Splunk Search

Community Activity

	How can I change human to epoch time \| gentimes start=-1 \| eval YourDate="3:21:34 AM 12/8/2014" \| table YourDate \| eval epoch1=strptime(YourDate,"%H:%M:... by nagarjuna280 Communicator in Splunk Search 07-30-2017 0 1	0	1
	any way to replicate search artifacts and index between 2 all-in-on Splunk instance without cluter I have 2 separated all-in-one Splunk boxes running on the different sites for DR purpose. Is there any way to replic... by danielwan Explorer in Splunk Search 07-30-2017 0 4	0	4
	How to do timechart on a field that has same name but different alert level? Hi, I have a log with a field call "Event_Types" and then another field call "Alert Level" . In my logs there is an... by wuming79 Path Finder in Splunk Search 07-30-2017 0 7	0	7
	reference material to understand dbquery script - purpose of %20, %2C, %22 etc....???? Is there any reference material to understand dbquery script - purpose of %20, %2C, %22 etc....???? by dxw350 Path Finder in Splunk Search 07-29-2017 0 4	0	4
	Have I run out of space with my lookup? what should I do? I am running into trouble while trying to accumulate data into a csv. Things ran great for a long time, but now reco... by MonkeyK Builder in Splunk Search 07-28-2017 0 10	0	10
	Split multi-valued field Hi all, What would be the best way to split values out of a field that I know are multi-valued, but are written as o... by bcarr12 Path Finder in Splunk Search 07-28-2017 0 4	0	4
	Hi, I am new to splunk and got stuck with this requirement to split part of a row to other row.. I have a query which gives data in the below format: ABC BCD EFG HIJ KLM NOP 123 234 456 12.33 23.45 34.6 And... by pankaj31 New Member in Splunk Search 07-28-2017 0 7	0	7
	Need search help for server job monitoring use case I want to implement job monitoring use case. Check the events of a process from a particular server and display resu... by smuderasi Explorer in Splunk Search 07-28-2017 0 3	0	3
	How to create a dropdown menu I am trying to create a dropdown menu where a user can select a city. I have the following code as the search string ... by sarahw3 Explorer in Splunk Search 07-28-2017 0 5	0	5
	simple email regex Ive been trying most of the regex solutions on this forum, but cant get any of them to work. Im trying to extract ema... by kleckns Explorer in Splunk Search 07-28-2017 0 2	0	2
	What are the pros and cons of using search workflow action vs subsearch? These two items seem to do the same thing. Does anyone have a good relative/comparative pros and cons discussion link... by richkappler Path Finder in Splunk Search 07-28-2017 0 2	0	2
	how can I show all labels on X-axis, even results are zero with timechart commnad I wanna show data for the last ten months on bar graph, few months does,t have data so, those are not appeared on gr... by nagarjuna559 Explorer in Splunk Search 07-28-2017 0 5	0	5
	indexed data missing for source type Data already been indexed for a sourcetype is missing in splunk . Can i please know how to troubleshoot the issue . e... by kteng2024 Path Finder in Splunk Search 07-27-2017 0 4	0	4
	How can I extract part of a URI and group them and create a table. I have a statistic to get where I am getting multiple lines but unable to group them into one and display the result ... by raviteja029 Explorer in Splunk Search 07-27-2017 0 1	0	1
	Find the list of consecutive events by a field Hello, I am trying to find out the list of consecutive card transactions on same terminal in period of time, eg: mor... by langlv Engager in Splunk Search 07-27-2017 0 9	0	9
	Datetime to Date I have a field called Date like this 2017-07-26 22:34:09.383 and I need to strip out the time and keep just the date ... by luislema Path Finder in Splunk Search 07-27-2017 0 14	0	14
	About issues between 6.5.x ver splunk and 6.3.x ver splunk. I want to know whether existing a problem between Splunk server of 6.3 series and Splunk server of 6.5 series(especia... by yutaka1005 Builder in Splunk Search 07-27-2017 0 2	0	2
	Not counting events in between event pairs My search is index=safes TransactionCode=DOPN OR TransactionCode=PWPL Details="opened" OR Details="AC" \| transact... by ellenbytech Explorer in Splunk Search 07-27-2017 0 6	0	6
	Update a Datamodel Field from a look up I have a DataModel field like below, there are many unique entries NICKNAME mx smcrisk_engine mxtraderepository_engi... by robertlynch2020 Influencer in Splunk Search 07-27-2017 0 1	0	1
	Why does the convert command not work in my search? by hjaramillo New Member in Splunk Search 07-27-2017 0 8	0	8
	split based on lookup Hello, I have a set of windows events (4656 and 4663) which contain fullpathnames. I also have a list of 'critical'... by coenvandijk Observer in Splunk Search 07-27-2017 0 2	0	2
	Need help forming my search query for linux_secure sourcetype I am receiving the /var/log/secure logs from my linux forwarder I am trying to create a search string that can detect... by jcorkey Explorer in Splunk Search 07-27-2017 0 1	0	1
	Lookup most recent login before event Hi all, I have created a table that will show all FireEye events logged that contain a certain MAC address. This is t... by EliBildman Engager in Splunk Search 07-27-2017 0 1	0	1
	What are the list of Splunk commands? I would like to have a list with (all) commands, their description, possible options and what ever is interesting abo... by Belog New Member in Splunk Search 07-27-2017 0 1	0	1
	Creating an If statement in Search with max() function inside Here's what I have below. I'm trying to do unit conversion and the unit trails in the string (ex. 127 KiB). Any ideas... by aracer Engager in Splunk Search 07-27-2017 0 9	0	9