Splunk Search

Community Activity

Maxmind GeoIP2 updates in a Clustered Environment I have a multisite indexer cluster with one SH I configured automated GeoIP2-City Maxmind DB (paid subscription) down... by Ovi Path Finder in Splunk Search 12-16-2017 1 1	1	1
Is there a way to group by multiple fields in a timechart? All, I am looking to create a single timechart which displays the count of status by requestcommand by action. So t... by daniel333 Builder in Splunk Search 12-15-2017 0 2	0	2
How to get the volume of events at a specific percentile? Let's say you have 100 events, and each one increases in duration by 1 second. So event 1 is 1 second long and event ... by efavreau Motivator in Splunk Search 12-15-2017 0 1	0	1
"ERROR" Search Factory: Unknown search command '1'. when I ran a script to access Splunk API , and got this error: Search Factory: Unknown search command '1'. could you... by jenniferhao Explorer in Splunk Search 12-15-2017 0 8	0	8
How can i set different timeline for my search? I have the following search: index="monthlycdr" "Call Duration"=* Name=\"***\" \| eval "Call Duration"=replace('Cal... by tamduong16 Contributor in Splunk Search 12-15-2017 0 9	0	9
How to combine a search result and an inputlookup file? etc = removed text for anonymity I have a very complex search query that input the following table: Network , Sou... by gingyish New Member in Splunk Search 12-15-2017 0 2	0	2
Why are subsearches and joins hard-stopped at 50k? I need to compare two CSV lookup files - need to see which records that are in the first CSV are NOT already in the s... by redc Builder in Splunk Search 12-15-2017 0 7	0	7
lookup several fields in one lookup command Currently I use lookups on a new row each for several fields i want to run through the lookup, like so: \|lookup my_l... by christoffertoft Communicator in Splunk Search 12-15-2017 0 10	0	10
How to assign a string value from a subsearch to a eval which should map to all the events? I am trying to extract a value and add it to every events of that sourcetype. source="c:\\splunk monitors\\log(2).tx... by sudeshna_dash New Member in Splunk Search 12-15-2017 0 5	0	5
How to create a new field from existing field values I have a field with values similar to this: TagName=15PI008_15 The _15 portion of this value is the part I need to e... by stevenbutterwor Path Finder in Splunk Search 12-15-2017 0 5	0	5
How to extract a part of a field? Hey, i have got a field extraction called mail. So i get different kind of mails as output. But it appears the fol... by reschal Explorer in Splunk Search 12-15-2017 0 3	0	3
How to set a different drilldown for each cell in a table in my Simple XML dashboard? Does anyone know of a way or have a good link on how to set a different drilldown for each cell in a table? I'm usin... by sidekix24 Path Finder in Splunk Search 12-15-2017 2 21	2	21
Field extraction is having issue for a value a by shubhamnyaik Explorer in Splunk Search 12-14-2017 0 2	0	2
FEATURE REQUEST - Show percentage values on the Y-axis of a chart I would like to see the possibility of showing percentage values on the y-axis of my charts (so 1% to 100%). Currentl... by mblauw Path Finder in Splunk Search 12-14-2017 0 10	0	10
Nested search? Hi, I have 3 queries that I need to combine. The first one gives a list of clientSessionId's index=wholesale_app D... by dbcase Motivator in Splunk Search 12-14-2017 0 7	0	7
How to trigger and terminate the alert Hi, My question is on monitoring. Currently, we have an alert which is triggered when certain percentage of call fa... by chprvn New Member in Splunk Search 12-14-2017 0 3	0	3
Identify when has appear more than 10 errors in one hour Hi, splunkers. I need to generate an alert when the count of errors are greater than 10 in one hour. This is easy, b... by nsanchezfernand Path Finder in Splunk Search 12-14-2017 0 1	0	1
App not getting deployed Hi, I have an app that is not getting deployed to forwarder but there is telnet connection to port 8089 from deploym... by kteng2024 Path Finder in Splunk Search 12-14-2017 0 3	0	3
timechart with range (_time) not working I have created two event types from logs to capture messaging events received and processed, having same contextId; f... by hariatsplunk Engager in Splunk Search 12-14-2017 0 3	0	3
Show in a Dashboard the first two pages of a table Hi all I have here a Kiosk Dashboard where i'm showing some hosts. There are at the moment 34 hosts to show, but i h... by Elsurion Communicator in Splunk Search 12-14-2017 0 3	0	3
What is the right way of logging data to extract as a custom field? I need to extract the field clientBizId from splunk events. For my application, log events are not indexed properly (... by naveenchappa New Member in Splunk Search 12-13-2017 0 4	0	4
Field not getting identified in Splunk in search abc by shubhamnyaik Explorer in Splunk Search 12-13-2017 0 3	0	3
Data indexed but not displayed in Search in splunk enterprise Hi Team, I have successfully indexed the data but it is not getting displayed in Search, don't know what has gone wr... by samsingnok52 Engager in Splunk Search 12-13-2017 0 7	0	7
How can I use transaction to break down the sub processes of a duration? I have numerous exposures captured in the log with minimaly structured data like the following. . . 2017/12/11 13:06... by tucker28 New Member in Splunk Search 12-13-2017 0 2	0	2
Field extraction using regex -- Do I need to use an if or eval for this? I'm a newbie/rusty w/ regex and I'm sure I'm over thinking this. I have lines from a firewall log and I would like t... by dipasqum Observer in Splunk Search 12-13-2017 0 3	0	3