| | The use of LINE_BREAKER is a bit cryptic to me... ok, a lot. But I think I've managed to figure out how to break my ... 0 6 | 0 | 6 | |
| | When I've created a new index. how can I direct certain sourcetypes to be indexed in that new index, rather than into... 0 1 | 0 | 1 | |
| | When attempting to make a Simple Form Search using the Developer Manual documentation, I encounter the error: Not... 0 1 | 0 | 1 | |
| | What I'm trying to do: at index time, create a multiline event based on a unique ID. In the data sample below, I nee... 2 6 | 2 | 6 | |
| | On the page 'Manager > Searches and reports,' enabled scheduled searches have a 'View Recent' link. I have 2 schedul... 1 9 | 1 | 9 | |
| | Such a helpful command, and yet doesn't work for me... 1 3 | 1 | 3 | |
| | When I run this search - source="*conn.log" | rex field=_raw "\.IP = '(?<connectionIp>[^']+)" | fields host, connect... 4 1 | 4 | 1 | |
| | We are attempting to create a report that compares message traffic for the past two complete weeks. We have this as... 0 2 | 0 | 2 | |
| | Any recommended best practices for managing eventtypes and their corresponding tags? I've found the Splunk Common In... 0 2 | 0 | 2 | |
| | What is wrong with this regex? (?P<AUTH_PIN_TYPE>[^ ]+)( [^ ]+){2}$ The interactive field extractor gives this err... 0 5 | 0 | 5 | |
| | I am using the transaction command to sessionize web access log events and therefore have made referer, uri etc. into... 4 3 | 4 | 3 | |
| | Let say I have events coming in everyday and I want to group the events as Monday's events, Tuesday's events, and so ... 1 2 | 1 | 2 | |
| | Sometimes Splunk sets the sourcetype on an incoming file as breakable_text or too_small. What determines these sourc... 1 1 | 1 | 1 | |
| | Use Case: Find Juniper firewall events where the source/destination IP (Src_Zone/Dst_Zone) does or does not belong in... 5 5 | 5 | 5 | |
| | Use Case: Correlate logon events from a Windows desktop to events on the domain controller. Sample (shortened) event... 2 9 | 2 | 9 | |
| | I've got an application that logs status events. The values in these events generally will not change. Is there a s... 1 1 | 1 | 1 | |
| | I'm trying to use Splunk to monitor both runtime metrics and configuration state of a server application like JBoss o... 2 4 | 2 | 4 | |
| | What is wrong with the way I'm using eval here? source="/some.audit.log" "End" "/foo/baz" | rex field=_raw "(?P<ReqI... 0 5 | 0 | 5 | |
| | I don't want to restart splunk right now, but the UI is giving my and my users an annoying message saying I need to r... 2 2 | 2 | 2 | |
| | I have a report on my dashboard that takes a very long time to build, how can I use summary indexing to improve the p... 0 3 | 0 | 3 | |
| | Sometimes I come across an event in my index that I'd like to refer to later, either as part of an investigation or t... 1 3 | 1 | 3 | |
| | I'm thinking about using the DEDUP commend to solve the following problem: I have an event with an ID field and I'd l... 2 1 | 2 | 1 | |
| | I have a saved seach setup to check every minute for file changes. I have the start time set for [-1m] to search bac... 2 1 | 2 | 1 | |
| | I have a log which often has redundant events, where "redundant" is defined as 2+ events, on subsequent lines, where ... 0 2 | 0 | 2 | |
| | I need to understand how adding fields to raw data will increase our index size growth. We are in the process of addi... 2 1 | 2 | 1 | |
