Splunk Search

Community Activity

Host field one of my data sources has host field in the raw packet. However when we search the events the host field is the name... by pfabrizi Path Finder in Splunk Search 10-10-2017 0 12	0	12
Counting a value out of a lookup table that does not exist in the logs Hi, I have a search that works just fine that shows a list of users in a lookup table that have not logged into Splu... by ktaitingfong Explorer in Splunk Search 10-10-2017 0 8	0	8
How can I identify hosts that don't have any events over a 4-hour period and create an alert? I want to identify any host that doesn't have any events over a four hour period and create an alert. Having trouble... by glenngermiathen Path Finder in Splunk Search 10-10-2017 0 6	0	6
Is there a way to increase the results limit of saved searches per app? We reached the limit of 500K results per saved search. We wonder if we can increase to, let's say 10 million, for one... by ddrillic Ultra Champion in Splunk Search 10-10-2017 0 5	0	5
Splunk uninstallation / kill command failed -- Connection Refused error on port 22 Hi, I was trying to uninstall Splunk due to some issues in existing installation. I followed the steps for "Uninsta... by sancharigupta New Member in Splunk Search 10-10-2017 0 6	0	6
Help me with the search command for usescases Hi All, I would like to find a way out for the below Cisco ISE use-case scenarios . It would be great if you can hel... by yashwanth_g_pra Observer in Splunk Search 10-10-2017 0 3	0	3
stats values on x-axis and y-axis basesearch \| rex "(?m)^(?<totaltime>[^:]+):\s+\[\s+(?<field1>\d+)K-\>(?<field2>\d+)K\((?<field3>\d+)K\),\s+(?<durati... by nagaraju_chitta Path Finder in Splunk Search 10-10-2017 0 6	0	6
Search returns "No results found", when it should be returning 1. The search below looks for an event for a specific client during a specific time. If the event is not there, I would ... by griffinpair Path Finder in Splunk Search 10-10-2017 0 2	0	2
Table: How to set a URL (which is part of the row data) behind a column value (like a name)? Hi there, I have a table in which each row is individual. The link is different for each entry. I will explain my p... by wes7bb New Member in Splunk Search 10-09-2017 0 1	0	1
Help understanding standard deviation alert for entries that have a count of 0? I have seen several similar questions asked, but they are often answered in different ways so I'm hoping whoever answ... by glenngermiathen Path Finder in Splunk Search 10-09-2017 0 2	0	2
About warnings when dividing multiple multi-value data using mvexpand. In the following search I divide data with multiple multi-value fields into one line at a time. See this answer ↓ ht... by yutaka1005 Builder in Splunk Search 10-09-2017 0 4	0	4
How to specifiy two different dates in a single search? I have to fetch results for an event happened on Sep. 1 and Sep. 6. How do I specify two dates in single query? by chetanhonnavile Explorer in Splunk Search 10-09-2017 0 6	0	6
Search Proofpoint Logs Part II Per a previous question/post: "Search Proofpoint Logs", I did get that working, thanks again Kristian. I now want... by RB5 Path Finder in Splunk Search 10-09-2017 0 2	0	2
Splunk - Log Reduce solutions? What is Splunk using for their Log Reduce solution? Is it similar to what Sumo logic can do? by pjheeta New Member in Splunk Search 10-09-2017 0 1	0	1
Search query to replace first occurrence word with blank but second occurrence to replace with comma How do I use regex or replace to remove the first occurrence word found and replace second occurrence onward with com... by Kitteh Path Finder in Splunk Search 10-09-2017 0 4	0	4
If then statement where the output will exclude a value from search. I want a statement that will evaluate field A, and if the value of field A equals 1, then I want to exclude any value... by jared_anderson Path Finder in Splunk Search 10-09-2017 0 5	0	5
How to replicate a Search Head Cluster's KV Store lookup data to an Indexer? Hi, I have clustered environment (Search Head Cluster with 3 SHs working with an Indexer Cluster with 2 IDXs) and I ... by earakam Path Finder in Splunk Search 10-09-2017 8 5	8	5
How can I edit field values? Hello together, I have the field Vegetables with 5 field values. The field values are cucumber, tomato, onion, carro... by TNRRVN93 New Member in Splunk Search 10-08-2017 0 6	0	6
How to join two searches? Hi! I have two searches. I want to use result of one search into another. I used Join command but I want to use only ... by blavie93 New Member in Splunk Search 10-08-2017 0 1	0	1
How to ignore empty fields in a split in stats/tstats Hi, I'm trying to find the cardinality of the fields for my indexes. The problem is that some fields sometimes have ... by mciudad Explorer in Splunk Search 10-07-2017 0 7	0	7
Transaction based Alert Trigger with multiple conditions I like to create a trigger which fires based multiple conditions Example Scenario: A per person is entering a room a... by mfritsch New Member in Splunk Search 10-07-2017 0 1	0	1
Creating Pivot Chart from Lookup/.CSV file I am trying to create a pivot chart from static data stored in a .CSV file. The data is not time-dependent and I am ... by jfellows New Member in Splunk Search 10-06-2017 0 2	0	2
Splunk alert for missing logs Hi, Below is a snippet of log pattern generating tons of record. Intending to write a alert if any log are missing f... by chetan1974 Engager in Splunk Search 10-06-2017 0 3	0	3
how to compare values from two different searches and return the results if the values are equal I have 2 searches Search1: index=i_temp source=source1 Results: xCoord=1155276.2781774567 yCoord=1885220.7999824171... by manojnelakurthi New Member in Splunk Search 10-06-2017 0 3	0	3
How to join data from two indexes I want to get data from joining two indexes out of which one is summary index. Summary Index has more than 500000 rec... by poojak2579 Path Finder in Splunk Search 10-06-2017 0 21	0	21