Splunk Search

Community Activity

Any suggestion about how to make alert faster which has huge size lookup. Hi I have an alert to search proxy logs. And this alert creates its results to match 3 million Proxy logs and looku... by Shuhei052492 Path Finder in Splunk Search 02-28-2018 0 4	0	4
Get user's search history Is there a way to get the user search activity excluding the searches given the dashboards Thanks N by nawazns5038 Builder in Splunk Search 02-28-2018 0 3	0	3
What regex will be needed to remove the double quotes and leave single quotes in place? This populates from a dropdown menu \| search "Application"=""T zone 10.2" OR "Application"="Nitro Run 10.1" OR "Appl... by JoshuaJohn Contributor in Splunk Search 02-28-2018 0 3	0	3
How to add spaces in between my big splunk query? I always wonder how can I break my big splunk query on the dashboard to multiple parts like by providing spaces in be... by pavanae Builder in Splunk Search 02-28-2018 0 2	0	2
How to use mvindex to display second field if present, but show first field if not present? I am looking into login logs from different Event IDs. Some events have two fields for Account_Name, while other eve... by chanthongphiob Path Finder in Splunk Search 02-28-2018 0 1	0	1
How can I manage relative time values passed from a time input and convert to epoch time? Hello, I would like to convert all possible values set in a time input to epoch time format. This means that it sho... by andrewtrobec Motivator in Splunk Search 02-28-2018 0 3	0	3
Can't use a filed for timestamp Hello, I have importing a CSV file with the field2 for the timestamp. It's working. After that I need to create a ti... by Alaza Explorer in Splunk Search 02-28-2018 0 5	0	5
How can I change delimiter on outputcsv ? I want to know how can I change the delimiter on a result file generate by outputcsv commands ? I want to use ";" as ... by macewindum Engager in Splunk Search 02-28-2018 2 5	2	5
How to check if record exists in another index? I have two tables containing ticket numbers: table 1 TicketNumber 1 2 3 table 2 TicketNumber 2 3 ... by michaelrosello Path Finder in Splunk Search 02-28-2018 0 1	0	1
How to configure level of details splunk stream provides from pcaps? Hello, Can anyone help to clarify if it is possible to configure/enhance a level of details splunk stream provides f... by AlesFrohlich Explorer in Splunk Search 02-28-2018 0 0	0	0
count duplicates with results in single value with trendline I want to count duplicates of certain fields in my data. I am using this search: ..mysearch...\| chart count(O_D) as ... by Mike6960 Path Finder in Splunk Search 02-28-2018 0 5	0	5
how to include only office hours in splunk query search? This is my query and its working fine. I want to modify this query to display only official hours data. Example: sear... by guru89044 Explorer in Splunk Search 02-28-2018 0 5	0	5
Alert on any value in any column which exceeds a threshold? I have list of IPs and a number of requests summarized in statistics tab with a following query: \| datamodel X Y sea... by chalak Path Finder in Splunk Search 02-28-2018 0 6	0	6
double condition on filtering So,it's my first question on the forum, I'm working on a dashoard already done (i'm making chages);the conditions,the... by taha13 Explorer in Splunk Search 02-28-2018 0 0	0	0
search.logにDEBUG情報を出力させる方法についてサーチ文を実行したあとにサーチヘッド内の「SPLUNK_HOME/var/run/splunk/dispatch」にsearch artifactのフォルダが生成され、その中にsearch.logがありますが、このsearch.log... by cwl Contributor in Splunk Search 02-28-2018 0 2	0	2
While building web application on splunk, how to add my HTML page to a new app? Hello! I'm looking to build a web app on splunk in order to centralize all of my apps on one place. I've found out t... by omerl Path Finder in Splunk Search 02-27-2018 0 1	0	1
How to search if a component has been down for some time and the event that it is up hasn't appeared for that period ? Hello all ! The task is to alert if a component (pool) is down for more than 10 minutes. Some details: There are dow... by alexeyglukhov Path Finder in Splunk Search 02-27-2018 0 2	0	2
The sort command is truncating output to 10000 rows I am receiving the following message: "The sort command is truncating output to 10000 rows" How do I resolve this s... by efelder0 Communicator in Splunk Search 02-27-2018 13 6	13	6
Why are the events dropping from the search (subsearch used)? I'm using the below search to grab a list of tag_values from one index and use it as a subsearch on another index. I'... by byu168 Path Finder in Splunk Search 02-27-2018 0 2	0	2
check for clashing events on a channel Hi there, Apologies in advance for this question. I'm a beginner learning Splunk and I can't for the life of me fi... by alexm2a Engager in Splunk Search 02-27-2018 0 3	0	3
How to create new rows using conditions. I have 6 sources, each application has it own source location. I used regular expression to get the app names from ... by ibob0304 Communicator in Splunk Search 02-27-2018 0 4	0	4
How do you filter by Host and Account_Name with inputlookup and display only differences? I have currently a lookup table that consists of Account_Name and Host. This was created from Windows Event 4624 (An... by chanthongphiob Path Finder in Splunk Search 02-27-2018 0 2	0	2
How do I use the data from a ping script to build a 30 day availability chart? I have a ping script sending up and down info to a log. I've parsed out the IP to node name using a lookup table, a r... by heybails88 Path Finder in Splunk Search 02-27-2018 0 12	0	12
how do i get a list of all searches performed in splunk? can someone help me with a query to provide me a table of _time, user, search string of all queries performed in splu... by ytl Path Finder in Splunk Search 02-27-2018 1 4	1	4
file upload I deleted an uploaded file"C:\Data\acctdata\snm4-logger.log" but when i am trying to upload it again after renaming i... by srajanbabu Explorer in Splunk Search 02-27-2018 0 5	0	5