Thread Info | |||||
---|---|---|---|---|---|
Hi guys,
I have been playing around trying to match multiple ocurances of a pattern and replace it with a regex in...
by
kenchisho
Path Finder
in
Splunk Search
02-22-2013
|
0
|
2
| |||
Let's say I have log records that look like this
Field 1 Field 2
ABC XYZ
ABC KLM
XYZ A...
by
tnkoehn
Path Finder
in
Splunk Search
02-22-2013
|
0
|
1
| |||
We run a report every week that counts how many times a firewall policy was used. (A firewall policy is represented b...
by
aferone
Builder
in
Splunk Search
02-14-2013
|
0
|
5
| |||
Hi Everyone,
I am doing the following search
sourcetype="a" OR sourcetype="b" OR sourcetype="c" CPU_IDLE<40 | ...
by
dannux
Path Finder
in
Splunk Search
12-20-2012
|
0
|
2
| |||
Hello,
I'm wondering if there's a way to trim characters from an unknown field value during search. I'm tracking p...
by
cphair
Builder
in
Splunk Search
03-07-2012
|
4
|
4
| |||
I cannot seem to "eval" a field obtained from a "rex" and i am pretty sure the field is only digits... this is simili...
by
kingsizebk
Path Finder
in
Splunk Search
12-14-2012
|
0
|
3
| |||
I have raw data that looks like this: (4)example(3)domain(3)com(0). In my search, I've been using a macro that looks ...
by
aapittts
Path Finder
in
Splunk Search
02-21-2013
|
0
|
1
| |||
Hi Splunkers
I have two searches I want to compare, but unfortunately can't find my way around it.
First is: CP...
by
lemikg
Communicator
in
Splunk Search
02-21-2013
|
0
|
2
| |||
I am in a clustered indexer environment and some but not all of my indexers are showing this error
"The lookup tab...
by
hartfoml
Motivator
in
Splunk Search
02-21-2013
|
0
|
4
| |||
So I’m trying to link a couple different fields together to get the data I’m looking for, but it involves a couple st...
by
whateverman
Explorer
in
Splunk Search
02-21-2013
|
2
|
2
| |||
I'm working on a search which should return all events, except those where the "User_Name" or the "Account_Name" fiel...
by
rtadams89
Contributor
in
Splunk Search
03-19-2012
|
2
|
4
| |||
I found a field, b1, c1, d1, e1 a1 to the search field. What if you want to view the rest of the fields except for e1...
by
qfjp
Explorer
in
Splunk Search
02-21-2013
|
0
|
1
| |||
Hi Support team,
I just wanna check with you guys on how to detect if logs stopped from regular source?
Best re...
by
WilliamF
Engager
in
Splunk Search
02-21-2013
|
0
|
1
| |||
I am using a subsearch to qualify an outer search. Simplified, it looks something like this:
Index =AAAA [index=AA...
by
timpgray
Path Finder
in
Splunk Search
02-21-2013
|
1
|
3
| |||
Hey Guys, This is my current search (It looks for SQL I/O delays) =
sourcetype="WinEventLog:Application" MSSQLSERV...
by
johnpof
Path Finder
in
Splunk Search
02-20-2013
|
1
|
7
| |||
How to figure which events are broken or truncated by splunk. I know that the default is 256 lines for multiline even...
by
mataharry
Communicator
in
Splunk Search
08-15-2012
|
1
|
3
| |||
I have an custom search command. It is scheduled to run every 5min. The results are indexed in a summary index.
I ...
by
lpolo
Motivator
in
Splunk Search
02-12-2013
|
0
|
2
| |||
I'm trying to leverage my indexed DHCPD logs to provide additional information about internal IP's that show up in ot...
by
Adam_Sealey
Explorer
in
Splunk Search
01-29-2013
|
0
|
5
| |||
Below is the raw data that am getting. I want to extract the events where category is Error. For this am doing this i...
by
pdash
Path Finder
in
Splunk Search
02-20-2013
|
0
|
6
| |||
I've tried using info from the following 2 KB posts, but I am still having trouble:
http://splunk-base.splunk.com/...
by
aferone
Builder
in
Splunk Search
02-20-2013
|
0
|
5
| |||
Hi,
I would like to group my product based on weight.
Sample logs are:
Product ID | Weight
00368001a1 | 1...
by
yap
Explorer
in
Splunk Search
02-21-2013
|
0
|
2
| |||
I'm having trouble with the way Splunk parses some of my logs which has field=value pairs that have values with unquo...
by
michaelbrunetto
New Member
in
Splunk Search
02-20-2013
|
0
|
1
| |||
what is the best way to add these devices dynamically ? We are using autoscale servers, how should we introduce new d...
by
sara_shafaei
New Member
in
Splunk Search
02-15-2013
|
0
|
3
| |||
With the following data: mac_addr=01-02-03-04-05-06, 01-02-03-04-05-07, 01-02-03-04-05-08
Using this search will p...
by
Ron_Naken
Splunk Employee
in
Splunk Search
08-01-2010
|
2
|
6
| |||
It seems that mvfind will only return the index of the first matching value. I would like to return the index of the ...
by
pkashou
Explorer
in
Splunk Search
02-17-2013
|
0
|
1
|