Splunk Search

Community Activity

How to create a new field out of values of a current field? I have a field with event IDs. Some of the IDs indicate an issue, while some of them indicate the opposite. eventid=... by jared_anderson Path Finder in Splunk Search 10-24-2017 0 5	0	5
I want to ignore particular username I want to ignore below user name. So I written following manner is it correct? ......\| where NOT (user="*$" OR user=... by N92 Path Finder in Splunk Search 10-24-2017 0 1	0	1
Find users based on a lookup list showing users that have and have not logged in I have list of lookup list yyyy which I want to shown the latest login based on max login time and also user that did... by florencegoh New Member in Splunk Search 10-24-2017 0 7	0	7
Can you combine fields from multiple search in one table? Hi I'm trying to combine fields in multiple search result in one output table as overall result, for example: Sear... by nieivan New Member in Splunk Search 10-24-2017 0 2	0	2
Is there a search or REST command to stop running searches forcefully? Hi I want identify the long running searches who are running more than 5 min and stop them. I'm able to find the l... by splunk_worker Path Finder in Splunk Search 10-23-2017 1 4	1	4
How can I extract string between highlighted fields with regex? Error: Update failed. First exception on row 0 with id abcd; first error: INVALID_EMAIL_ADDRESS, Email: invalid ema... by vik123ash Explorer in Splunk Search 10-23-2017 0 3	0	3
Subsearch to sum two fields by a common field Thanks in advance, Having a hard time trying to put 3 searches together to sum both search counts by PO. Please see ... by rsokolova Path Finder in Splunk Search 10-23-2017 0 3	0	3
how to find the number of hosts that never reported to splunk from a lookup with the existing query? I have a query as follows to display the list of hosts which are seen in last 24 hours and hosts which are not seen i... by pavanae Builder in Splunk Search 10-23-2017 0 14	0	14
Chart based on # of events I want to create charts based on number of results. I have tried "172.20.3.6 (199.0.8.62 OR 199.0.8.57) StoresOutBo... by jared_anderson Path Finder in Splunk Search 10-23-2017 0 2	0	2
How to filter list of hosts from 2 lookup tables? I have a lookup search as follows \|inputlookup hostnames.csv Which displays the results as follows my_hostname... by pavanae Builder in Splunk Search 10-23-2017 0 5	0	5
Are there any CSS libraries for designing charts in Splunk? Hi All, Is there an easier way in designing the charts? What i've found is using css but building one from scratch... by ejespiritu Explorer in Splunk Search 10-23-2017 0 8	0	8
Display all values (including duplicate values) in timechart graph Hello, In my data, there could be multiple values(duration) for Scriptname. I am using Time Chart to display data an... by AKG1_old1 Builder in Splunk Search 10-23-2017 2 4	2	4
Need to break the events before certain word. I've log file something like below, DA FILE: /archive/attr/ABC/XYZ/20170911/file.log-new*** Files traversed: 128 - ... by isha_rastogi Path Finder in Splunk Search 10-23-2017 0 4	0	4
chart after using stats latest() I have the following command: sourcetype="sourcetype" eventid=731 OR eventid=730 \| stats latest(eventid) by target \|... by jared_anderson Path Finder in Splunk Search 10-23-2017 1 4	1	4
Convert string to number and compare Hello, why this is not working ? \| gentimes start=-1 \| eval WithUnit="0/1 2/2 3/8 0/0 5/5" \| makemv WithUnit \| table... by Rialf1959 Explorer in Splunk Search 10-23-2017 0 5	0	5
How to edit my search to trigger when an account is locked out, including details of where and why it happened? Hi I need to create an alert to trigger when an account is locked out with the details of where and why account lock... by kiran331 Builder in Splunk Search 10-23-2017 0 6	0	6
How can I count account access to devices (counts) by day? I want to find/graph the count of (dc(X) as dc_X_count by Y) by day. In other words, I have some events in a basic s... by pyamamoto New Member in Splunk Search 10-23-2017 0 6	0	6
How do you run a second search based on the value/results of a first search? My goal for this search is to find if a file was not imported. If the file is imported "Could not find a file in the"... by griffinpair Path Finder in Splunk Search 10-23-2017 0 6	0	6
stacked bar chart of sum of errorcodes by server I'm trying to create 1 bar chart to kill 2 views, my search is as follows; sourcetype="error log" severity=ERROR \| t... by eddychuah Path Finder in Splunk Search 10-23-2017 0 2	0	2
How to convert job duration to HH:MM:SS I am trying to create a dashboard for the Job status and I want to convert the job duration to HH:MM:SS. I use the be... by pbsuju Explorer in Splunk Search 10-23-2017 0 6	0	6
Why am I getting "waiting for your queued job to start" message while running search queries? I get a message "waiting for your queued job to start" while running search queries. Anybody knows why this message i... by dineshraj Explorer in Splunk Search 10-23-2017 0 2	0	2
Finding users currently logged in to my app For some reason I am having a real hard time wrapping my head around something..... We have an application where we ... by cjmckenna New Member in Splunk Search 10-22-2017 0 4	0	4
Tstats command Does anybody have a good documentation regarding on how to use tstats? I have mainly used "normal" searches but need ... by ecanmaster Explorer in Splunk Search 10-22-2017 1 2	1	2
can lookup be used to match default value in .csv table I have a csv lookup table with 3 columns, eg: input1,input2,output 240,789,303456 240,330,303457 240,default,303458 2... by romelrkhan New Member in Splunk Search 10-22-2017 0 4	0	4
How to write a search to extract URLs crawled by Googlebot Which field should be extracted for this relevant use-case? index={wxxx} googlebot \| fields URIs \| stats count by UR... by guru1 New Member in Splunk Search 10-22-2017 0 4	0	4