Splunk Search

Community Activity

	Search to shows results for the past 30 days? Can I please get help to modify the below query to display results of each day for last 30 days which will show the r... by kteng2024 Path Finder in Splunk Search 08-25-2017 0 2	0	2
	Is there a way to remove seconds from a table? I'm trying to create a report where it shows the date and time; however, when it comes to time I just want it to disp... by jrevolorio Explorer in Splunk Search 08-25-2017 0 3	0	3
	Why are real time searches not running and getting error "status skipped, reason="Real time searches pending""? Real time searches are not running, and searching for one of the saved search names in the _internal index shows: st... by gn694 Communicator in Splunk Search 08-25-2017 0 14	0	14
	How can I include a wildcard character in eval command? I have the following search: eval "tt"=case(transporttype="sip","Sip",................) I can't figure out how do i... by tamduong16 Contributor in Splunk Search 08-25-2017 0 6	0	6
	Route specific events to a relative index I need to retain events for different periods of time based on content. I have created indexes with different retent... by wayn23 Explorer in Splunk Search 08-25-2017 0 2	0	2
	Use process run time to plot number of processes running in each second I need to plot a graph over time indicating how many processes are running in each second, but the Splunk log only co... by agu_srishti Engager in Splunk Search 08-25-2017 0 2	0	2
	Will wildcards work in the default.meta? Does anyone know whether wildcards will work in the default.meta? Trying to avoid having to update the file when new... by the_wolverine Champion in Splunk Search 08-25-2017 0 5	0	5
	Multiple ways to access lookup transforms via REST, which should I use? There are multiple ways to access lookup transforms via REST, including: data/transforms/lookupsconfigs/conf-transfo... by LukeMurphey Champion in Splunk Search 08-25-2017 0 2	0	2
	How to do simple join between two different source types like primary key & foreign key in SQL? I have two different source types Source A & B. 'ID' is the common field in both sources. For each 'ID' in source A, ... by tskarthic New Member in Splunk Search 08-25-2017 0 1	0	1
	Need help creating search to list all existing users on server. I am confused about something. I have seen people using this to get a list of users on a system: rest /services/auth... by jcorkey Explorer in Splunk Search 08-25-2017 0 5	0	5
	How to set an alert when the number of authentication events is zero during any 1-hour interval? I am trying to match (i.e alert) on a condition when the number of authentication events is zero from any host during... by _smp_ Builder in Splunk Search 08-25-2017 0 4	0	4
	Assistance with search query on generator power Hello Splunk World, Back at it today trying to chart out some power data off of generators. I have 2 queries that nee... by dhardingatn New Member in Splunk Search 08-25-2017 0 2	0	2
	stats min(count) not 0 if value never occurs If I have the following query foo \| timechart span=60s count \| stats min(count) as minCntFoo but foo never occu... by viggor Path Finder in Splunk Search 08-25-2017 0 1	0	1
	How do I do a stats count for 2 diffrent interesting fields? am in a situation, I have 2 Interesting Fields Field1 has A,B values and Field2 has again A,B values I just want to g... by svemurilv Path Finder in Splunk Search 08-25-2017 0 2	0	2
	How do I place two time values from two seperate logs as distinct variables per field name that they share? Let's say I have a search query that pulls up multiple logs and there are two logs for each JOBNAME. one that contain... by Toshbar Explorer in Splunk Search 08-25-2017 0 1	0	1
	Regex to match string followed by varying formats (multi-line event) I am working with data from a database which produces information on transactions. The problem is that transactions ... by alexandermunce Communicator in Splunk Search 08-25-2017 0 2	0	2
	Splunk search help: formatting a field Can somebody help me with a Splunk query to format the below MESSAGE field value MESSAGE=ABC-STATUS-COUNT={\"false\... by premvenud New Member in Splunk Search 08-24-2017 0 1	0	1
	Are the job id and search id the same thing? What are the differences? please expalin clearly, as per my understanding both are different. if both are same then expalin. by Palrav12 New Member in Splunk Search 08-24-2017 0 2	0	2
	How to index geolocation data from MaxMind? I am new to Splunk and I have been asked to bring IP info in for geolocation from MAXMIND. How is this accomplished? ... by pfabrizi Path Finder in Splunk Search 08-24-2017 0 1	0	1
	How can I get the job id from Splunk? I need job id from Splunk. How to get the job id from Splunk? I execute the curl command but I didn't get the Job id ... by Palrav12 New Member in Splunk Search 08-24-2017 0 2	0	2
	How to include a duration that started out of time range of the search into stats/timechart command? I have a dataset like below: Ticket#\| StartDate \| EndDate In my search, I am more into EndDate of the tickets as \|e... by akocak Contributor in Splunk Search 08-24-2017 0 2	0	2
	Get a time range from subsearch to adjust main search time range Hi I captured an event, I want to do a search which the time range is based on the previous captured event time. For... by samlinsongguo Communicator in Splunk Search 08-24-2017 0 1	0	1
	Merge Data from two indexes without using Join Hello, I know there are many answers on this topic, but I can't seem to find any answer that is working for me. I ha... by katzr Path Finder in Splunk Search 08-24-2017 0 3	0	3
	Duplicate values causing conflict Hi Splunkers, below form (dynamic dropdown) creates "Duplicate values causing conflict" Any ideas? <form> <label... by splunk_UCL Explorer in Splunk Search 08-24-2017 0 3	0	3
	Calculate time difference between events for distinct users in transaction log Hi We are hitting a wall here... we would like to show events where a user does more than x actions within a small ... by hgehrts_splunk Splunk Employee in Splunk Search 08-24-2017 0 2	0	2