Splunk Search

Community Activity

How to change a column chart to not fill with color under line? I selected column chart to show square wave charts but there are also some line charts on the same page. I wanted to ... by wuming79 Path Finder in Splunk Search 07-18-2017 0 5	0	5
Change the 'oldest' and 'latest' field values to readible time format using 'strptime' command I'm having trouble changing the 'oldest' and 'latest' field values from epoch time to readible time format using 'str... by lawannapage New Member in Splunk Search 07-18-2017 0 1	0	1
How could we use one search results in another search using subsearch query? Query : index="heroku_secure_uat" host="messaging-service-uat.herokuapp.com" [search event_name=email OR event \|whe... by pinpra New Member in Splunk Search 07-18-2017 0 7	0	7
How to capture trend over time with Splunk (using span or timechart)? Hello - I'm a newbie to Splunk and i'm trying to chart timetaken by a process over a span of 3 days. Below is the l... by chaitanyabingu Engager in Splunk Search 07-18-2017 0 6	0	6
Is there a way to modify SID for alerting searches? Hi, I'm running alerts on quite a few scenarios across JVMs and servers and clusters to make sure logging is perform... by budkial New Member in Splunk Search 07-18-2017 0 3	0	3
Disk Space Free over time - Multiple instances, multiple server hosts I am working on a chart that would show all servers with each of their hard drives mapping their drive space over a t... by Seenon01 Explorer in Splunk Search 07-18-2017 0 8	0	8
How to edit my search to display _time format as the exact time of the event? Hi, I have written a query to find average of the runtime for each job on daily basis. My query works fine and I get... by snehasal Explorer in Splunk Search 07-18-2017 0 2	0	2
How to use 'group by' with two fields? I have 5 books. I have to show the count of these 5 books for different location. I am getting the report like Locat... by harish_ka Communicator in Splunk Search 07-18-2017 2 8	2	8
How can i check to see if a Splunk dashboard has been edited? I have a requirement to be able to check and provide alerts if a customers dashboards have been tampered with. I hav... by voninski New Member in Splunk Search 07-18-2017 0 4	0	4
How to find all concurrent searches that are running at the same time? Hi there, Is there any way to find out the all scheduled searches which are scheduled to run at same time because it... by kteng2024 Path Finder in Splunk Search 07-18-2017 0 2	0	2
How to generate a timechart search for a running percentage? I have an SLA that states for a 12 month window the average availability must be > 95%. This can be calculated for t... by ajobling1964 New Member in Splunk Search 07-18-2017 0 6	0	6
Get a distinct count of field values matching a regex I am doing this - <<>> \| search $country$ $campaign_name$ event_name=email OR event_name=event\|stats dc(person_id) N... by gdagur New Member in Splunk Search 07-18-2017 0 3	0	3
Constructing a search term with ( AND ) statement (WITHIN) nth Characters Hello , I am constructing search At the moment I am looking for ( X AND Y AND Z) This is working well but I am... by J_Walker_Ex New Member in Splunk Search 07-18-2017 0 4	0	4
IS there any script how we can check SPlunk agent is inactive in user server. IS there any script or how we can check SPlunk agent is inactive in user server. I received email or notification If... by sahils New Member in Splunk Search 07-18-2017 0 8	0	8
Extracting kv pars from a field in a json string I have a field in my JSON string like: message: caas_tcp_est=12326 caas_bgp_est=0 caas_ovpn_elapsed=2288881 caas... by brent_weaver Builder in Splunk Search 07-18-2017 0 1	0	1
How to create 24/7 real-time search using the Java SDK? I am looking for a few parameters to make my RT search work better. Current, I am limited using Java search with the... by ajaskey Engager in Splunk Search 07-18-2017 2 2	2	2
Why do real-time queries include duplicates or are incomplete? I am absolutely new to Splunk and having a play. I was trying to use the java API (through scala, but that shouldn't ... by nigelbrown New Member in Splunk Search 07-18-2017 0 1	0	1
Timestamp in Table When I pipe my search results to a table, how do I include the timestamp as a column? by jchampagne Path Finder in Splunk Search 07-18-2017 0 3	0	3
Is it possible to use Splunk to search all hosts on a domain to identify which hosts have a particular security group listed? Is it possible to use Splunk to search all hosts on a domain to identify which hosts have a particular security group... by selimh New Member in Splunk Search 07-17-2017 0 1	0	1
Search based on word match I have a search built off of a lookup file that generates a list of words. I'm looking for assistance with a search t... by kmcaloon Explorer in Splunk Search 07-17-2017 0 3	0	3
Field conditions with custom delimiter I'm using custom delimiters to extract fields from the logs of a rails app. Following the advice of an answer on thi... by mcvaylk Engager in Splunk Search 07-17-2017 0 3	0	3
How do I create a query to retrieve all info in one row from the following table below? I need to create a query that will show all the cells from the table below which exceed 80%. Here is the query I w... by maximusdm Communicator in Splunk Search 07-17-2017 0 2	0	2
How to group by country and concatenate the cities into one row? giving the folowing scenario: ... \| table Country City Population > Country City Population > ... by maximusdm Communicator in Splunk Search 07-17-2017 0 2	0	2
How to correlate Dense Sensor Data with a Sparse Data Set? I have dense sensor data (~75k events in a 3 week period) from multiple sensors that I would like to correlate to a s... by ErikaE Communicator in Splunk Search 07-17-2017 0 4	0	4
Join Datasets from two sourcetypes but only display them if there is a dataset on the left side This Question is based on this question which solved my initial problem but created a new one. No matter which of thi... by davidb89 Engager in Splunk Search 07-17-2017 0 5	0	5