Splunk Search

Community Activity

How to efficiently search for a specific message in my data without aggregating millions of useless logs? I'm running a search on the same index and sourcetype with a few different messages, but one particular message has s... by SplunkIsLife Explorer in Splunk Search 11-29-2017 0 4	0	4
How to find the time duration between logins Hi, I have a fun one.... fun being the operative word  I have data that looks like the below when someone logs in... by dbcase Motivator in Splunk Search 11-29-2017 0 4	0	4
combine events Hi, I am working on a search. The data consists of requests and answers. The answer and the request have the same uni... by Mike6960 Path Finder in Splunk Search 11-29-2017 0 6	0	6
How can I search across two sourcetypes for matching fields and output a table with matching results? Hi I have one index with two sourcetypes: S1 and S2. In sourcetype S1 I have fields A, B, C and in sourcetype S2 I h... by vkrishnachand New Member in Splunk Search 11-29-2017 0 4	0	4
Using two timechart to calculate the sum (each 15mim) and then the max (by day) by Folder Hi, I'm new in Splunk (and my knowledge is very basic) and I have to build a complex dashboard with multiple indexes... by fariapm1 Explorer in Splunk Search 11-29-2017 0 2	0	2
How to search for the users logging into a server that have never logged in before. Working on real time data.I want to search for users logging into the server that have never logged before. by ntalwar New Member in Splunk Search 11-29-2017 0 1	0	1
Lookup Max Match How can I change the limit on the number of results matched per lookup value? I have a lookup value which has 183 mat... by obhatti Explorer in Splunk Search 11-29-2017 0 4	0	4
Using where with a wildcard I want to dynamically remove a number of columns/headers from my stats. So my thinking is to use a wild card on the ... by HattrickNZ Motivator in Splunk Search 11-28-2017 0 24	0	24
Why isn't my lookup command working? Hi, I have a problem when searching my lookup field. I added a lookup file to my search with 3 fields (Vulnerability... by khanlarloo Explorer in Splunk Search 11-28-2017 0 21	0	21
what is the splunk command that when search all and see all different kind of log as a whole? what is the splunk command that when search all and see all different kind of log as a whole and that can parse any d... by hoyeunglee New Member in Splunk Search 11-28-2017 0 13	0	13
Getting first match field in a event In a service log different API being invoked each API start with ~( like ~getenrolled, ~enroll, ~submit) so is there ... by apand84 Engager in Splunk Search 11-28-2017 0 4	0	4
How to create a 3 dimensional chart from 2 different sources ? I am trying to build panel which will show when GC occurred and what was the CPU time when GC occurred & before GC oc... by sangs8788 Communicator in Splunk Search 11-28-2017 0 2	0	2
How do you use the rangemap and metadata commands in Splunk? I'm trying to understand the usage of rangemap and metadata commands in splunk. I have gone through some documentatio... by pavanae Builder in Splunk Search 11-28-2017 0 4	0	4
How to disable an alert on an event within "x" time of another event? Hello, We have 2 searches, one gets us a result that says something along the lines of "this product was removed". T... by WoolarCJ New Member in Splunk Search 11-28-2017 0 4	0	4
Append a column based on conditions I have a log file as below: Time Event_Type Event_Name ----------------------------------------------... by rojit Explorer in Splunk Search 11-28-2017 0 2	0	2
Comparing values of fields without specifying field names Hi, I have three fields, lets call them: x = 6 y = 6 z = 0 What I want to be able to do is compare each of the fie... by mahbs Path Finder in Splunk Search 11-28-2017 0 6	0	6
Why am I getting jms_ta errors? Unable to initialize modular input "jms" defined inside the app "jms_ta": Introspecting scheme=jms: script running fa... by sbattista09 Contributor in Splunk Search 11-28-2017 0 6	0	6
Event by Event Math I have a data stream that produces a series of values at a series of times. I need to do running calculations based ... by DanielAlt New Member in Splunk Search 11-28-2017 0 7	0	7
Compare standard deviation results for two sets of results I have a query that uses stdev on the field value "queue_length" by field "queue_name". I need a query that gives me ... by gauravg_cvent Engager in Splunk Search 11-28-2017 0 2	0	2
Duration of two events by status! hi, my raw data look like this: 12:01:11:000 ip: "123.456.789" = "1" 12:01:12:000 ip: "123.456.789" = "1" 12:01:13:0... by reschal Explorer in Splunk Search 11-28-2017 0 7	0	7
How can i search for a host wich must have 3 letters at the begin of the dns name ? Hi, i want to search for hosts which always have 3 letters at the begin of the dns name. search: index="myindex" h... by criedman Explorer in Splunk Search 11-27-2017 0 6	0	6
Troubleshooting timebased lookup table HI Everyone Is there a way you can see how lookup table examed each value and make the call whether it is match or no... by samlinsongguo Communicator in Splunk Search 11-27-2017 0 8	0	8
Need to compare fields in a csv I want to create a search that will use a csv to ignore results if the result of the search has fields equal to a row... by gerrydevenney Engager in Splunk Search 11-27-2017 0 5	0	5
declaring a variable in splunk dasboard and make available to all searches I have a splunk dashboard with multiple panels/searches. My sample dashboard below. I want to be able to declare a v... by HattrickNZ Motivator in Splunk Search 11-27-2017 2 5	2	5
search event base on given time I have two information door swipe card record and user logon record door swipe card record user swipetime result user... by samlinsongguo Communicator in Splunk Search 11-27-2017 0 5	0	5