Splunk Search

Community Activity

What is a splunk search in "zombie" state? What does this mean? Sometimes when I review splunk logs or job inspector I see that I have searches in zombie state. What does this mean... by jrodman Splunk Employee in Splunk Search 08-23-2017 2 9	2	9
How can I combine 2 search strings onto 1 dashboard? I have 2 search strings that I am trying to combine to put on one dashboard. sourcetype=snmp_ta host=* \| eval fuel=c... by dhardingatn New Member in Splunk Search 08-23-2017 0 4	0	4
Can I use Eval to correlate two serial logs that have specific fields? Not sure if that titled made sense but hopefully I can explain it better here: I am receiving sFTP logs from a host ... by Jamaal Engager in Splunk Search 08-23-2017 0 4	0	4
Joining two sets of data by common field (numeric userID) We have two data sets in the same index returned by an AppMon tool that we are looking to stitch together in Splunk a... by blloyd67 Engager in Splunk Search 08-23-2017 0 2	0	2
How to write a search to exclude the top 10 or 15 error messages, but return the following top 10? Currently, about 80 to 90 percent of errors logged within a specific index I'm monitoring is made up of the top 10 to... by steeldol Explorer in Splunk Search 08-23-2017 0 6	0	6
Graph out an fields daily activity in relation to average usage and stdev I've been stuck on this for quite some time and I'm hoping someone here can help me. I'm re-purposing a stdev query ... by rwiltzius Explorer in Splunk Search 08-23-2017 0 3	0	3
How to write a field aliases using the EVAL command for a firewall device. Hi All, I need to write a field aliases using EVAL command for the below mentioned fields. Field Name : Val... by Hemnaath Motivator in Splunk Search 08-23-2017 0 4	0	4
Can you search for two strings in chronological order (in different log statements)? In every log statement, we write the user's session ID delimited by hyphens as follows: -S:ybiSmNiQxF- I want to... by jbrenner Path Finder in Splunk Search 08-23-2017 0 3	0	3
Unable to blacklist multiple patterns using "\|" in inputs.conf ? I have used the below configuration as part of my inputs.conf but am unable to blacklist the logs that end with clien... by pimco_rgoyal Observer in Splunk Search 08-23-2017 0 1	0	1
Java SDK: how do you return lookup fields in search results? How do I receive lookup values in results from the Java SDK? When I run this query in the GUI, I see my lookup fields... by scriv Explorer in Splunk Search 08-23-2017 1 4	1	4
Search head not fetching data properly from search peers Hi Folks, We are facing some issue in our environment is search head(6.2) is not fetching data properly from search ... by lksridhar Explorer in Splunk Search 08-23-2017 0 4	0	4
Extracting date from a date string that has many options Hi, I have a field (string) that contains dates. the fields has a few formats and I need to extract the day, month a... by matansocher Contributor in Splunk Search 08-23-2017 0 2	0	2
What would you include on a Splunk "daily checklist"? Hi Team, I am new to Splunk and want to create a Splunk daily checklist which includes, total number of devices rep... by nnimbe Path Finder in Splunk Search 08-22-2017 0 2	0	2
Match rows based on matching fields (src_port + dest_port) I'm having a little problem with matching events. Basically, I collect flows from an IPFIX (NetFlow) collector and ea... by jackhamm25 Explorer in Splunk Search 08-22-2017 0 1	0	1
Extract JSON out of an event I have an event like: 2017-08-22T13:00:56.257197+00:00 10.4.2.13 vcap.cloud_controller_ng [job=api_z1 index=2] {"ti... by brent_weaver Builder in Splunk Search 08-22-2017 0 1	0	1
How can I graph percent fails by host over time? OK - I can't get this simple chart to work. Just need to graph Percent Fails by host over time this is my start rig... by skiller1234 Explorer in Splunk Search 08-22-2017 0 1	0	1
Remove top from results I want to remove the top results from my final results. Essentially, removing outliers. by rhum_defintel New Member in Splunk Search 08-22-2017 0 9	0	9
Can I use a where statement to show subsearches that meet two sets of criteria? I am trying to only show values within a report if both subsearches have a result. I am trying to show reporting on u... by scc00 Contributor in Splunk Search 08-22-2017 0 2	0	2
How to extract multiple values (IP addresses) into one field? Hi to everyone, If I have this data, a lot of IPs, how can I extract multiple values for a field? (For a config fil... by rubeniturrieta Communicator in Splunk Search 08-22-2017 0 8	0	8
Help with regex to Extract HTTP reponse codes Hello all, I have the below sample events 8 Aug 2017 14:45:54 [WARN ] http_srv: Total latency exceeded threshold: 0... by vrmandadi Builder in Splunk Search 08-22-2017 0 3	0	3
How to filter Windows Event 4663 at indexing time? Hello, How to filter out wineventlog with "EventCode 4663" and "Accesses: ReadData (or ListDirectory)", using props.... by kiran331 Builder in Splunk Search 08-22-2017 0 16	0	16
How to make X axis display the name of each field? I have the following query: index=msahc sourcetype=msahc_raw \| rex "(?<json_field>{[^}]+})" \| mvexpand json_field \| ... by gcescatto New Member in Splunk Search 08-22-2017 0 4	0	4
How to change default color charts Hi all, I know there is a lot of questions for this matter, but I couldn't find a solution that worked for me. I don... by marina_rovira Contributor in Splunk Search 08-22-2017 0 4	0	4
How can I create a graph with this table to my simple specifications? Hello, Using search query, I am able to create a table having two columns as shown below. Col_1 Col_2 -... by brillio2017 New Member in Splunk Search 08-22-2017 0 4	0	4
Unable to eval correct epoch time host=*****\| eval Time="17:00:00"\|eval Time2="13:00:00" \|eval Time=strptime(Time,"%H:%M:%S") \|eval Time2=strptime(Ti... by smuderasi Explorer in Splunk Search 08-22-2017 0 2	0	2