Splunk Search

Community Activity

Is there a timechart legend limit? I have the following in a search \| timechart span=1h max(CPU%) AS "CPU", max(Memory%) as "MEM" by host If the numbe... by RVDowning Contributor in Splunk Search 09-26-2017 1 4	1	4
How can I put results of Windows updates results per host on a map by location? I have a query for Windows updates per host. But I NEED to put those on a map. Is it via ''geostats''???? index=* ho... by AROJ New Member in Splunk Search 09-26-2017 0 2	0	2
Why isn't my where clause working in this similar search? I want to run a search but can't figure out what's the difference when I make changes to it using the 'where' clause ... by pranaynanda Path Finder in Splunk Search 09-26-2017 0 2	0	2
timechart - show every week, even if there is no value Hi, I am creating a timechart and in some of my weeks I have no value for a field ("Number Of Lines"). I need the ti... by matansocher Contributor in Splunk Search 09-26-2017 0 2	0	2
Group time duration by minute I have a set of data where I run this query: base search\| convert timeformat="%Y-%m-%d %H:%M:%S" mktime(time*)\| eva... by pranaynanda Path Finder in Splunk Search 09-26-2017 0 7	0	7
Search Heads in cluster are not able to replicate properly Hi! There are 2 search heads in our production cluster. We have implemented Alert Manager app in our SH and it incor... by MousumiChowdhur Contributor in Splunk Search 09-26-2017 0 4	0	4
"Event Action" button not displayed for some users I use Splunk as an admin and most of my users are power users. Following a syntactically valid search, a list of mat... by robgarner Path Finder in Splunk Search 09-26-2017 0 3	0	3
Regex for multiline Hi, I have the following event: 017/09/25 10:58:57 Client logging in as robertE on DB1... Connect to Oracle failed:... by robettinger Explorer in Splunk Search 09-26-2017 0 9	0	9
filter events on indexer I want to filter some types of events at my indexer, that are received from several universal forwarders. I try some... by fernandoandre Communicator in Splunk Search 09-26-2017 0 3	0	3
How to extract the field with regex I would like to extract the field of "/home/y/conf/video_dir.conf" with regex when the event contains "critical" keyw... by danielwan Explorer in Splunk Search 09-25-2017 0 1	0	1
Displaying a marker for each event I'm trying to display markers on a map using Splunk. I'm currently trying out geostats but i don't seem to get it wor... by jankappe Explorer in Splunk Search 09-25-2017 0 6	0	6
How can I count failures in the neighborhood events matching a rex I have a question similar to: https://answers.splunk.com/answers/2602 and https://answers.splunk.com/answers/448796 ... by virgilg Explorer in Splunk Search 09-25-2017 0 1	0	1
How to normalize field value from two different sourcetypes? Suppose I have two sourcetypes: proxy1_source in sourcetype=proxy1_source, the field url starts with: "http://" pr... by splunkb0y New Member in Splunk Search 09-25-2017 0 4	0	4
How do I sum values over time and show it as a graph that I can predict from? How do I sum values over time and show it as a graph that I can predict from? This is something that I’ve tried to a... by RexStout Explorer in Splunk Search 09-25-2017 0 4	0	4
Filter event data using conditional regex HI All, Below is my raw event data . {"FormatVersion":"1.1","StartTime":"2017-09-22T01:11:38.565Z","EndTime":"2017... by anshul0915 Explorer in Splunk Search 09-25-2017 0 8	0	8
How can I search to show which browser and browser version users are using? Hi, I would like to extract and show the browser and version from the user-agent string, so as to segregate the diff... by marshaljoel83 Engager in Splunk Search 09-25-2017 1 2	1	2
How can I sum total memory used by a process? I need to calculate total memory used by a process. There are multiple processes with same root and suffixes. But dat... by lbalaur Explorer in Splunk Search 09-25-2017 0 10	0	10
Regarding implementation of Calendar visualization I have a requirement where I have four fields : 1. AverageValue (of a month for some parameter A) 2. ActualValue (on ... by accgarima New Member in Splunk Search 09-25-2017 0 30	0	30
Search results for specific users in the lookup field Hi All, I am trying to list out activity of providing local admin rights other than the authorized user accounts. Th... by qbolbk59 Path Finder in Splunk Search 09-25-2017 0 4	0	4
I'm having trouble with the "over" syntax. How to use it in this situation? index="Plt15_tms3" ShiftName="1" EmployeeLoggedInLastName="" MachineNumber<26 MachineState="" \| stats sum(ElapsedM... by Hppjet Path Finder in Splunk Search 09-25-2017 0 6	0	6
My case statement is putting events in the "other" category -- why? Hi guys, So i have a user_agent and a url field for an elb log file. I am checking the user agent field for the value... by Subrahmanyab New Member in Splunk Search 09-25-2017 0 7	0	7
How to show the very first tickmark in a line chart? Hi Splunkies, I'm plotting some sensor values together with the sensor's limit on a line chart in order to visualize... by bojanisch Path Finder in Splunk Search 09-25-2017 0 9	0	9
Best way to exclude specific combinations from results I have a report that i get and it contains specific sets of data results i want to exclude: ex: Group Name, Who Cha... by gdavid Path Finder in Splunk Search 09-25-2017 1 4	1	4
Splunk search help -- output data should match 2 or more of the keywords Hi, Fellow Splunkers, Noob question. I would like to seek for help in my search, this is the case: The client gave c... by dantimola Communicator in Splunk Search 09-25-2017 0 5	0	5
How to expand columns with mvfields if count of values are different for each column I ll show example it's much easier than explain: index=* <base_search> \|eval Flight=mvzip(date,route,"/") \|eval Pass... by Baguvik Explorer in Splunk Search 09-25-2017 0 10	0	10