Splunk Search

Community Activity

Not able to get response queries with special characters in If statement Hi, I am trying to get response time between events using below query but for some reason i am not being returned a... by dharmeshbhavsar New Member in Splunk Search 01-05-2018 0 4	0	4
AND OR not working correctly I am getting the below error when trying to form an AND & OR in my query. Error in 'eval' command: The expression i... by davidcraven02 Communicator in Splunk Search 01-05-2018 0 6	0	6
Eval and stats not bring friendly index=ios host=1.1.0.2 src_ip="1.2.2.1" "NBRCHANGE" \| head 1 \| eval status = if(like(_raw, "%down%"), 1 , 0) \| sta... by LoganRhamy New Member in Splunk Search 01-05-2018 0 5	0	5
Count occurrences of all values of a field for another field Hello all, I am trying to count all the occurrences of keywords that show up in logs. Here is an example: Here is lo... by behudelson Path Finder in Splunk Search 01-05-2018 0 7	0	7
How does one search for a CIDR range of addresses? If I want to search for a range of addresses, say anything in 10.0.1.0/24 from anywhere in the log, how do you do tha... by samalchow Observer in Splunk Search 01-05-2018 0 3	0	3
Data stored using the collect command takes a long time to become searchable. Hi, I am using a DBXquery and then collecting the returned data into an index. I am doing this on a search head whi... by cathaladams21 Engager in Splunk Search 01-05-2018 0 1	0	1
EVAL causes a field to be blank I need the field "Location" added to my search as seen in the screenshot attached. However, in this query below the L... by davidcraven02 Communicator in Splunk Search 01-05-2018 0 3	0	3
Watt to kWh Hi all, I monitor my electricity consumption using a device which takes the current Watt consumption every minute an... by Greenwell01 New Member in Splunk Search 01-05-2018 0 2	0	2
Regex for multline events Hi , The Logstash client on the application box is configured to identify multiline events and send each event as a ... by Mohsin123 Path Finder in Splunk Search 01-05-2018 0 1	0	1
How can I get total duration of time for which each user logged in to splunk for this month. We have many users using splunk dashboards and we want to know total time for a user logged in to splunk system for t... by jitendragupta Path Finder in Splunk Search 01-05-2018 0 2	0	2
How to retrieve the events based on the selected values from the Statistics table Hey, I am trying to retrieve the events based on the selected values from the Statistics table IBD TOTAL SUC... by rajeswariramar New Member in Splunk Search 01-05-2018 0 4	0	4
Splunk ML app not looking at the entire data Hi, We are evaluating Splunk for our ML use case. We are using "Free splunk" at this point of time for the evaluatio... by shrivallabhd New Member in Splunk Search 01-05-2018 0 0	0	0
How to dynamically change number of rows displayed in the table with simple XML using Splunk 6.1.x? I am using Splunk 6.1.2 and have a panel with a table developed in simple xml. I would like to allow users to be abl... by somesoni2 Revered Legend in Splunk Search 01-05-2018 6 11	6	11
DF details not rolling in servers We are trying to get df details in our log. these details are rolling in few servers but it is not rolling in few ser... by Manoshanni New Member in Splunk Search 01-05-2018 0 1	0	1
i want to keep the SSED_BUS-number as it is and i want mask other number and email id SSED-BUS-0123 the package is failed to accept SSED-BUS-1466 master id 1-fjdfh23 SSED-BUS-13583 master 85793 SSED-BUS-... by DataOrg Builder in Splunk Search 01-05-2018 0 2	0	2
pls help with regular expression i want to keep the pattern of specific word which starts with OS0003/SSED-BUS-0015 as it is and want to mask others n... by DataOrg Builder in Splunk Search 01-04-2018 0 3	0	3
the search job terminated unexpectedly This search take only a few second to come back index=* sourcetype=* (source="/opt/data/-AA_.csv" OR source="/opt/dat... by srobinsonxtl Path Finder in Splunk Search 01-04-2018 0 4	0	4
Convert multi-value expression to field names and values I have a string, "one:isone,two:istwo,three:isthree" The goal is to convert these to fields and values, without k... by rharrisssi Path Finder in Splunk Search 01-04-2018 0 1	0	1
Rex extraction I have a field called "user", i'm trying to extract the username from the string and create a new field called extrac... by redferrari New Member in Splunk Search 01-04-2018 0 4	0	4
Run Alert Every Few Hours Between Specific Hours/Days I have some events that only happen every few hours between the hours of 8AM and 6PM, M-F. So, I want to set up a lo... by SplunkLunk Path Finder in Splunk Search 01-04-2018 0 2	0	2
Changing of management port still pointing to DS & receiving the logs. My question might be weird. I change the management port on one of endpoint(universal forwarder)from multiple forwar... by N92 Path Finder in Splunk Search 01-04-2018 0 1	0	1
Why Doesn't Coalesce work in an If/Case Statement? I am trying to write a search that if the field= Email then perform a coalese, but if the field isn't Email- just put... by katzr Path Finder in Splunk Search 01-04-2018 0 10	0	10
How do you include a literal double quote character in a Splunk Regex I'm using the _rex command and I want to create a regular expression that contains a literal double quote character. ... by jbrenner Path Finder in Splunk Search 01-04-2018 1 4	1	4
Sort and Sum...a more elegant way? New to dbs and Splunk. Querying against a CSV file of buy events. Want to return top 10 Users by purchase totals. ... by JamesPineda New Member in Splunk Search 01-04-2018 0 1	0	1
How do I edit my rex mode=sed syntax to replace part of my sample URIs with static text? Hi, I have URIs like this: /appliance/detail/v3.0/vendor/3423434erts/fridge /appliance/detail/v3.0/vendor/6757dfs32... by xvxt006 Contributor in Splunk Search 01-04-2018 0 5	0	5