Splunk Search

Community Activity

IS there any script how we can check SPlunk agent is inactive in user server. IS there any script or how we can check SPlunk agent is inactive in user server. I received email or notification If... by sahils New Member in Splunk Search 07-18-2017 0 8	0	8
Extracting kv pars from a field in a json string I have a field in my JSON string like: message: caas_tcp_est=12326 caas_bgp_est=0 caas_ovpn_elapsed=2288881 caas... by brent_weaver Builder in Splunk Search 07-18-2017 0 1	0	1
How to create 24/7 real-time search using the Java SDK? I am looking for a few parameters to make my RT search work better. Current, I am limited using Java search with the... by ajaskey Engager in Splunk Search 07-18-2017 2 2	2	2
Why do real-time queries include duplicates or are incomplete? I am absolutely new to Splunk and having a play. I was trying to use the java API (through scala, but that shouldn't ... by nigelbrown New Member in Splunk Search 07-18-2017 0 1	0	1
Timestamp in Table When I pipe my search results to a table, how do I include the timestamp as a column? by jchampagne Path Finder in Splunk Search 07-18-2017 0 3	0	3
Is it possible to use Splunk to search all hosts on a domain to identify which hosts have a particular security group listed? Is it possible to use Splunk to search all hosts on a domain to identify which hosts have a particular security group... by selimh New Member in Splunk Search 07-17-2017 0 1	0	1
Search based on word match I have a search built off of a lookup file that generates a list of words. I'm looking for assistance with a search t... by kmcaloon Explorer in Splunk Search 07-17-2017 0 3	0	3
Field conditions with custom delimiter I'm using custom delimiters to extract fields from the logs of a rails app. Following the advice of an answer on thi... by mcvaylk Engager in Splunk Search 07-17-2017 0 3	0	3
How do I create a query to retrieve all info in one row from the following table below? I need to create a query that will show all the cells from the table below which exceed 80%. Here is the query I w... by maximusdm Communicator in Splunk Search 07-17-2017 0 2	0	2
How to group by country and concatenate the cities into one row? giving the folowing scenario: ... \| table Country City Population > Country City Population > ... by maximusdm Communicator in Splunk Search 07-17-2017 0 2	0	2
How to correlate Dense Sensor Data with a Sparse Data Set? I have dense sensor data (~75k events in a 3 week period) from multiple sensors that I would like to correlate to a s... by ErikaE Communicator in Splunk Search 07-17-2017 0 4	0	4
Join Datasets from two sourcetypes but only display them if there is a dataset on the left side This Question is based on this question which solved my initial problem but created a new one. No matter which of thi... by davidb89 Engager in Splunk Search 07-17-2017 0 5	0	5
How do I create a chart that only shows columns with greater than 1000 events? I'm trying to make a stacked column chart showing how users are changing some setting ("powerChanged") by build. Her... by mrb113 Engager in Splunk Search 07-17-2017 0 4	0	4
Dedup / merge multiple events relating to one transaction Hi, Our system logs events in a bizarre way in which multiple lines of data will all relate to a single transaction,... by alexandermunce Communicator in Splunk Search 07-17-2017 0 4	0	4
dbquery - create a field using a field value Hi, I am using sql query with dbquery to get data of an item from 2 different tables. In the first table I have the ... by matansocher Contributor in Splunk Search 07-17-2017 0 1	0	1
How to extract values from a String. Hi i have values in a column like AA(15), ABC(20), ADSF(90).Now i need a regular expression which gives me only value... by prafulljha New Member in Splunk Search 07-17-2017 0 9	0	9
How do you restrict user searches to only return data injected by themselves? I have a subset of users who should only be able to view data injected by themselves. To know the event in Splunk wa... by ddurio Engager in Splunk Search 07-17-2017 1 3	1	3
Average of results from input search So I have a search set up where I can find the cpu of a server for a given host. However, now I want to add an option... by danielsavage New Member in Splunk Search 07-17-2017 0 6	0	6
Why does my search return error "Unable to parse the search: Comparator '=' is missing a term on the right hand side"? I had this search working and now it seems to have stopped gives an error. Thoughts? Search: index=symantec source... by HealyDPS Explorer in Splunk Search 07-17-2017 0 7	0	7
Field Extraction errors I keep receiving this error: The extraction failed. If you are extracting multiple fields, try removing one or more f... by jclehmuth Path Finder in Splunk Search 07-17-2017 0 7	0	7
entire file to a single event SHOULD_LINEMERGE = true MAX_EVENTS = 99999 TRUNCATE = 9999999 SHOULD_LINEMERGE = false LINE_BREAKER = ((FAIL*)) I... by 722624 Path Finder in Splunk Search 07-17-2017 0 7	0	7
How do we keep the null results obtained from stats count by field to match the table? I am trying to obtain the DailyTransactions and WeeklyTranscations . The following is my Query -> index=INDEXA sourc... by tareddy Explorer in Splunk Search 07-16-2017 0 3	0	3
Why Splunk results are not showing properly? Hi, Can anyone please help me to understand why I am seeing the results in a linear format and I can not see the res... by iqbalintouch Path Finder in Splunk Search 07-16-2017 0 7	0	7
Find computer availability index="windows_logins_test" LogName="Security" (EventCode=4624 AND EventCode!=4647) \|table ComputerName when I set... by vikashnimoyle New Member in Splunk Search 07-16-2017 0 2	0	2
How to use Regex to extract the fields in the windows application event? HI, How to extract the field user, action and src_ip from the below event? 05/31/2017 11:59:52 PM LogName=Applicatio... by kiran331 Builder in Splunk Search 07-16-2017 0 3	0	3