simple index segregation ?
Hi.I'm trying to find a quick and simple way to separate my incoming cisco syslogs into different indexes. For complicated, and dull reasons we can only really use the udp:514 listener.The best I've...
View Articlereplace one backslash by double backslash
Hello! I need to provide search only in earliest source in my sourcetype. I use this search request for this purposes: sourcetype="mysourcetype" | stats earliest(source) as firstsource | search...
View Articlesaved searches accessing the same index at the same time
I have a lot of saved searches that are scheduled to search the same index at the same time. What is an good number of searches I can run like this efficiently? I have an issue with my average...
View ArticleTiming and how Splunk handles Scheduled Searches
We are trying to optimize the performance of our Splunk environment.How does Splunk handle the following:A scheduled search is scheduled to run every minute. It takes 20 minutes for the scheduled...
View ArticleScheduled searches are not being run?
Hi all, I've made several searches to run at once (they run every 24 hours at 10am) but I can't seem to view the results of those searches, and the view which is using this search is NOT using any...
View ArticleChanging Management port from 8089
Today , i got an Error - The splunkd daemon cannot be reached by splunkweb. Check that there are no blocked network ports or that splunkd is still running So , i Changed the management port from 8089...
View ArticleShow subtotals in results table
I have a search returning results in a table with columns for: date, username, eventcountI'd like to display subtotals in the table something like this.Monday, Fred, 7 Monday, Joe, 15 Totals for Monday...
View ArticleTimestamps jump back a day
I have a source that only contains the time of an event, not the date. It looks something like this:... 08:26:40 event1 08:26:41 event2 13:59:09 event3 13:59:12 event4 ... The order in the source is...
View ArticleAppended search results in XML
Hello,I have the following search giving me retrieving times:index="MyIndex" sourcetype="MyType" | stats count(eval(DURATION<=1)) as "1s" by host | append [search index="MyIndex" sourcetype="MyType"...
View ArticleSorting the months by calender in splunk
Hihow to sort the months according to the calender This is the search query source="D:\AVERAGE_CLOSE_TIME.csv" NOT "Month"| stats avg(Avg_Close_Time) as "Average Close Time in Days" by MonthThis is the...
View ArticleFInd multiple keywords in file and show them on a chart
I have a CSV file in which I have a column containing timestamps and a column containing text. I want to be albe to look for occurrences of certain keywords (let's say 10 keywords) and to show the...
View ArticleTail monitor for user deletion in SQL DB
We face difficulty in creating Tail monitor for user deletion in SQL DB. We have SQL query to get the list of deleted users(As attached). But it is difficult to specify the “Raising Column” which is...
View Articlehow can I find a specific field that is mentioned more than once in one log...
Hi, how can I find a specific field that is mentioned more than once in one log file? The example: Each log file I'm going to concatenate stands the field time=... what shows me the time form the...
View Articlehtm link to display/download xml-field
I have a field "xml", with the content of an xml-file... I want to make a link, so that it is opening a new windows, with the xml-content in it.In fact sideview already do this, but only for the module...
View ArticleWant to get the how many males and female for coverage_name
Dear All,I have some insurance data and i want to see for which coverage_name how many people male have came and how many people male have comei have two fieldscoverage_namegenderi want it like...
View ArticleClient-side installation in javascript sdk
Copy the /splunk-sdk-javascript/client directory to your site.Can anyone brief me about "Your site"Is installation of webserver needed?How to create a proxy?
View ArticleMultiple indexer versions
So we recently put in a few more indexers running 5.0 but our old indexers are running 4.3.1When looking at the Search Job Inspector i see DEBUG: [index01] Adjusting search for peers with version...
View Articlerex vs. extraction field
Hello! Which method is faster? It seemed to me that the rex method is very slow for a large number of events.
View ArticleCalulated value compared to averge over time
I have a large data set with values like this: #date,host,eventid,eventCnt 01/01/2013,myhost1,100,5 01/01/2013,myhost2,122,8 01/01/2013,myhost1,130,10 01/01/2013,myhost2,100,25 01/01/2013,myhost1,130,3...
View ArticleAsset Inventory
Hello,We have a large server farm with applications distributed over a number of different nodes based on load and other factors.I'd like to set up an automatic Asset Inventory to define which apps are...
View Article