Splunk Search

Community Activity

What are some of the best practices in changing Virtual Index name? Hello, my question is a quickie. We are currently using HUNK to get Hadoop Distributed File System(HDFS) data and pu... by EricLloyd79 Builder in Splunk Search 02-16-2018 0 4	0	4
How to replace python bubble chart with Splunk? I am trying to replace some existing charts we generate from python code with visualizations from Splunk. We have a b... by casswell Explorer in Splunk Search 02-16-2018 0 1	0	1
I want to show the server startup and failure time in two separate columns. How can I do that? Obviously we have two search strings for startup and failure . Please help me on this I want to show the server startup and failure time in two separate columns. How can I do that? Obviously we have two ... by abhi04 Communicator in Splunk Search 02-16-2018 0 2	0	2
How do I calculate a field with another field value from a previous row? Hello Everyone I have a below query that gives me output with 4 fields. sourcetype=* \| fillnull TimesRan value=1 \|... by maria2691 Path Finder in Splunk Search 02-16-2018 0 9	0	9
Percentages of table totals Hi I have a table top 10 ( could be top15) So there table has a the top 10 most popular projects by count split by... by TCK101 New Member in Splunk Search 02-16-2018 0 4	0	4
Why are the extracted values different in the field? Hi all, As I'm newbie and trying to figure out an issue with logs coming from a fortigate utm. I have no clue why I s... by agcorreia Explorer in Splunk Search 02-16-2018 0 1	0	1
How to extract an unmapped field in the stats table from logs? I am trying to extract the value of an unmapped field from logs. I have logs where the status could either be ERROR o... by Nidd Path Finder in Splunk Search 02-16-2018 0 2	0	2
How to redirect from a search result to a second search in a dashboard? How to redirect from a search result to a second search in a dashboard. I have a panel in dashboard which displays ex... by abhi04 Communicator in Splunk Search 02-15-2018 0 1	0	1
Can i input a list of ServiceNames from the a file and then get the status of those services from the data in splunk servers ? I have a list of services. I want to create a kind of a health check report for all the services. The problem is I a... by varun99 Path Finder in Splunk Search 02-15-2018 0 1	0	1
Why the renamed values doesn't show on the pie chart? Hi Guys, I am creating a pie chart with the below query. I renamed and replaced the column and field values. The dat... by auaave Communicator in Splunk Search 02-15-2018 0 4	0	4
How can I get a count of entries where one value is 0 or greater than 0? I have a Splunk Query that is returning data, similar to: ComputerName NumVulns Computer1 10 Computer... by BearMormont Path Finder in Splunk Search 02-15-2018 0 3	0	3
What is the difference between System and Search within indexes? Name Actions App Current Size ... by shawno New Member in Splunk Search 02-15-2018 0 1	0	1
Count of users Hi, We have some events in which two fields appname and UserID are listed. Which shows in each event that which user... by macadminrohit Contributor in Splunk Search 02-15-2018 0 6	0	6
How to compare results and assign values from Lookup? Hello everyone, Splunk beginner here!! Just trying to do something simple. I have a list of students being obtained ... by dhawanvarun Explorer in Splunk Search 02-15-2018 1 8	1	8
Timechart minimum values Hi, I have this data this is retrieved once per hour (more or less on the hour) for the past 7 days. readyArmed,323... by dbcase Motivator in Splunk Search 02-15-2018 0 10	0	10
Why is the table in dashboard reporting "No results found" when there are in fact results found? We have a table in a dashboard that shows "No results found." when in fact there are results for the search based on ... by simpkins1958 Contributor in Splunk Search 02-15-2018 0 6	0	6
dbxquery eval _time as column Hi all, I am trying to set the values in column insertepoch in a mysql database to be the new _time index in splunk... by zhatsispgx Path Finder in Splunk Search 02-15-2018 0 3	0	3
How to table a KV output? Hi Team, I used the below query to extract the log file. index="test" sourcetype="todayline" \| kv pairdelim="\r\n" ... by senthamilselvan Engager in Splunk Search 02-15-2018 0 2	0	2
How can I eval a new field using only partial values from existing field? Apologies if my question's title is non-descriptive. I am working through extracting an 'action' field from an existi... by SMWickman Explorer in Splunk Search 02-15-2018 0 2	0	2
How can my search query show all duplicated events by field? I'm trying to search data from our Infoblox switch port capacity source, and there are many interfaces that have an i... by EricG1793 Engager in Splunk Search 02-15-2018 0 8	0	8
How to create a search which shows machines being mined as opposed to staff visiting sites with the word "CoinHive" in them and how to get events which are actually effecting users? Good Morning Out of interest I wondered if anyone had a Splunk Search, which clearly showed machines being mined as ... by DDewarSplunk New Member in Splunk Search 02-15-2018 0 1	0	1
How can I do field extraction on a security log using regex? I need a little guidance on rex field extraction on the following "redacted" security log. Unfortunately, I don't ha... by Log_wrangler Builder in Splunk Search 02-15-2018 0 6	0	6
How to subtract two time fields? How would I go about subtracting EndTime from BeginTime? by cotyp Path Finder in Splunk Search 02-15-2018 0 9	0	9
Creating a custom date field Hi, Is there a way to create a custom date field in Splunk? Sow lets say I have multiple events, all of these event... by ebruozys Path Finder in Splunk Search 02-14-2018 0 3	0	3
How to use subsearch inside a map command search? I have a query that uses map and subsearch inside map command as below: index=myindex \| eval email="email@xyz.com" \|... by rajim Path Finder in Splunk Search 02-14-2018 0 7	0	7