Splunk Search

Community Activity

Time chart with events consist of unique count i have a user login info log file like below for eg, when i prepare a time chart for last 2 days, i need the unique u... by iamjosh007 New Member in Splunk Search 09-12-2017 0 1	0	1
delta then sum then graph from multiple hosts I have log entries from multiple hosts which contain cumulative counters. One log entry per host about every 5 minut... by charleswheelus Path Finder in Splunk Search 09-11-2017 3 4	3	4
Field Extraction -- Break Field at Explicit Character All - I need someone to bring me sanity with a regex I am trying to write. Essentially I want to capture everything ... by himynamesdave Contributor in Splunk Search 09-11-2017 0 2	0	2
Results for each minute in an hour (even if there's no data) Hello All, Suppose I want a search results for past 60minutes, how spunk works now is if there is any event in past ... by patilsh Explorer in Splunk Search 09-11-2017 0 7	0	7
How can I get the total count of payments and total amount of payments? index = elm-retail-rws source="/opt/app/jboss/current/standalone/log/PosMultipaymentProfile.log" by gowthambr New Member in Splunk Search 09-11-2017 0 7	0	7
Having difficulties at search trying to use sed to find and replace a @ (at sign) I'm trying to filter down a list of internal email addresses at search time in a field called "email." They are all t... by splunk_newb Explorer in Splunk Search 09-11-2017 0 17	0	17
Part TWO: Need a little help troubleshooting my subsearch... This query works great index=fireeye sourcetype=hx_json [search index=fireeye sourcetype=hx_cef_syslog act="Detect... by packet_hunter Contributor in Splunk Search 09-11-2017 0 14	0	14
How to get _time at median value? Hello everyone, Now, I encountered hard problem that I can't solve for long times. I was also google on many hours b... by luanvn Explorer in Splunk Search 09-11-2017 1 7	1	7
Find inconsistencies in the IDs of results Hello, I'm new to Splunk in general, and I was wondering is there was a way to highlight inconsistencies in the IDs ... by ilomax New Member in Splunk Search 09-11-2017 0 1	0	1
Unknown search command - custon python script I am trying to use an external script (python) to retrieve data from a database (sqlite3) which is to be summarized w... by apgersplunk1 Explorer in Splunk Search 09-11-2017 2 3	2	3
How Do I Make 5 Bar Graphs by Using the Output of a Chart String as Input to a Timechart String? I use the following search to show a pie chart of the top 5 IPs connecting to the network: sourcetype="conn_log" \| c... by jeremy_fade New Member in Splunk Search 09-11-2017 0 2	0	2
Trying to use lookup table instead of tagging hosts I am trying to settle on a method for grouping hosts into hostgroups for easy searching and reporting. I have heard e... by gfriedmann Communicator in Splunk Search 09-11-2017 3 3	3	3
Need a little help troubleshooting my subsearch... This search gives me a value that I can feed into the next search and I get results without an error index=fireeye s... by packet_hunter Contributor in Splunk Search 09-11-2017 0 2	0	2
Splunk search that finds when matches 2 events but does not match a third within a 5-second interval over the last 24 hours? Need to find the solution for a Splunk search that finds when Event_ID=24 and Event_ID=40 but not Event_ID=23 within ... by SystemsEnginee1 New Member in Splunk Search 09-11-2017 0 11	0	11
Regex on a Syslog parsed Windows Event I'm trying to extract the Account Name for this particular Windows Event, which is passed by a Syslog forwarder, inst... by leonheart78 Explorer in Splunk Search 09-11-2017 0 2	0	2
Creating visualization of list of ip address I have data that has multiple (and variable) ip addresses associated with each event. For example: ABCD September 1... by andrewhlui Explorer in Splunk Search 09-11-2017 0 1	0	1
Count is different for a timespan when additional time is in the span I have a search statement as follows index=test1 sourcetype=test1 \|join type=left filed [search index=test2] \| table... by kulo Engager in Splunk Search 09-11-2017 0 1	0	1
How to correlate multiple transactions as a single event? I have defined transactions to determine the cut-off times for our telecom links. We have two telecom operators per s... by erwan_raulet Explorer in Splunk Search 09-10-2017 0 3	0	3
How can I change bar chart interval to time duration? I have the following search: ...\| convert dur2sec("Call Duration") as "CDinsec" \| stats sum(CDinsec) as "totalCDsec"... by tamduong16 Contributor in Splunk Search 09-10-2017 0 4	0	4
i want to list out the values with respective request is coming from. Please help am getting the messages coming for particular claim but in that from 2 fields am getting the different values. I want... by prashanthberam Explorer in Splunk Search 09-10-2017 0 4	0	4
How can we add token based condition to search query ? below given is search query and I want to run this query only if token "$Check_Status$" is set to some value. if tok... by AKG1_old1 Builder in Splunk Search 09-10-2017 0 3	0	3
How to change the cell color of a table if SLA time is missed? Hi Team, Below my search from which i am getting the completion time of job. Below is where i need ur help. 1 - If... by harsush Path Finder in Splunk Search 09-10-2017 0 3	0	3
How to do 2 parameters rex mode=sed ? Hello Guys, It's possible 2 parameters rex mode=sed in sequence ? I can change ab for 01 and ac for 02 I try this,... by pgbr7 Explorer in Splunk Search 09-10-2017 0 5	0	5
How to access a field name using variable ? My Splunk results are returning multiple fields including fields Sunday, Monday, Tuesday .... Saturday. Now my requ... by sagrl Explorer in Splunk Search 09-10-2017 0 3	0	3
subsearch fields do not appear in the table command.. What is wrong with this search: host="*" source="BIP" NOT source="BIP98" NOT source="BIP99*" \|eval path=mvind... by smuderasi Explorer in Splunk Search 09-10-2017 0 6	0	6