Splunk Search

Community Activity

Unable to blacklist multiple patterns using "\|" in inputs.conf ? I have used the below configuration as part of my inputs.conf but am unable to blacklist the logs that end with clien... by pimco_rgoyal Observer in Splunk Search 08-23-2017 0 1	0	1
Java SDK: how do you return lookup fields in search results? How do I receive lookup values in results from the Java SDK? When I run this query in the GUI, I see my lookup fields... by scriv Explorer in Splunk Search 08-23-2017 1 4	1	4
Search head not fetching data properly from search peers Hi Folks, We are facing some issue in our environment is search head(6.2) is not fetching data properly from search ... by lksridhar Explorer in Splunk Search 08-23-2017 0 4	0	4
Extracting date from a date string that has many options Hi, I have a field (string) that contains dates. the fields has a few formats and I need to extract the day, month a... by matansocher Contributor in Splunk Search 08-23-2017 0 2	0	2
What would you include on a Splunk "daily checklist"? Hi Team, I am new to Splunk and want to create a Splunk daily checklist which includes, total number of devices rep... by nnimbe Path Finder in Splunk Search 08-22-2017 0 2	0	2
Match rows based on matching fields (src_port + dest_port) I'm having a little problem with matching events. Basically, I collect flows from an IPFIX (NetFlow) collector and ea... by jackhamm25 Explorer in Splunk Search 08-22-2017 0 1	0	1
Extract JSON out of an event I have an event like: 2017-08-22T13:00:56.257197+00:00 10.4.2.13 vcap.cloud_controller_ng [job=api_z1 index=2] {"ti... by brent_weaver Builder in Splunk Search 08-22-2017 0 1	0	1
How can I graph percent fails by host over time? OK - I can't get this simple chart to work. Just need to graph Percent Fails by host over time this is my start rig... by skiller1234 Explorer in Splunk Search 08-22-2017 0 1	0	1
Remove top from results I want to remove the top results from my final results. Essentially, removing outliers. by rhum_defintel New Member in Splunk Search 08-22-2017 0 9	0	9
Can I use a where statement to show subsearches that meet two sets of criteria? I am trying to only show values within a report if both subsearches have a result. I am trying to show reporting on u... by scc00 Contributor in Splunk Search 08-22-2017 0 2	0	2
How to extract multiple values (IP addresses) into one field? Hi to everyone, If I have this data, a lot of IPs, how can I extract multiple values for a field? (For a config fil... by rubeniturrieta Communicator in Splunk Search 08-22-2017 0 8	0	8
Help with regex to Extract HTTP reponse codes Hello all, I have the below sample events 8 Aug 2017 14:45:54 [WARN ] http_srv: Total latency exceeded threshold: 0... by vrmandadi Builder in Splunk Search 08-22-2017 0 3	0	3
How to filter Windows Event 4663 at indexing time? Hello, How to filter out wineventlog with "EventCode 4663" and "Accesses: ReadData (or ListDirectory)", using props.... by kiran331 Builder in Splunk Search 08-22-2017 0 16	0	16
How to make X axis display the name of each field? I have the following query: index=msahc sourcetype=msahc_raw \| rex "(?<json_field>{[^}]+})" \| mvexpand json_field \| ... by gcescatto New Member in Splunk Search 08-22-2017 0 4	0	4
How to change default color charts Hi all, I know there is a lot of questions for this matter, but I couldn't find a solution that worked for me. I don... by marina_rovira Contributor in Splunk Search 08-22-2017 0 4	0	4
How can I create a graph with this table to my simple specifications? Hello, Using search query, I am able to create a table having two columns as shown below. Col_1 Col_2 -... by brillio2017 New Member in Splunk Search 08-22-2017 0 4	0	4
Unable to eval correct epoch time host=*****\| eval Time="17:00:00"\|eval Time2="13:00:00" \|eval Time=strptime(Time,"%H:%M:%S") \|eval Time2=strptime(Ti... by smuderasi Explorer in Splunk Search 08-22-2017 0 2	0	2
How to do "Date offset". Query giving output between "Thursday to Thursday", Instead I want it from "Monday to Sunday" I am using below query to get the data on weekly basis, It is giving me the output on weekly basis but the date that ... by sudarshan391 Path Finder in Splunk Search 08-22-2017 0 9	0	9
Is it possible to add a legend to a pie chart? I read splunk document on adding legend for pie chart. But I don't see that option for pie chart. This is my search: ... by tamduong16 Contributor in Splunk Search 08-22-2017 0 1	0	1
Create Columns for Count of Events by Field Value I am having a bit of trouble figuring out how I can get what I am looking for when it comes to separating out success... by JeffBothel Explorer in Splunk Search 08-22-2017 0 3	0	3
How to edit my search to display the trend line on a single value visualization? Hi Fellow Splunkers, I have a search that is using lookup tables to show how many of our hosts are reporting. When ... by mmwilson Explorer in Splunk Search 08-22-2017 0 3	0	3
How to do a host list lookup in a Splunk dashboard, including hosts with no hits? Hi, I've been asked to make dashboard where one can search for a list of hosts, and get an output with all the hosts... by hettervik Builder in Splunk Search 08-21-2017 0 6	0	6
After running a search for a certain time range in Splunk, how can I view the same search results again? I have searched splunk with one query and also applied some datetime range. Now, I want to see the same search result... by saikumar1729 New Member in Splunk Search 08-21-2017 0 4	0	4
Why am I getting different results for this field extraction? All, When I search and use rex I get the ports from the Apache logs as expected. Getting all ports 80 and 443 and ... by daniel333 Builder in Splunk Search 08-21-2017 0 4	0	4
How can I see the total GB used for each server by sourceype? Can someone help me how to modify the below query for different servers. For example, i have 10 servers like dbm1,dbm... by kteng2024 Path Finder in Splunk Search 08-21-2017 0 1	0	1