Thread Info | |||||
---|---|---|---|---|---|
Hi,
We've created two transactions to correlate logs spanning several components. We needed to define alias terms...
by
treena
Explorer
in
Splunk Search
07-06-2010
|
5
|
6
| |||
I'm running into some really slow performance searching on WMI sources. In this case I'm just trying to get some gene...
by
Lowell
Super Champion
in
Splunk Search
07-02-2010
|
1
|
3
| |||
Does anyone have a good way (or am I missing the something obvious?) of calculating for a defined time range the aver...
by
Derek
Path Finder
in
Splunk Search
07-05-2010
|
0
|
2
| |||
Since it does not appear that you can pass a number into the random() function, I'm curious to know what is being use...
by
maverick
Splunk Employee
in
Splunk Search
07-02-2010
|
3
|
3
| |||
I have an event that is coming from a Windows forwarder. When you view the event in the log file on the server it loo...
by
Derek
Path Finder
in
Splunk Search
07-02-2010
|
0
|
2
| |||
Ok. Not having a spectacular regex day...
I have this:
Recipients: joe.smith@mig.mydomain.com, jane.smith@mig.m...
by
Derek
Path Finder
in
Splunk Search
07-02-2010
|
1
|
2
| |||
I have saved searches and all of a sudden with no changes they are returning this error to the python.log file.
ER...
by
jtwcarboy
New Member
in
Splunk Search
06-02-2010
|
0
|
7
| |||
I'm unable to list the transactions that have events matching with startWith clause but no events for endsWith clause...
by
Krishna_R
Path Finder
in
Splunk Search
06-10-2010
|
1
|
9
| |||
I've been breaking my head over this very simple field extraction.
My extraction (see eg., below) has problems be...
by
pjmenon
Explorer
in
Splunk Search
06-29-2010
|
0
|
21
| |||
Is the wildcard search star * supported by logs in splunk? Im trying to see if splunk is seeing changes being made in...
by
riderofyamaha
Explorer
in
Splunk Search
06-30-2010
|
0
|
3
| |||
Hi,
question about restoration of indexed data. I know how to restore(or search old) indexes data by putting neces...
by
melonman
Motivator
in
Splunk Search
06-08-2010
|
1
|
1
| |||
It looks like the Job Manager currently does not allow me to track CLI searches. Is there some way I can get a jobid ...
by
the_wolverine
Champion
in
Splunk Search
06-29-2010
|
2
|
2
| |||
Hello,
I found that when I use subsearch or join command to join data,
I can't make splunk to return the compl...
by
kalitbri
Explorer
in
Splunk Search
06-21-2010
|
0
|
3
| |||
Greetings.
I am trying to use an expression in the search string that will not display certain IP addresses. I hav...
by
bbear
Explorer
in
Splunk Search
06-29-2010
|
1
|
4
| |||
Hello,
I am trying to extract fields from an event which looks like this (I have multiple events)
total time (m...
by
hiwell
Explorer
in
Splunk Search
06-22-2010
|
0
|
3
| |||
Hey guys,
We are monitoring 2 specific CSV Log files on one indexer. I setup the appropriate custom field extract...
by
balbano
Contributor
in
Splunk Search
06-01-2010
|
0
|
6
| |||
Basically I have a line of data that looks like this:
Jun 28 14:15:10 sc4-app04.mcafeesecure.com portal: ACCESS Cl...
by
mcafeesecure
Explorer
in
Splunk Search
06-28-2010
|
3
|
3
| |||
An auditor is requesting that we furnish them with a list of all servers logging to splunk and the index they are bei...
by
Michael_Wilde
Splunk Employee
in
Splunk Search
06-28-2010
|
1
|
2
| |||
I have splunk indexing a local file that is being continuously written to and I need the first word in each event to ...
by
mawwx3
Explorer
in
Splunk Search
06-28-2010
|
0
|
4
| |||
Search string "mismatch".
The single event is about 2-3K lines or more. In the lines of text there are 5 lines wit...
by
zliu
Splunk Employee
in
Splunk Search
05-28-2010
|
1
|
6
| |||
I need a regex that can process all security events with eventid 540 that don't contain $, SYSTEM, or ANONYMOUS LOGON...
by
chowell
Explorer
in
Splunk Search
06-28-2010
|
0
|
2
| |||
I am scheduling this search(Daily Indexed Volume):
index=_internal source=*metrics.log splunk_server="*" | eval MB...
by
apro
Path Finder
in
Splunk Search
06-28-2010
|
0
|
2
| |||
I have a scenario where I would like to do a two-layered lookup. I'm essentially doing an IP address lookup against a...
by
Lowell
Super Champion
in
Splunk Search
06-25-2010
|
6
|
4
| |||
Below are the first 7 lines of a file that I want to index. The additional lines all look like line 7. Can I have it ...
by
nate1
Explorer
in
Splunk Search
06-25-2010
|
1
|
2
| |||
Can I use eventtype=myevent with |metadata?
example: | metadata type=hosts | eventtype=group_A
I know tags wor...
by
thall79
Communicator
in
Splunk Search
06-24-2010
|
0
|
1
|