Splunk Search

Community Activity

How search how many concurrent searches (adhoc, report, summary, etc) are running at the same time in my environment? Hi Can anyone help me create a search in audittrail index to get the min/avg/max number of concurrent searches in a ... by melonman Motivator in Splunk Search 08-18-2017 0 3	0	3
How can I correctly parse time from the XML field? I am attempting to extract Time using TIME_FORMAT and TIME_PREFIX in props.conf. Would like to understand how to corr... by rsreese Explorer in Splunk Search 08-18-2017 0 1	0	1
Loop inside a loop with lookup data Hi, I'm trying double loop through a csv list of words using the map command. The idea behind it is to perform a sea... by mwinkel New Member in Splunk Search 08-18-2017 0 2	0	2
How can I customize my chart to show labels instead of number values and to be color-coded? I have a service which we need to monitor discrete states. I only get events if the state changes. I can map these ... by duffeysplunk Path Finder in Splunk Search 08-18-2017 0 2	0	2
How to set/gather Performance benchmark for splunk infrastructure Assuming that Splunk is installed as per the recommended reference architecture and hardware, then based on real-worl... by xbbj3nj Path Finder in Splunk Search 08-18-2017 0 1	0	1
How do I add an Average column to this stats table? I have this query to create a stats table: index=star_aws sourcetype=aws:ec2 State=running \| dedup InstanceID \| rena... by mjm295 Path Finder in Splunk Search 08-18-2017 0 4	0	4
Calculate average operation time The gut who was doing this job before me made some servicenow reports using excel . He devised a term something that ... by pranaynanda Path Finder in Splunk Search 08-18-2017 0 9	0	9
How to join a search query and a lookup file without any common columns and display the output I have a below search query which gives me the count of the error(the corresponding events have only the description ... by akarivaratharaj Communicator in Splunk Search 08-18-2017 0 8	0	8
How can I troubleshoot high CPU utilization on my heavy forwarder? We have 3 heavy forwarders and universal forwarders are sending data to these 3 HF. But the CPU usage on one of the h... by kteng2024 Path Finder in Splunk Search 08-17-2017 0 1	0	1
Comparing Multivalue Fields I have numerous events, each of which has a multivalue field that has a list of X (where X is a number) hashes in it.... by msscott63 New Member in Splunk Search 08-17-2017 0 2	0	2
where operation with multiple search criteria + regex This is my search index=X ....\| search column!="T" column!="I" column!="m" column!="l" column!="d*" ... by HattrickNZ Motivator in Splunk Search 08-17-2017 0 3	0	3
Splunk search - chart the number of hits from each IP over a fixed range We have the below data: IP Count A 50 B 100 C 20 D 60 E ... by asdfxqwert Explorer in Splunk Search 08-17-2017 0 7	0	7
Using curl command from TA-Webtools So I've been trying to use TA-Webtools app to get data from a Sharepoint site after some googling. As a test, I’ve t... by jpvalenc Path Finder in Splunk Search 08-17-2017 1 5	1	5
Timechart/bin - "flatten" values What would be the best way to run a week to date search (timechart/bin) that "flattens" the individual days so I can ... by bcarr12 Path Finder in Splunk Search 08-17-2017 0 1	0	1
How can I generate a report of users and machine usage by machine name? I am looking at a log of users logging into machines. The two fields I am interested in are: Username and Machine nam... by jcftx7 New Member in Splunk Search 08-17-2017 0 1	0	1
Splunk on Raspberry Pi I am attempting a project and the use of Rasberry Pi's seems like the most effective solution right now. However, cri... by ben_clarke96 New Member in Splunk Search 08-17-2017 0 3	0	3
Sum of Unique Values in One Field of a Stats Table Greetings, I'm creating a stats table which shows Logon attempts to different workstations. I have a column that sh... by SplunkLunk Path Finder in Splunk Search 08-17-2017 0 6	0	6
Can I combine two searches and group by _time using a regex filter? Hello, I'm relatively new to Splunk, so please bear with me. What I am trying to accomplish is a time chart using ts... by sdtruesdale Engager in Splunk Search 08-17-2017 0 1	0	1
How can I display these fields from my unstructured data? There is an unstructured log-file and so the field extraction is not working to extract the exceptions that occur in ... by smirti New Member in Splunk Search 08-17-2017 0 1	0	1
Show a timechart of all hosts even if 0 values exist I'm attempting to write a query to show a timechart of the number of results for each host per minute, which is easy ... by Lgo Explorer in Splunk Search 08-17-2017 0 2	0	2
How can I add a Total for the count of events from different index or sourcetypes? I'm searching blocked events from the firewall and Palo Alto logs and would like to add a line to show the Total of t... by digital_alchemy Path Finder in Splunk Search 08-17-2017 1 2	1	2
Is there a way to append fields at the UF ? All, Is there a way for me to append data to an event at the UF level ? Or perhaps at index time ? I want to prepopu... by daniel333 Builder in Splunk Search 08-17-2017 0 1	0	1
How to index a text file in the xml format? /getClientProfileV1Request></SOAP-ENV:Body></SOAP-ENV:Envelope></soap-env:Body>-- HTTP Header values -<tp:headers xsi... by madhanbaskar Explorer in Splunk Search 08-17-2017 0 12	0	12
How can I find the time duration between two fields? Trying to find the time duration between 2 fields Field name : START_TS 2017-08-16 04:07:00.0 Field name : END_TS ... by locose Path Finder in Splunk Search 08-17-2017 2 7	2	7
duplicate in dates for stats when using predict I have this query to predict CPU usage, looking at real data for last 90 days and predicting ahead 60 days. index="l... by mjm295 Path Finder in Splunk Search 08-17-2017 0 7	0	7