracted using the earliest::$Fieldname$, either that or the map command as others have indicated on other posts is not working properly. ... View more

Re: Transactions/Stats?

by in Splunk Search
‎07-19-2011 08:28 AM
‎07-19-2011 08:28 AM
Sorry perhaps my request was quite vauge, I want to automate this to complete for each change request line that I have. Therefore the search time should be as large a space of time as required to complete all changes for a given seach, therefore I need to use the two fields similarly to a transaction that includes startswith endswith. ... View more

Transactions/Stats?

by in Splunk Search
‎07-19-2011 07:28 AM
‎07-19-2011 07:28 AM
I have a log file that contains multiple fields that are time oriented fields. The fields in this instance are the start time and end time of a change request. I would like to use the fields as start and end markers in a transaction to show me all system events that have occurred during the time window. The unique identifier will be the Hostname. Log source with time fields. Date:18/06/2011 10:00:00 Hostname:Foo Start:18/06/2011 15:00:00 End: 18/06/2011 15:00:00 Then I have all the system events. I would like to pull all the system events together that happened in the window above for the hostname. ... View more

Re: How to build a transaction from multiple, some...

by in Splunk Search
‎04-07-2011 03:00 PM
1 Karma
‎04-07-2011 03:00 PM
1 Karma
I am also keen to see what the data looks like as mentioned by southeringtonp. Have you thought about doing data enrichment using a lookup of some unique data and then using the new field to transact on. ... View more

Re: Teach Splunk 4.2 to identify positions in a CS...

by in Getting Data In
‎04-07-2011 02:54 PM
‎04-07-2011 02:54 PM
The Time is configured within the /opt/splunk/etc/apps/<>/local and the file props.conf, you may have to create this file and choose your stanza and date time methods. Its all explained here http://www.splunk.com/base/Documentation/latest/admin/propsconf if you search or scroll to "Timestamp extraction configuration" To teach splunk to recognise the files and to pull the information through in a report you should look at field extraction as you can write a regex that names each field based on the delimeter being a semicolon and the choose the field number. Fortunately Splunk will also do this for you if you use the extract field wizard. Hope this helps. ... View more

Using a Static list to refine your search

by in Splunk Search
‎02-24-2011 01:26 PM
‎02-24-2011 01:26 PM
Hi Guys, The scenario that I am building is to use a dynamic txt or csv file to refine the search of an index full of syslog. I have index=syslog that contains incoming syslog for 1000 servers, however for this specific scenario I only care about 150 high value hosts. Rather than searching index=syslog HOST1, HOST2 etc etc I would like to call on a CSV or txt file that contains the host names of the high value targets and create a search similar to index=syslog | search host=/opt/splunk/test/host.csv I have been toying with using the transaction command to make this work but it provides undesirable outputs and I believe there should be an easier way...... Python is also an option I just hoped that splunk would have a field lookup option that does not consists of find and replace. Thanks ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:02 AM
Karma from
View All