Splunk Search

Community Activity

Return information when there are no expected results. This search checks to make sure a certain process ended on time. I expect to have results for the 6 cases in the wher... by griffinpair Path Finder in Splunk Search 10-02-2017 0 5	0	5
Help with forming a table with sourcename next to the first column for each row? Hi, I'm searching multiple sources in a single index and getting the results as a table. I want to display the sourc... by charanramireddy New Member in Splunk Search 10-02-2017 0 8	0	8
Need help with regex in props.conf Hi all, Here is how my raw logs look. I need help with props.conf so that I can index by the second time field inst... by dmenon84 Path Finder in Splunk Search 10-02-2017 0 5	0	5
SSL error on non-SSL forwarder connection We're trying to add a new Forwarder (6.6.1) to our indexer (non-SSL connection), we're able to connect to the forward... by mmoermans Path Finder in Splunk Search 10-02-2017 1 1	1	1
Not extracting all Full GC events Could not be able to pull all the Full GC events. Is there any tweak requires in the regex? \| makeresults \| eval _r... by nagaraju_chitta Path Finder in Splunk Search 10-02-2017 1 14	1	14
Help with stats table output I have a dataset that can be represented as below: Region=A State=1 City=a Product=Apple Region=A State=1 City=b Pro... by adlireza Path Finder in Splunk Search 10-02-2017 0 2	0	2
How do I set conditions for calculating the duration of an event such that the end time is based on the way a user ends their session? Hi all, I am trying to extract usage duration patterns for our web app, from login to either logout, or when the use... by gertverhoog Explorer in Splunk Search 10-01-2017 0 7	0	7
How to rex out and substitute it with * I would like to substitute below kind of email address with * Original :- john.trava@gmail.com Expected:- Jo.*va... by m7787580 Explorer in Splunk Search 10-01-2017 0 10	0	10
Extract values from JSON array Hi everyone! I have a JSON output in raw format: {"result":{"addr":"456hR5drYrYrdY5wTYreYrdyerYe6y","workers":[["hos... by DimkoBilanko Explorer in Splunk Search 10-01-2017 0 1	0	1
How do I resolve this message: "maximum number of concurrent auto-summarization searches on this instance has been reached" The below searches appear on my Skip Ration report with the following messages: The maximum number of concurrent hist... by frizzoS3 New Member in Splunk Search 10-01-2017 0 5	0	5
Need to get a list of all saved searches rescently updated Hello Team, We are working on collecting the data of all saved searches in splunk and the date when they were update... by suryaaruna New Member in Splunk Search 10-01-2017 0 5	0	5
Using _time as a discriminator without time span? I want to use the _time field as one of my discriminator fields in a tstats command. I wasn't able to figure out, how... by szabados Communicator in Splunk Search 10-01-2017 0 3	0	3
Splunk taking wrong time from logs Splunk adds one hour to timestamp, when indexing logs. Logs: 9/18/17 3:46:01.000 PM --> time splunk shows [][hello]... by ajaylowes Path Finder in Splunk Search 09-30-2017 0 1	0	1
Change graph color based on value Hi , This is re-putative question> I have verified couple articles to write query for updating colors based on value... by guruwells Explorer in Splunk Search 09-30-2017 1 6	1	6
Plotting a timeline Hello: I have a long row of time and dates for each overall "event". So the data looks like 8/11/2017 18:00:00 ... by ryanprayacn Explorer in Splunk Search 09-30-2017 0 3	0	3
How to Join entries for a summary index I have two indexes that I want to create a summary from every hour. Index1 request_type, request_guid, request_t... by wayn23 Explorer in Splunk Search 09-29-2017 0 2	0	2
Recursive search Hi, I have this data 2017-09-27 15:56:42 ID="108065999", PREMISE_FK="1004152", EVENT_TYPE="Camera Trouble", EVEN... by dbcase Motivator in Splunk Search 09-29-2017 0 4	0	4
How can I run a search that will use data from buckets from a specific time interval? Given a timeinterval provided by the user, I would like to output those buckets who contain more elements than the av... by viggor Path Finder in Splunk Search 09-29-2017 0 6	0	6
How to compare previous data and alert if result over 5 percencet We have monthly data for each SBU and we want to setup an alert if any total increase more than 5% for up coming mont... by dhavamanis Builder in Splunk Search 09-29-2017 0 4	0	4
Can't get iplocation to work in my search I am not getting iplocation working in this query: tag= web \| stats count by IP, sessionId \| stats dc(IP) as count, ... by hmrabet2 Observer in Splunk Search 09-29-2017 0 3	0	3
Dynamic Table Issue HI All. I have a simple dashboard where the data in the statistic table changes everytime you change the dropdown inp... by ringbbg Engager in Splunk Search 09-29-2017 0 1	0	1
stats count zeroes I have the following search term .... \| \| stats count(eval(action="failure")) as fails, count(eval(action="success"... by christoffertoft Communicator in Splunk Search 09-29-2017 0 7	0	7
How can I search for the contents of a table inside of another table? Hi and thanks for reading in advance, I have two tables: events for status=50* on a /submissions URL endpoint, let'... by fre Engager in Splunk Search 09-28-2017 0 4	0	4
Help with a search to print date fields need to print dates from Thanksgiving onward for the rest of the week until Monday index="test" source="test" date=*... by puneetkharband1 Path Finder in Splunk Search 09-28-2017 0 4	0	4
How can I remove duplicate device_id from search within 5 min interval for 24 hours search? How to remove duplicate device_id within five min interval for 24 hours search, for example : 10:00am device id =aa... by mk197m New Member in Splunk Search 09-28-2017 0 1	0	1