Splunk Search

Community Activity

Trying to search a connections log, top 10 hosts sending the most traffic, doesn't seem to be working. Trying to search a connections log, top 10 hosts sending the most traffic, need some help, thanks. by howardsamuels New Member in Splunk Search 11-21-2017 0 3	0	3
How to manipulate the time formats to get the exact results in Status Hi, I have created a query to fetch the status of some jobs in a particular format. There are different scheduled jo... by varunghai Engager in Splunk Search 11-21-2017 0 2	0	2
How can I remove numbers from Y-axis? Hi! I'm having trouble removing the values 0.5, 1 and 1.5 from the Y-axis in the following dashboard: But I need i... by gcescatto New Member in Splunk Search 11-21-2017 0 1	0	1
Why is the tstats command not displaying all data from a data model? Hi I have set up a data model and I am reading in millions of data lines. The issue is some data lines are not disp... by robertlynch2020 Influencer in Splunk Search 11-21-2017 1 2	1	2
Hi, Can i use sum and list command in single query For example, Category \| CategoryGroup \|Price AAA\|Apple \|80 AAA\|Apple \|90 BBB\|Banana\|40 BBB\|Butterfruit\|90 I want to ... by deepa_purushoth Engager in Splunk Search 11-21-2017 0 6	0	6
Please help me in forming Regex. Hi All, Please help me to extract the email ids which is not between <> angle brackets. Sample event: someone@doma... by ansif Motivator in Splunk Search 11-21-2017 0 7	0	7
Finding most recent event by host We are collecting logs from McAfee and Splunk pulls information for each host every 1 Hr. The logs have two fields ho... by anuremanan88 Explorer in Splunk Search 11-21-2017 0 9	0	9
Splunk Dedup by _time and Combine Values Simultaneously I am working with Exchange 2010 data. I have the MessageID, Sender, Recipients, and _time. Depending on the event typ... by cameronwt Engager in Splunk Search 11-21-2017 0 1	0	1
position of a character in a string Hello I'm trying to do a substr to strings such as: google-public-dns-b.google.com cachewas.tdp.net.pe b.resolvers.L... by jrodriguezap Contributor in Splunk Search 11-21-2017 0 5	0	5
AVG days for selection of events In the following search I want to have the average for the events where GB_w is < 15 days \| stats earliest(A_Z) AS A... by Mike6960 Path Finder in Splunk Search 11-21-2017 0 1	0	1
setting some token based on the result of search query Hi, My requirement is to set some token based on the output of search query. my search query return one row and I wa... by AKG1_old1 Builder in Splunk Search 11-21-2017 1 3	1	3
how to retrieve memory value from GC log I have below event from GC log, 2017-11-20T23:13:13.311-0800: 205957.353: [GC (Allocation Failure) 5152315K->4647798... by sangs8788 Communicator in Splunk Search 11-21-2017 0 2	0	2
If 3 consecutive files are found > 1KB in size, send an email alert How can I get results only when 3 consecutive files exceeds 1 KB limit? I tried this with below Query however not ge... by chaitalynavare Engager in Splunk Search 11-21-2017 0 4	0	4
How do I use the latest value given to replace a field that is NULL but both event have one common value? As stated I want the latest value in "Hash Value" and "Type" column to be filled instead of being "NA" and "Unknown" ... by Kitteh Path Finder in Splunk Search 11-21-2017 0 9	0	9
Why does rex/regex return different results than field-extraction? Data: Nov 16 12:50:51 172.23.0.29 Nov 16 12:50:51 dc01 Microsoft_Windows_security_auditing.[1688]: Domain\user1: Secu... by jared_anderson Path Finder in Splunk Search 11-20-2017 0 8	0	8
Splunk enterprise 6.6.1 - existing custom apps are not opening We have few custom apps in our splunk enterprise instance which were opening to all user before. Suddenly custom apps... by mohan_ac Explorer in Splunk Search 11-20-2017 0 1	0	1
How to extract a field using regex at indexing time? Hi, I'm ingesting the data in JSON format. we have a field event.user, which is auto extracted. is there a way to ex... by kiran331 Builder in Splunk Search 11-20-2017 0 4	0	4
eval command Ok I'm feeling kinda stupid this query works index=wholesale_app buildTarget=comcast analyticType=SessionStart \|e... by dbcase Motivator in Splunk Search 11-20-2017 0 4	0	4
How to assemble a field via indirect references to other fields I have logs where the these fields exist: raw_message="Dropped table {table_name}" table_name="jobs" and I want t... by dmankin New Member in Splunk Search 11-20-2017 0 1	0	1
Are there any search and performance pitfalls with keeping data in hot buckets for 1 month and moving it from hot to cold directly? I have gone through the documentation and want to check if a scenario like this will work out: -Hold 1 months data in... by KomalSharma Explorer in Splunk Search 11-20-2017 2 6	2	6
I've a log in which instead of X=Y, it is present as "X":"Y". How do I extract X as a field and Y as its value? I've a log in which instead of X=Y, it is present as "X":"Y". How do I extract X as a field and Y as its value? by sagar1905 New Member in Splunk Search 11-20-2017 0 4	0	4
How can I identify duplicates in a multivalue field based on the value of another field? I need to be able to identify duplicates in a multivalue field. The difficulty is that I want to identify duplicates ... by jedatt01 Builder in Splunk Search 11-20-2017 0 2	0	2
Tokens and Evals I am trying to set up a form input and I feel like I'm missing some basic understanding of how tokens work. Our data ... by mistydennis Communicator in Splunk Search 11-20-2017 0 7	0	7
How do I display fields in two separate indexes I have two separate indexes for example index A and index B. I need to display one field from index A and one field ... by epeeran Observer in Splunk Search 11-20-2017 0 2	0	2
How to split a row by 2 field values I have a sample data which I am trying to split over 2 fields. For Example: In above image we have a test case ID... by Trishant Explorer in Splunk Search 11-20-2017 0 7	0	7