Thank you very much for your help! Now it works really well (thanks to your last answer) ... View more

Thank you for your quick answer, but the second command you wrote doesn't work. In fact, it works better than your first command, but the results are not appended to the existing results.txt. Splunk keeps creating a new "results.txt" witch contains the results of the last search, results are not added in the existing file. Here's what i wrote: inputcsv results.txt | append [search source="access_combined" | outputtext usexml=false | rename _xml as raw | fields raw | fields - _* ] | outputcsv results.txt Have you an idea ? Extra : I have a second problem, the search can't finalize because "subsearch auto-finalized after time limit (30 seconds) reached". I search how to disable this but i can't find anything ! ... View more

I have another question 🙂 Everytime i do that command, a new "results.txt" is created, witch replace (and erase) the last "results.txt". Is it possible to write at the end of this file ? When i start this search, i'd like the results be added at the end of the file, to have a bigger and bigger file everytime i start the search. Regards ... View more

Works perfectly, great ! Thank you very much ... View more

What does it returns exactly ? What are the columns p10 and p90 ?? Is it the size in Mo ? ... View more

Thank you, i find what i expected ! In the DOS windows, i just wrote : c:\Splunk\bin>splunk.exe login Regards ... View more

If you find an answer to your question i'm especially interested in 🙂 ... View more

Thank you very much 🙂 It works perfectly my search exactly : host=hp-dev index="main"| stats sum(BytesReceivedPersec) AS octets_recus sum(BytesSentPersec) AS octets_envoyes | eval octets_recus_Mo=octets_recus / 1000000 | eval octets_envoyes_Mo=octets_envoyes / 1000000 ... View more