The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.

Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.

Forums: Posted by muebel

Topics 1–9 of 9

Topic	Author	Replies	Latest Post
Splunk Search Owner - Config Location In: SplunkSearchAndAlert (Not tagged) Where is the configuration file that lets you change the owner of a particular saved search?	muebel Posts	1	26 months ago...
CheckPoint OPSEC LEA In: SplunkApplications (Not tagged) I am going to be wrestling with getting checkpoint logs into splunk very soon. Had LEA-Loggrabber working ...	KGolomb Posts	11	27 months ago...
splunk-labs In: SplunkDev (Not tagged) I was very excited to find http://code.google.com/p/splunk-labs/# and then noticed this part: **Available ...	muebel Posts	–	27 months ago...
Rename multiple fields in a search In: SplunkReporting (Not tagged) I am trying to use the rename command to rename multiple fields in a search. I have tried: \| rename ...	muebel Posts	1	27 months ago...
Regex in Key-Value for Search? In: SplunkSearchAndAlert (Not tagged) I know you can do something like EventCode=* to pull up all values of EventCode field, but how would ...	muebel Posts	3	30 months ago...
Splunk saved search not returning results on Dashboard In: SplunkGeneral (Not tagged) Worked with support and was informed that this was a known issue corrected in 4.0.7 The temporary fix ... I have a saved search set in an Data Table Panel on a Dashboard. When I load the dashboard the search ...	muebel Posts	3	30 months ago...
Expanding Log Sample in Interactive Field Extractor In: SplunkGeneral (Not tagged) Hello! Is there a way to increase the log sample size int he interactive field extractor? I am trying ...	muebel Posts	–	32 months ago...
Trying to extract fields from 2K8 security logs In: SplunkGeneral (Not tagged) Figured out the string that matches it. (?i)Account\sFor\sWhich\sLogon\sFailed:\sSecurity\sID:\s.\sAccount ... Thanks for the help. I am now looking at the TOKENIZER idea as described here http://www.splunk.com/base/Documentation/4.0.2/Knowledge/ConfigureSplunktoparsemulti-valuefields It ... This is what I got so far as far as a regex goes: (?i)Account For Which Logon Failed:\n\p{Zs}Security ... Hello! I am examining failed logon attempts in wineventlog:security and find that Account Name is ...	muebel Posts	4	32 months ago...
lookup table help In: SplunkGeneral (Not tagged) bamp. Hello. I am trying to use a lookup table to correlate many field values with one "Common name." e.g. ...	muebel Posts	2	33 months ago...

Forums: Posted by muebel

Description:

Permalink:

Splunk.com

Product:

Solutions:

Industries:

Partners:

About_us:

Support:

Services:

Resources:

Download