Splunk Search

Community Activity

Is there a way to determine what are my most expensive field extractions? All, How can I determine which search time field extractions are my most costly? by daniel333 Builder in Splunk Search 10-31-2017 1 1	1	1
急に全てのサーチが遅くなりました 6.5.2を使っていますが、昨日まで速く実行できたサーチでも、今日になって急に遅くなりました。事象の特定としては、 1. サーチは、どのユーザから実行しても遅くなっている。 2. ブラウザのキャッシュを削除してからでも、サーチは遅い... by cwl Contributor in Splunk Search 10-31-2017 0 1	0	1
What's the best way to compare data in two different environments with outputlookup? Hallo splunk users, What is the best way to compare the same data in two different environments (producktion and la... by AydinCan Loves-to-Learn Lots in Splunk Search 10-31-2017 0 4	0	4
how to migrate my saved searches/dashboard/apps from non-cluster to a cluster? I have single Splunk instance and would like to migrate to a new search head cluster and the index cluster. I have... by danielwan Explorer in Splunk Search 10-31-2017 0 1	0	1
Splitting single lookup table column/field to filter on multiple fields We have JSON logs being stored in Splunk. A sample log record looks like : { data: { "hostname":... by technie101 Explorer in Splunk Search 10-31-2017 0 6	0	6
How to use append and join in same search Hi , I need to use both append and join in same commmand .Please help me to change the below sql to splunk search ... by umsundar2015 Path Finder in Splunk Search 10-31-2017 0 9	0	9
Passing dynamic value from stats to the remaining part of search I want to pass latest_date for null value so that inprogress count sits there as there is no completion date for inpr... by k_harini Communicator in Splunk Search 10-30-2017 0 5	0	5
xmlkv usage I have a log file entry that looks like this (this is the VERBATIM entry from the access log): 2012-08-06 13:25:02,1... by asarolkar Builder in Splunk Search 10-30-2017 0 2	0	2
Alternative to Joins I have 2 indexes say (A1 and A2) I have Fields a,b,c,d in index A1, In the index A2 I have fields b,e,f,g . I need t... by vikasreddy Explorer in Splunk Search 10-30-2017 0 5	0	5
How to improve automatic sourcetype extraction I'm building a Splunk App and I'd like my users to be able to point the import a single folder and have it accurately... by JacobCarrell Explorer in Splunk Search 10-30-2017 0 1	0	1
Field transformation on source not working Hi There, There is no content in dummy field although the regex works fine. Please could you help me with this? Ty... by archananaveen Explorer in Splunk Search 10-30-2017 0 8	0	8
Extract fields or define eventypes -- Which is better for large logs? Hi There, I have huge logs and there is not a definite pattern in the logs. Should I sit down to add each and ever... by archananaveen Explorer in Splunk Search 10-30-2017 0 7	0	7
Compare field from 2 sources and return when source1 has no match in source2 I am attempting to take IPs from 2 different sources and output a list for when Source1 has a unique IP that is not p... by axinjakson Explorer in Splunk Search 10-30-2017 1 6	1	6
How to get city or county names using latitude and longitude values in Splunk? Hi I have a CSV file with the list of latitudes and longitudes to display on the map. I want to get the count of even... by sravani27 Path Finder in Splunk Search 10-30-2017 0 5	0	5
Case with multiple matches Hello all, I am trying this search but it's not working. Only the first match count is returned. index=abc* sou... by maniishpawar Path Finder in Splunk Search 10-30-2017 0 2	0	2
Why isn't my dynamic lookup returning a value? I have been staring at this problem for eons but I'm stuck. I have two dynamic lookups. volumeCheck (external looku... by erickyi Path Finder in Splunk Search 10-30-2017 0 2	0	2
Is Splunk extracting unnecessary fields? I've noticed that my searches are taking a very long time to complete. For instance, a one-hour search for Bro IDS e... by joshua_hart1 Path Finder in Splunk Search 10-30-2017 0 8	0	8
How to read data from a lookup table and then use these values to compare and make a decision (more like a matrix table)? I have a lookup table that looks like this: Variable1---variable2---Score 0--- null ---3 0---500---2 500---100... by sh254087 Communicator in Splunk Search 10-30-2017 0 1	0	1
Is it possible to use a lookup table to populate a search where the values in the table become a series of OR statements Right now I am tasked with creating a report for a department showing who is using elevated privileges in Linux and f... by Admiral_Marith Explorer in Splunk Search 10-30-2017 0 2	0	2
How to extract event_id and STATUS? I have a single row event that populates the below values and i would like to extract eventid=389643 and STATUS=FINIS... by jayakumar89 Explorer in Splunk Search 10-30-2017 0 3	0	3
splitting and inverting How do I go from: ”metrics=[a=1,b=2,c=3]” ”metrics=[a=2,b=5,c=6]” ”metrics=[a=1,c=3,c=4]” To: “a,b,c” “1,2,3”... by jamesrender New Member in Splunk Search 10-30-2017 0 12	0	12
How can I count different types of Splunk searches Hello, I am reading the following resource from Splunk documentation and I find that there are 8 types of searches in... by arpit_arora Explorer in Splunk Search 10-30-2017 0 3	0	3
Chart over multiple variables day_receive_time="Wed, Oct 25, 2017" device_name="apple" app="mssql-db" bandwidth_consumption="161" day_receive_time... by atulitm Path Finder in Splunk Search 10-30-2017 0 8	0	8
How to remove \x22 from raw results. I'm trying to replace the "\x22" entries in my raw results with the correct quotation marks so I can read the the ful... by jurjenterpstra New Member in Splunk Search 10-30-2017 0 3	0	3
Error with timechart command Hi, I'm having a bit of trouble with this query of mine. source="xxx" host="xxx" index="xxx" sourcetype="xxx" earl... by mahbs Path Finder in Splunk Search 10-30-2017 0 8	0	8