Thread Info | |||||
---|---|---|---|---|---|
Hello, I have a log file with a very long record (about 255 chars) and I would like to know if and how is it possible...
by
cafissimo
Communicator
in
Splunk Search
08-02-2010
|
0
|
1
| |||
Hello,
I am asking a lot of questions today (obviously new to Splunk and in implementation...).
We do NOT use A...
by
kholleran
Communicator
in
Splunk Search
07-30-2010
|
2
|
2
| |||
I'm trying to develop a regex to separate merged events from a log. Here's my stanza in props.conf:
[source=c:\tem...
by
rgcox1
Communicator
in
Splunk Search
07-30-2010
|
0
|
2
| |||
Is there a search to check bundles delivered from search head to peers?
by
rroberts
Splunk Employee
in
Splunk Search
07-29-2010
|
2
|
2
| |||
For starters this app is amazing. I am trying to search a ton of log files for a certain error and its definitely doi...
by
jonathanjw
New Member
in
Splunk Search
07-30-2010
|
0
|
1
| |||
Below are the two files tcodesNew.csv paste.plurk.com/show/284992 chlogNew.csv paste.plurk.com/show/284990
I am tr...
by
ankitghai
New Member
in
Splunk Search
07-30-2010
|
0
|
1
| |||
Can Splunk index SQL LDF and MDF files?
by
swackhap
Explorer
in
Splunk Search
07-27-2010
|
0
|
2
| |||
Unfortunately our proxy data does not have user information. However I do have access to AV data that is able to map ...
by
morningwood
Explorer
in
Splunk Search
07-28-2010
|
0
|
2
| |||
I have a best practice time question for veteran Splunkers out there. Right now I have a a failed login search that r...
by
kholleran
Communicator
in
Splunk Search
07-29-2010
|
2
|
1
| |||
Trying to figure out how to aggregate with top when there are two field choices.
Here's an example of what I am tr...
by
skippylou
Communicator
in
Splunk Search
07-28-2010
|
0
|
2
| |||
I have a field 'vpn_duration' which is taken from the 'Duration:' value in an ASA syslog disconnect message.
The m...
by
splunker30039
Path Finder
in
Splunk Search
07-28-2010
|
0
|
2
| |||
Hi,
I'm running my environment with one main indexer and one search head. I have an index on the main indexer wher...
by
castle1126
Communicator
in
Splunk Search
07-27-2010
|
1
|
1
| |||
Hello,
I am running a search that returns all the failed logins across all servers that occurred in the last 15 mi...
by
kholleran
Communicator
in
Splunk Search
07-27-2010
|
0
|
3
| |||
I think it is taking splunk some time to capture new events. Is there a way to be able to tell exactly how long it ta...
by
Genti
Splunk Employee
in
Splunk Search
07-27-2010
|
4
|
1
| |||
I have approximately sixty Splunk forwarders sending the Windows events to my central Splunk indexer. Fours of them a...
by
maverick
Splunk Employee
in
Splunk Search
06-04-2010
|
0
|
3
| |||
I recently upgraded a Splunk environment from 3.4.x and the previous documentation included recommendations to disabl...
by
Jason
Motivator
in
Splunk Search
07-26-2010
|
2
|
1
| |||
THis might be a bit difficult, but i want to try anyways... I am trying to aggrgate source and destination IP address...
by
EricPartington
Communicator
in
Splunk Search
07-10-2010
|
0
|
2
| |||
Hello,
Sorry, I am new to Splunk and having problems.
I have loaded IIS logs (total 21 files) to splunk and wan...
by
andrejus7
New Member
in
Splunk Search
07-23-2010
|
0
|
1
| |||
I am using the following in my search options: index="my_site_hosts" "hostABC" "failed"
The results displays send...
by
subhap
Engager
in
Splunk Search
07-23-2010
|
1
|
2
| |||
Hi all,
Is it possible to change the display of Flashtimeline (for example, the one used in the "search" app) to d...
by
bojanz
Communicator
in
Splunk Search
07-22-2010
|
2
|
3
| |||
I'm trying to get my results into a single field called Percent_CPU_Load. However, since the field is defined twice, ...
by
Beth
Engager
in
Splunk Search
07-21-2010
|
0
|
2
| |||
So on the main page of the Search app you have the 'Global Summary' and 'All indexed data' section which has the sour...
by
skippylou
Communicator
in
Splunk Search
07-21-2010
|
1
|
2
| |||
i have one question I want to search time Daily from 9 am to 6:00 pm How can to use search command ?
Thank you for...
by
shirolu
Explorer
in
Splunk Search
05-06-2010
|
3
|
8
| |||
Hi, I'd like to do a report that tells me how long a forwarder hasn't been active. I use transaction to join similar ...
by
gljiva
Path Finder
in
Splunk Search
07-21-2010
|
2
|
5
| |||
Is there a search string that would report on the status of splunkweb on each forwarding host?
by
muebel
SplunkTrust
in
Splunk Search
07-19-2010
|
3
|
2
|