Splunk Search

Community Activity

Finding the minimum and maximum value Hi All, I have 3 files in one index, Cycle 10.csv, Cycle 11.csv, and Cycle 12.csv. All of the 3 files have a "Cycl... by jvmerilla Path Finder in Splunk Search 03-09-2018 0 1	0	1
Can you display a long list using multiple columns to fit more data on the screen I have a table that has 2 narrow columns. Is there a way to get splunk to display the output in multiple columns of t... by a238574 Path Finder in Splunk Search 03-09-2018 0 1	0	1
how do I know if a search head restart did make my results incomplete? My admin team frequently needs restart our search heads while I have a long running query still running. When this h... by MonkeyK Builder in Splunk Search 03-09-2018 0 4	0	4
Transaction missing fields I have a search defining a Transaction across (2) different log files. The problem is that some fields (not all) are ... by ericrobinson Path Finder in Splunk Search 03-09-2018 1 4	1	4
Why does the map command return no results? Hi everyone, I have a use case where I need to iterate over multiple query strings and execute each of them, so I th... by bojanisch Path Finder in Splunk Search 03-09-2018 0 2	0	2
How to change the position of splunk loginform? HI! Could you help me changing the position of the splunk loginform in the top right corner of the splunk login page... by johnraven Explorer in Splunk Search 03-09-2018 0 4	0	4
Put the time a the top of a timechart Hello, How can I have a table like the picture with the time a the top, the type on the right side and a count by dat... by Alaza Explorer in Splunk Search 03-09-2018 0 5	0	5
how can I save rex to IFX? I am using rex to split an existing field,can I use the same rex in IFX ? \| rex field="External ID" "(?.*)_" I want... by vrmandadi Builder in Splunk Search 03-08-2018 0 18	0	18
Events from 2008 r2 fileshare to splunk hi All, i have a 2008 r2 server that is a file share, i have setup a universal forwarder to send logs to splunk. Tha... by Jamesfirth New Member in Splunk Search 03-08-2018 0 4	0	4
How can I run searches against the Splunk API? I want to run searches against the Splunk API. How can I do this? by Simeon Splunk Employee in Splunk Search 03-08-2018 4 7	4	7
Formatting output in table Hi all, I've a request to come out with a table with information as below. My query so far is to extract the requir... by krusovice Path Finder in Splunk Search 03-08-2018 0 3	0	3
How do I subtract two fields containing %m%d%y format time values to get the age of an event? I'm trying to create a new field that is the result of the Current Date minus the time stamp when my events were crea... by johnward4 Communicator in Splunk Search 03-08-2018 0 8	0	8
How to add a static value to a table with one column? I'm trying to add a single value to a table I use to dynamically populate a selector in a dashboard. The search I use... by brajaram Communicator in Splunk Search 03-08-2018 0 4	0	4
How to find time range duration or value? In searching, I understand that I can specify the time range using one of the presets (like "Last 4 hours") or set it... by flow2k Explorer in Splunk Search 03-08-2018 0 1	0	1
How do I chart 2 searches on one chart? Searches index=nix sourcetype=cpu host="host a" CPU="all" \| eval Percent_CPU_Load = 100 - pctIdle \| timechart limit... by afamoyib Path Finder in Splunk Search 03-08-2018 0 3	0	3
updating geolocation DB Currently, we are running 6.6.2 and are using the geolite2 DB to do the iplocation mapping. I have read the followi... by wainwrid Engager in Splunk Search 03-08-2018 0 1	0	1
How to extract a field with date string values? I extracted a field SNDateCreated (regex shown below), the values in this field are represented as strings. index="... by ashishlal82 Explorer in Splunk Search 03-08-2018 0 1	0	1
How to trigger map only when variable value exists? This query capture the id from logs and make a search in the database, when there is a id value in logs it works well... by ibob0304 Communicator in Splunk Search 03-08-2018 0 1	0	1
Universal Forwarder blacklist - Can anyone help with a simple regex? Hi everyone, On my Universal Forwarder, I'm able to effectively blacklist Windows event codes when I do it based on ... by baf879 Path Finder in Splunk Search 03-08-2018 1 28	1	28
chart count over in splunk \| rest /services/authentication/users splunk_server=local \| search [\| rest /services/authentication/current-context \|... by surekhasplunk Communicator in Splunk Search 03-08-2018 0 1	0	1
Best way to have the Splunk Indexers handle a CSV log file... by balbano Contributor in Splunk Search 03-08-2018 0 6	0	6
How to find out the event with max duration? How to find out the event with max duration? I used command transaction to group events and I want to find out the ev... by chhawu New Member in Splunk Search 03-08-2018 0 5	0	5
How to find unmatched value present in the list? Let suppose,In a list(owner_name) as owner_name we are having following values, shyam ram Shyam Shyam And we have to... by pal_sumit1 Path Finder in Splunk Search 03-08-2018 0 4	0	4
Match data from items listed in column of csv file I have a .csv file with multiple columns. This is an auto-generated .csv file, and I only need to search against one ... by iomega311 Explorer in Splunk Search 03-08-2018 0 2	0	2
Populating Additional Information on Field Data I'm getting log data from a system that uses codes for each entry and I'd like to replace or add a description of the... by chrisschum Path Finder in Splunk Search 03-08-2018 0 3	0	3