Search, top, count inside a transaction
Hi! I would like to know the frequency of each value of a certain field inside a transaction, for example: my event after transaction (mvlist=t) are23/07/2013 17:09 userdi1 value1 userid1 value2...
View ArticleSplunk and QRadar integration
Hello, I am interesting in examples of integration Splunk as data source to QRadar. May be somebody has any? What kind of data, in what format and what way have you sent to Qradar? Is it a complicated...
View Articledbquery correlated subquery
I am trying to query two databases in the following manner: select from the first database using a static query to get a list of values. Next, select from another database using the list of values...
View ArticleRequirement of a datetime.xml to extract from eventdata AND filename.
Hello, I'm have a requirement of reading historical data that has NO year included in the eventdata. The good news is that the filenames include the year. This means the by default Splunk only extracts...
View ArticleClik here to view.
Interactive Field Extraction (IFX) (Regex)
Original message <d:Message>(22/7)17:53 Accident on AYE (towards Tuas) after Jurong Port Rd Exit. Avoid lanes 2 and 3.</d:Message>My XML at here Xml Data. How to extract all the exits only...
View ArticleLogout into navigation bar
Hello,How can i add a logout button into my navigation bar ?Thanks you,Damien
View ArticleUsing Splunk events for business critical systems measurements
I am wondering if anybody have experience with setting Universal Forwarders and Splunk instances up in a way that is fault tolerant and support business critical data.We want to send Business Events to...
View ArticleExtracting two types of fields in a query (IFX)
I have my xml data HERE, I need to extract using Splunk IFX, Generated pattern (regex). Example Xml: <d:message>(22/7)17:53 Accident on AYE (towards Tuas) after Jurong Port Rd Exit. Avoid lane...
View ArticleInteractive Field Extraction (regex)
I have my data here Xml Data, I need to extract using Splunk IFX, Generated pattern (regex). Example 1: <d:message>(22/7)19:55 Accident on ECP (towards Changi Airport) after Maxwell Rd Entrance....
View ArticleStats - a number of different stats but only one by date_month
Hello,I'm trying to report a number of different stats however only one of the stats needs to be by month. All of the other stats are sum/avg/max for the whole period. If I add "by date_month" to the...
View Articlesum the number events based on list of possible values
I have an event with a field = message_id. I have to count the number of occurrences of this id based on a input list of possible values eg. [value1,value2,value3]something like -> | stats count by...
View ArticleIs there already a French translation for Splunk available?
To Translate my Splunk app into French following the advice in: http://docs.splunk.com/Documentation/Splunk/5.0.2/AdvancedDev/TranslateSplunk I noticed that Splunk is not available in French. My...
View ArticleIs there a Splunk .NET SDK?
on the Splunk dev site, I see SDKs for Java, Python, and JavaScript, but none for .NETWhat are the plans around providing a .NET SDK for Splunk?Or perhaps someone else already provided one I can get...
View Articlewheres the php SDK gone? code.google.com/p/splunk-php-sdk/
I can't access the google code location, wheres it gone? code.google.com/p/splunk-php-sdk/
View ArticleSplunk Python SDK unavailable from Google Code
http://code.google.com/p/splunk-python-sdk/ has been displaying a 403 error for a few days now.pip install http://splunk-python-sdk.googlecode.com/files/splunklib3.4.tar.gz is a 403 as well.Does anyone...
View ArticleGetting rid of subsearch
I feel like this should be a piece of cake with distinct count. I'd like to turn this into a more elegant search: searchterms | bucket _time span=1m | stats count by punct,_time | join [searchterms |...
View ArticleError encountered for connection from src=10.100.100.137:48221. Local side...
I'm seeing this error in a heavy forwarder, but I couldn't find any information as to what it could mean.07-26-2013 14:53:59.324 -0600 ERROR TcpInputProc - Error encountered for connection from...
View ArticleHow do I feed an array of strings from the results of a search to another search
I have setup a field extraction that parses OC4J Apache logs of the following format and extracts the ecid:index="app" host="somehost*" sourcetype="access_log-too_small" AND req_status=500 AND...
View ArticleHigh CPU Utilization Report
I'm trying to write a report that will show me the 1 minute time spans from the last two days where a specific machine had a average CPU utilization (the field is called Value) of 75 or higher. This is...
View ArticleSorting multi-series column chart by count field
Not sure why this is so perplexing, but or the life of me I can't get this to sort how I want.The following chart syntax: |chart count(C) as Count by B,Cwhere B is a Month field, C represents 5...
View Article