Splunk Search

Community Activity

Constructing a search term with ( AND ) statement (WITHIN) nth Characters Hello , I am constructing search At the moment I am looking for ( X AND Y AND Z) This is working well but I am... by J_Walker_Ex New Member in Splunk Search 07-18-2017 0 4	0	4
IS there any script how we can check SPlunk agent is inactive in user server. IS there any script or how we can check SPlunk agent is inactive in user server. I received email or notification If... by sahils New Member in Splunk Search 07-18-2017 0 8	0	8
Extracting kv pars from a field in a json string I have a field in my JSON string like: message: caas_tcp_est=12326 caas_bgp_est=0 caas_ovpn_elapsed=2288881 caas... by brent_weaver Builder in Splunk Search 07-18-2017 0 1	0	1
How to create 24/7 real-time search using the Java SDK? I am looking for a few parameters to make my RT search work better. Current, I am limited using Java search with the... by ajaskey Engager in Splunk Search 07-18-2017 2 2	2	2
Why do real-time queries include duplicates or are incomplete? I am absolutely new to Splunk and having a play. I was trying to use the java API (through scala, but that shouldn't ... by nigelbrown New Member in Splunk Search 07-18-2017 0 1	0	1
Timestamp in Table When I pipe my search results to a table, how do I include the timestamp as a column? by jchampagne Path Finder in Splunk Search 07-18-2017 0 3	0	3
Is it possible to use Splunk to search all hosts on a domain to identify which hosts have a particular security group listed? Is it possible to use Splunk to search all hosts on a domain to identify which hosts have a particular security group... by selimh New Member in Splunk Search 07-17-2017 0 1	0	1
Search based on word match I have a search built off of a lookup file that generates a list of words. I'm looking for assistance with a search t... by kmcaloon Explorer in Splunk Search 07-17-2017 0 3	0	3
Field conditions with custom delimiter I'm using custom delimiters to extract fields from the logs of a rails app. Following the advice of an answer on thi... by mcvaylk Engager in Splunk Search 07-17-2017 0 3	0	3
How do I create a query to retrieve all info in one row from the following table below? I need to create a query that will show all the cells from the table below which exceed 80%. Here is the query I w... by maximusdm Communicator in Splunk Search 07-17-2017 0 2	0	2
How to group by country and concatenate the cities into one row? giving the folowing scenario: ... \| table Country City Population > Country City Population > ... by maximusdm Communicator in Splunk Search 07-17-2017 0 2	0	2
How to correlate Dense Sensor Data with a Sparse Data Set? I have dense sensor data (~75k events in a 3 week period) from multiple sensors that I would like to correlate to a s... by ErikaE Communicator in Splunk Search 07-17-2017 0 4	0	4
Join Datasets from two sourcetypes but only display them if there is a dataset on the left side This Question is based on this question which solved my initial problem but created a new one. No matter which of thi... by davidb89 Engager in Splunk Search 07-17-2017 0 5	0	5
How do I create a chart that only shows columns with greater than 1000 events? I'm trying to make a stacked column chart showing how users are changing some setting ("powerChanged") by build. Her... by mrb113 Engager in Splunk Search 07-17-2017 0 4	0	4
Dedup / merge multiple events relating to one transaction Hi, Our system logs events in a bizarre way in which multiple lines of data will all relate to a single transaction,... by alexandermunce Communicator in Splunk Search 07-17-2017 0 4	0	4
dbquery - create a field using a field value Hi, I am using sql query with dbquery to get data of an item from 2 different tables. In the first table I have the ... by matansocher Contributor in Splunk Search 07-17-2017 0 1	0	1
How to extract values from a String. Hi i have values in a column like AA(15), ABC(20), ADSF(90).Now i need a regular expression which gives me only value... by prafulljha New Member in Splunk Search 07-17-2017 0 9	0	9
How do you restrict user searches to only return data injected by themselves? I have a subset of users who should only be able to view data injected by themselves. To know the event in Splunk wa... by ddurio Engager in Splunk Search 07-17-2017 1 3	1	3
Average of results from input search So I have a search set up where I can find the cpu of a server for a given host. However, now I want to add an option... by danielsavage New Member in Splunk Search 07-17-2017 0 6	0	6
Why does my search return error "Unable to parse the search: Comparator '=' is missing a term on the right hand side"? I had this search working and now it seems to have stopped gives an error. Thoughts? Search: index=symantec source... by HealyDPS Explorer in Splunk Search 07-17-2017 0 7	0	7
Field Extraction errors I keep receiving this error: The extraction failed. If you are extracting multiple fields, try removing one or more f... by jclehmuth Path Finder in Splunk Search 07-17-2017 0 7	0	7
entire file to a single event SHOULD_LINEMERGE = true MAX_EVENTS = 99999 TRUNCATE = 9999999 SHOULD_LINEMERGE = false LINE_BREAKER = ((FAIL*)) I... by 722624 Path Finder in Splunk Search 07-17-2017 0 7	0	7
How do we keep the null results obtained from stats count by field to match the table? I am trying to obtain the DailyTransactions and WeeklyTranscations . The following is my Query -> index=INDEXA sourc... by tareddy Explorer in Splunk Search 07-16-2017 0 3	0	3
Why Splunk results are not showing properly? Hi, Can anyone please help me to understand why I am seeing the results in a linear format and I can not see the res... by iqbalintouch Path Finder in Splunk Search 07-16-2017 0 7	0	7
Find computer availability index="windows_logins_test" LogName="Security" (EventCode=4624 AND EventCode!=4647) \|table ComputerName when I set... by vikashnimoyle New Member in Splunk Search 07-16-2017 0 2	0	2