[subsearch]: Subsearch produced 12959 results, truncating to maxout 10000.
When I put below,sourcetype="splunk_page_request" NOT [| inputlookup nmc_crawlers | fields ip_address]I got a message below,[subsearch]: Subsearch produced 12959 results, truncating to maxout 10000.How...
View Articlewhere to do a field extraction
Hi,I want to extract, and report on (also, put in a summary index), some standard fields from access logs. I have a standard multi-tier setup (uf, indexer, and search-head). I have the props.conf and...
View ArticleCombining similar log entries and counting as one
I have multiple users making a request to a web server each time they type a character into a search box. User 1 is typing 'please' and user 22 is typing 'cat'. Simplified log...
View ArticleUsing Subsearch to Narrow Data: Contradictory and Inefficient?
Hey spelunkers,I am using a search that has many conditionals, and each conditional further narrows the pile of results. This search narrows logs down by information contained in their messages. I am...
View ArticleMonitor directory containing zip files
Hi,I'm trying to monitor a directory which contains zip files. The zip files contain different file types, and I'm only interested in indexing the txt files. My path would be something like:...
View Articlechoose top string for a group
So, my data looks like this:code message hash count aaa m1 53e 3 aaa m2 53e 5 bbb m3 54e 15 ccc m4 77f 4 ccc m5 77f 7 and I want to group by the hash (actually I could group by either the hash or the...
View ArticleTracking firewall logs by hostname using DHCP logs
Consider the following two indices:1) firewall logs with _time, src_ip, and some other information2) DHCP logs with _time, src_ip, and hostnameThe use case is as follows:"Show me all firewall logs for...
View ArticleSearch split value with spaces
Hi,Newbie here :) trying to search value that actually split with spaces:DEBUG PerformanceMonitor [(null)] - PerformanceMonitor resource: DataBase elapsed : 3250 details: DataBase: DEBUG...
View ArticleFailed to register the cluster peer
I'm getting the following error on my master node. I have configured my clustering before and, currently I'm trying to move my indexes to a different location. 07-08-2013 16:01:54.242 -0500 ERROR...
View Articlesavedsearch command only returns maximum 10000 results?
I have a saved search which will return about 80000++ results. I tried the below command in Search bar, it returns correct total of results.| savedsearch "get_complete_dataset" Then I use it in my...
View ArticleAutomatic Lookup to Overwrite Field Value at Search Time
I am trying to overwrite a field that is boolean. I created a table to convert 1/0 to IN/OUT so that the data is more human readable.Below is my props.conf entry.[source::mysource] LOOKUP-mylookup =...
View ArticleEval value based on timerange
Ok I'm rewriting the question as it has become much simpler than before. All I need to do is have a way the get the length of the current time range I am searching over (as a variable I hope) so that I...
View ArticleWhere do I start
Hi Friends, I am 1 day old with Splunk. So probably this is the most stupidest post ever made. Still, can somebody guide me where can I some free/dummy log files for practice and some guidance to keep...
View ArticlePulldown in a Table that has an embedded search based on row values
I have several Sideview Utils modules embedded and attempting interactivity. I'm having issues accessing the value in my Pulldown that is embedded in a Table to fire off a search.Basically, I have a...
View ArticleMS SQL Server Perfmon multiple Install instances
I am trying to create generic MSSQL for data collection. While installing SQL you are able to use the DEFAULT_INSTANCE or create NAMED_INSTANCES. Creating NAMED_INSTANCES allows you to have multiple...
View ArticleCan I use rex/regex in split() in deliminator?
Hi,I am facing problem in split() in eval query. Is there a way to add rex/regex in split function to as deliminator?I have a field with a value in really big string and i want to split the word based...
View ArticleEmail Alerts Not Working on Linux / Splunk 5.0.3
I have created a saved search which is meant to email the results to me, but it has only worked intermittently. I have checked $SPLUNK_HOME$/var/log/splunk/python.log. When successful, the email is...
View Articlentpcheck units
Hihow can I know the units of the results of an ntpcheck with the *Nix app??
View ArticleError when doing database lookup
I setup Splunk DB Connect and configured it to use my Oracle database. I verified that Splunk can contact my database as I was able to get a listing of the schema from within the DB Connect app.What I...
View ArticleLogging into Splunk SDK gives 404 error
I'm trying the basic examples using the Javascript Splunk SDK using Node 0.8.0.Trying to login to Splunk through the API gives me a 404 error.My Javascript code - username = "admin"; password =...
View Article