Splunk Search

Community Activity

How can I change the time output from this timechart to show time when there is no event? This is my code, the data includes a field labeled "callId" (for this particular search there are 3 distinct callId) ... by patilsh Explorer in Splunk Search 08-28-2017 0 11	0	11
Is there a meta command to find old lookup files? hi, I created a lookup file a long time ago but I don't remember where it is, is there a meta command that can find... by alexl1 Path Finder in Splunk Search 08-28-2017 0 2	0	2
How to specify the time range chosen on a chart's y-axis? For a timechart such as " .. \| timechart count", there will be an arbitrary bucket size selected depending on certain... by pstickne Explorer in Splunk Search 08-28-2017 0 1	0	1
Optimisation: Search counting DNS Connections over 30d and 24hrs. Alert when 24hrs is 3* greater than daily "average". Hi All, TL;DR: I could use some assistance with search string optimization, or help re-writing the search string to... by MikeElliott Communicator in Splunk Search 08-28-2017 0 2	0	2
How to filter Windows Events from one host using Regex? Hi, How to filter out the events with EventCodes (4624, 4672, 4634) and Account _svc_abd with Security Id "S-1-5-21-... by kiran331 Builder in Splunk Search 08-28-2017 0 5	0	5
How can I search for hex encoded strings without a wildcard(*)? I am trying to do a search for a number of strings that are hex encoded. For example, http would be stored as 6874747... by trevlix New Member in Splunk Search 08-28-2017 0 5	0	5
Why do I lose data when comparing daily results with previous weeks, same day, using appendcols? Hi, My goal is to compare today's count, say Monday, to the previous Monday. Also, compare the previous week's Monda... by gatekeeper36 New Member in Splunk Search 08-28-2017 0 3	0	3
Dynamically changing the x-axis values Hi all, I have this search: index="attenuation" \|dedup CONCATENATE_Z \|eval TRATTA=NODO_A."->".NODO_Z \|lookup eol.c... by ngerosa Path Finder in Splunk Search 08-28-2017 0 2	0	2
Pie chart displaying "other(n)" and "OTHER" fields. Hi, I am creating a pie chart which shows the top logon count but unfortunatelly the system is showing two different... by robettinger Explorer in Splunk Search 08-28-2017 1 5	1	5
How to break single event(JSON response) to multi events? Hello guys, I have some problem with breaking the json event. Where i made some REST API get request to get the data... by splunkaspirant New Member in Splunk Search 08-28-2017 0 1	0	1
How do I extract a field from my raw data using rex command? Hi, Can someone able to help me please. I'm very new to using Splunk and most certainly to the rex command and regu... by tanvi1g New Member in Splunk Search 08-28-2017 0 5	0	5
How can I compare the count of two hosts? How to compare the two host events ? index=test\| stats count by host \| stats list(count) as count by host my resul... by karthi2809 Builder in Splunk Search 08-27-2017 0 8	0	8
Search output of a stats command I have a search like below \| stats values(EndPointMatchedProfile) by EndPointMACAddress Where each EndPointMACAddre... by ashabc Contributor in Splunk Search 08-27-2017 0 5	0	5
How to use eval to fulfill the below requirement Hi, I am preparing a dashboard where i can show whether the devices are sending logs or not. In some region device wi... by akashghonge New Member in Splunk Search 08-27-2017 0 2	0	2
What does 'nobody' (under owner column) signify in Splunk search and reporting? Probably a silly question, but can someone please advise what 'nobody' (under Owner column) next to a dashboard signi... by saikatr Path Finder in Splunk Search 08-27-2017 0 4	0	4
Change font size in Radial Gauge I would like to increase font of scale and current value in Radial Gauge. Is it possible using css? I expect to get... by andrey2007 Contributor in Splunk Search 08-26-2017 0 7	0	7
Remove chart axis labels Hi I have a JSChart: <module name="HiddenChartFormatter"> <param name="charting.chart.nullValueMode">gaps</para... by philallen1 Path Finder in Splunk Search 08-26-2017 1 4	1	4
Find events matching a multi-value field I am defining a dashboard panel that uses a token $s_user$ that may contain a comma-separated list of values (it is s... by davby Explorer in Splunk Search 08-25-2017 0 5	0	5
Extract date and time from a message Hi I am trying to extract the date and time from the field "message". It gives me everything after the date and time.... by sravani27 Path Finder in Splunk Search 08-25-2017 0 3	0	3
Search to shows results for the past 30 days? Can I please get help to modify the below query to display results of each day for last 30 days which will show the r... by kteng2024 Path Finder in Splunk Search 08-25-2017 0 2	0	2
Is there a way to remove seconds from a table? I'm trying to create a report where it shows the date and time; however, when it comes to time I just want it to disp... by jrevolorio Explorer in Splunk Search 08-25-2017 0 3	0	3
Why are real time searches not running and getting error "status skipped, reason="Real time searches pending""? Real time searches are not running, and searching for one of the saved search names in the _internal index shows: st... by gn694 Communicator in Splunk Search 08-25-2017 0 14	0	14
How can I include a wildcard character in eval command? I have the following search: eval "tt"=case(transporttype="sip","Sip",................) I can't figure out how do i... by tamduong16 Contributor in Splunk Search 08-25-2017 0 6	0	6
Route specific events to a relative index I need to retain events for different periods of time based on content. I have created indexes with different retent... by wayn23 Explorer in Splunk Search 08-25-2017 0 2	0	2
Use process run time to plot number of processes running in each second I need to plot a graph over time indicating how many processes are running in each second, but the Splunk log only co... by agu_srishti Engager in Splunk Search 08-25-2017 0 2	0	2