Splunk Search

Community Activity

How to sum of distinct count of different fields? I need to sum of distinct count(emal_id) if event_name=email and distinct_count(person_id) if event_name=push. And su... by pinpra New Member in Splunk Search 07-19-2017 0 1	0	1
timechart - Trying to bucket by 10 minutes - Displaying every minute Hi, I am doing the following: index=wineventlog user="*.ad" TaskCategory="Security Group Management" \|bucket _time s... by TheJagoff Communicator in Splunk Search 07-19-2017 0 1	0	1
Set Sort Order in Splunk Panel I have made a dashboard with a few panels on it, each of which contains a _time field and an environment field that t... by chlebs New Member in Splunk Search 07-19-2017 0 3	0	3
Need query of sum of distinct count. I need sum of distinct count for following condition : distinct_count(email_id) where event_name=email and distinct... by pinpra New Member in Splunk Search 07-19-2017 0 1	0	1
Searchmanager cannot reuse in for loop in HTML dashboard Currently, my dashboard is basic on the number of the source and generate the number of chart or table. The structur... by chrismok Path Finder in Splunk Search 07-19-2017 1 3	1	3
Another regex issue I'm trying to collate groups of Windows EventIDs into categories and use regex to filter a range of them. I cannot g... by ldgrube Engager in Splunk Search 07-19-2017 0 4	0	4
Rex query For below input I tried search query as index=myindex "Notification"\|rex "(MQ) (?\d+) = (?\w+)"\|stats count(Notifica... by harishnpandey Explorer in Splunk Search 07-19-2017 0 3	0	3
Account Creation And Deletion within a given time Hello, I'm trying to create a query to monitor when users create accounts and then within a given time window delete ... by hagjos43 Contributor in Splunk Search 07-19-2017 0 6	0	6
Avoid chart skipping every other day label on X-axis How do I change a chart's X-axis to avoid skipping every other day label like this: Thu Oct 11 Sa... by e_sherlock Explorer in Splunk Search 07-19-2017 5 2	5	2
Key value pair extraction My Sample data is below: 2017-07-17 23:59:43,156 ERROR------------webserver logs from servers------------ Attributes... by SrinivasaC Path Finder in Splunk Search 07-19-2017 0 2	0	2
what is the default height and width in splunk for charts what is the default height and width in splunk for charts? I know I can change it as follows: <chart> ... <option... by HattrickNZ Motivator in Splunk Search 07-18-2017 0 2	0	2
Splunk Data sorting HI Everyone. I am trying to put in table format some alarm data in our enterprise network with the query below. ... by ringbbg Engager in Splunk Search 07-18-2017 0 1	0	1
How to change a column chart to not fill with color under line? I selected column chart to show square wave charts but there are also some line charts on the same page. I wanted to ... by wuming79 Path Finder in Splunk Search 07-18-2017 0 5	0	5
Change the 'oldest' and 'latest' field values to readible time format using 'strptime' command I'm having trouble changing the 'oldest' and 'latest' field values from epoch time to readible time format using 'str... by lawannapage New Member in Splunk Search 07-18-2017 0 1	0	1
How could we use one search results in another search using subsearch query? Query : index="heroku_secure_uat" host="messaging-service-uat.herokuapp.com" [search event_name=email OR event \|whe... by pinpra New Member in Splunk Search 07-18-2017 0 7	0	7
How to capture trend over time with Splunk (using span or timechart)? Hello - I'm a newbie to Splunk and i'm trying to chart timetaken by a process over a span of 3 days. Below is the l... by chaitanyabingu Engager in Splunk Search 07-18-2017 0 6	0	6
Is there a way to modify SID for alerting searches? Hi, I'm running alerts on quite a few scenarios across JVMs and servers and clusters to make sure logging is perform... by budkial New Member in Splunk Search 07-18-2017 0 3	0	3
Disk Space Free over time - Multiple instances, multiple server hosts I am working on a chart that would show all servers with each of their hard drives mapping their drive space over a t... by Seenon01 Explorer in Splunk Search 07-18-2017 0 8	0	8
How to edit my search to display _time format as the exact time of the event? Hi, I have written a query to find average of the runtime for each job on daily basis. My query works fine and I get... by snehasal Explorer in Splunk Search 07-18-2017 0 2	0	2
How to use 'group by' with two fields? I have 5 books. I have to show the count of these 5 books for different location. I am getting the report like Locat... by harish_ka Communicator in Splunk Search 07-18-2017 2 8	2	8
How can i check to see if a Splunk dashboard has been edited? I have a requirement to be able to check and provide alerts if a customers dashboards have been tampered with. I hav... by voninski New Member in Splunk Search 07-18-2017 0 4	0	4
How to find all concurrent searches that are running at the same time? Hi there, Is there any way to find out the all scheduled searches which are scheduled to run at same time because it... by kteng2024 Path Finder in Splunk Search 07-18-2017 0 2	0	2
How to generate a timechart search for a running percentage? I have an SLA that states for a 12 month window the average availability must be > 95%. This can be calculated for t... by ajobling1964 New Member in Splunk Search 07-18-2017 0 6	0	6
Get a distinct count of field values matching a regex I am doing this - <<>> \| search $country$ $campaign_name$ event_name=email OR event_name=event\|stats dc(person_id) N... by gdagur New Member in Splunk Search 07-18-2017 0 3	0	3
Constructing a search term with ( AND ) statement (WITHIN) nth Characters Hello , I am constructing search At the moment I am looking for ( X AND Y AND Z) This is working well but I am... by J_Walker_Ex New Member in Splunk Search 07-18-2017 0 4	0	4