Splunk Search

Community Activity

Help rebuilding subsearch that keeps timing out So here's my issue. We are creating a chart that shows each user and which desktops they use. The desktops are div... by kmaron Motivator in Splunk Search 10-05-2017 0 4	0	4
Stacked bar chart for specific columns I have four fields, baseline, lvl1,lvl2,lv3. I have to compare baseline vs (lvl1+lvl2+lvl3) to see if sum of lvl1,lvl... by prafulljha New Member in Splunk Search 10-05-2017 0 13	0	13
Delayed log ingestion Hi Splunk, Having a problem with one of our ingestion in splunk. The logs are delayed and cant seem to find the caus... by cymondcuba New Member in Splunk Search 10-05-2017 0 1	0	1
Problem with tokens and earliest/latest Hi everyone! So, I have this search: index=XXXXX sourcetype=XXXXX earliest="$time_token.earliest$" latest="$time_to... by tsomod Path Finder in Splunk Search 10-05-2017 0 6	0	6
Equivalent of '$' of bash in splunk Query: search...\| eval earliest=relative_time(strptime("01-February 2017","%d-%B %Y"),"+0mon"), latest=relative_time... by rishavvaidya Explorer in Splunk Search 10-05-2017 0 3	0	3
Issue with regex This is the event : 02OCT2017_16:46:47.212 130880:140149567481600 INFO event.py:177 root event = {"hopTrace": {"hops... by bharpur183 Explorer in Splunk Search 10-04-2017 0 33	0	33
How can I sort by date? Example time format is: Sat Oct 07 2017 07:30:00 GMT-0400 (EDT) I have a search from which I get the below result one of the columns in the statistics table : Sat Oct 07 2017 07:30... by bharpur183 Explorer in Splunk Search 10-04-2017 0 8	0	8
How does Splunk parse german Umlauts? Hi everyone, I've been confronted with the problem, that the case insensitive search command search, differentiates... by bojanisch Path Finder in Splunk Search 10-04-2017 0 1	0	1
Timecahart of unique web users including results by unique IP address or unique user name Hello everyone. I'm trying to get a time chart of unique users from my IIS logs. Our apps are both authenticated and ... by mcollins42 New Member in Splunk Search 10-04-2017 0 12	0	12
How can I correlate results from two separate searches? I have syslog formatted events that correlate together based on one value, and a search that will pull a single line ... by jmillpps New Member in Splunk Search 10-04-2017 0 1	0	1
How can I create a table of my search results with a count of each matching dest_ip value? I have this search of events: eventtype=cisco-firewall src_ip="*" (dest_ip="192.168.1.2" OR dest_ip="192.168.2.2" OR... by bayman Path Finder in Splunk Search 10-04-2017 0 1	0	1
Redrawing chart changes y axis maximum I have a table which drills down to change a chart: <row> <panel> <table> <title>Exchanges</titl... by madkins23 New Member in Splunk Search 10-04-2017 0 2	0	2
Help with writing a join command that joins a security breach to the previous login This is the requirement. I need to join two events based on a common field “User”. The Event with EventType “Security... by anuremanan88 Explorer in Splunk Search 10-04-2017 0 20	0	20
summing two event counts by source so, I am trying to parse out syslog stats data, trying to get a velocity of the events to figure out which log source... by umplebyj Explorer in Splunk Search 10-04-2017 0 2	0	2
Use values from two panels in a third panel Hi, I have 3 single value panels. The first one generates total number of unique logins index=cox host="cox*" /res... by dbcase Motivator in Splunk Search 10-04-2017 1 2	1	2
How to make my search more efficient? Help to remove joins My search is running pretty slow and I am looking to edit/remove the joins to make it run faster. It looks pretty mes... by katzr Path Finder in Splunk Search 10-04-2017 0 5	0	5
Error in 'where' command: The 'in' function is unsupported or undefined. Hi I tried to search as below, with where in(VALUELIST) function as described in: http://docs.splunk.com/Documentatio... by leonjxtan Path Finder in Splunk Search 10-04-2017 0 6	0	6
Splunks equivalent to the SQL "IN" () function I'm trying to create a search form that can take a comma separated list. In sql I would use the 'IN' command. If the... by marquiselee Path Finder in Splunk Search 10-04-2017 0 4	0	4
How to find common packages installed on many hosts? I am indexing rpm -qa outputs and want to find all of the packages that are common throughout my infrastructure. Th... by Simeon Splunk Employee in Splunk Search 10-04-2017 1 2	1	2
How do I get my rex search to extract a string between two strings from a sample below and concat it with the fixed string "751." Example1 Input: 352322648-1112 : D_SSPP-HNW_SD-AVI Output i want : "751.1112" Example2 Input: 335587620-43300 ... by Veeruswathi Explorer in Splunk Search 10-04-2017 1 2	1	2
Join with "eventstats" on a non unique field Hello there, I have 2 indexes [customer_id, datetime] and [customer_id, date_of_creation, motive] with a common fiel... by kcollori Explorer in Splunk Search 10-04-2017 0 3	0	3
Use query results from one panel as input to query on another panel on the same Dashboard Hi, Sorry if I am duplicating question here but I could not find an answer in the other posts that matched my scenar... by nmulm Explorer in Splunk Search 10-04-2017 2 2	2	2
Average time between two jobs. Hi, Here is my search query; index=* sourcetype="WMI:WinEventLog:Application" SourceName="Investran RS Word Process... by carlyleadmin Contributor in Splunk Search 10-04-2017 0 19	0	19
Applying Field Extractions across similarly named servers Hey Gang, Here are the basics: We are running Splunk Enterprise 6.5.1. I have a distributed architecture that has ... by mgranger1 Path Finder in Splunk Search 10-04-2017 0 3	0	3
Best Methods to Improve Performance of Dashboard I have a dashboard with ~38 panels with 2 joins per panel. I'm curious what is the most costly for Splunk performance... by katzr Path Finder in Splunk Search 10-04-2017 0 6	0	6