Splunk Search

Community Activity

Why Splunk results are not showing properly? Hi, Can anyone please help me to understand why I am seeing the results in a linear format and I can not see the res... by iqbalintouch Path Finder in Splunk Search 07-16-2017 0 7	0	7
Find computer availability index="windows_logins_test" LogName="Security" (EventCode=4624 AND EventCode!=4647) \|table ComputerName when I set... by vikashnimoyle New Member in Splunk Search 07-16-2017 0 2	0	2
How to use Regex to extract the fields in the windows application event? HI, How to extract the field user, action and src_ip from the below event? 05/31/2017 11:59:52 PM LogName=Applicatio... by kiran331 Builder in Splunk Search 07-16-2017 0 3	0	3
Eval Match function Issue I need to extract the date from the file name,But the format of the data on different files are different for eg:D2... by vikasreddy Explorer in Splunk Search 07-15-2017 0 7	0	7
How to exclude NULL return fields from my search? eventtype=qualys_vm_detection_event STATUS!="FIXED" \| fillnull value=- PROTOCOL \| dedup 1 HOST_ID, QID, PROTOCOL, ST... by rkaakaty Path Finder in Splunk Search 07-15-2017 1 6	1	6
What is the search engine Splunk uses to retrieve the data instantly ? I need to understand the backend search engine Splunk uses to retrieve the data instantly upon a search in the UI. Al... by Rshekar19 New Member in Splunk Search 07-15-2017 0 1	0	1
How to remove fields from a search that will be used in dashboard drill down panel in dashboard. All, I am running this search to build a drilldown panel in a dashboard: index=os "invoked oom-killer:" \| eval stim... by GersonGarcia Path Finder in Splunk Search 07-15-2017 0 4	0	4
Can I display the variable concatenated in a table? Hi, everyone When I create a field concatenated with eval, example: \|eval date = day. "/" .month." /". year. \| Can ... by cgaete Explorer in Splunk Search 07-14-2017 0 3	0	3
How to find alerts and dashboards that were created a long time ago? Is there any way to find out the alerts and dashboards created like 5 months ago and with the respective user names? by kteng2024 Path Finder in Splunk Search 07-14-2017 0 1	0	1
How can I identify missing log inputs on Splunk Enterprise? I am trying to develop a search that can identify missing logs based on average of time between log entries for each ... by fcompagnari New Member in Splunk Search 07-14-2017 0 6	0	6
Extract value from fields that are named the same Here's some sample data: appName=test-application projectId=unknown projectName=My Test, id=123, projectId=12345abcd... by hippe21 Explorer in Splunk Search 07-14-2017 0 2	0	2
latest = earliest + 1day. in search query Hi, I am trying to filter my search results by specifying earliest and latest time in my search query. The earliest ... by snehasal Explorer in Splunk Search 07-14-2017 0 3	0	3
How to bucket sums of a multi-value array with values of another array? I have some logging being generated that aggregates values for a user in a comma-separated sequence, and has a second... by jpolson New Member in Splunk Search 07-14-2017 0 3	0	3
Grouping using extracted text Hi Team, I am trying to extract substring from the error log and generate the stats by grouping the extracted descri... by newbie2tech Communicator in Splunk Search 07-14-2017 0 11	0	11
Quick TimeChart Question \| timechart count \| timechart per_day(count) span=24h Can someone breakdown this for me as i am trying to figure out... by colinmchugo Explorer in Splunk Search 07-14-2017 0 6	0	6
get latest record based on custom time field I have a excel input having columns-> Id, UpdateTime, Desription, AssignedTo, StartTime having Values like Id ... by dsiob Communicator in Splunk Search 07-14-2017 0 3	0	3
How to add a column to a chart? I am trying to add a column to my current chart which has "Customers" as one column and "Users" as another. e.g. ... by andrewygray New Member in Splunk Search 07-14-2017 0 4	0	4
Timechart graph disappears after loading is complete Hi, Below is my query which shows be the growth of the database in a year index=db_connect source = "db2*.log" \|de... by sangs8788 Communicator in Splunk Search 07-14-2017 0 2	0	2
what is the maximum number of lines my search result can return ? for example : If i dont use " limit = 0 "it will return unlimited number of lines in search result but without using ... by dilipdwayne Engager in Splunk Search 07-14-2017 0 2	0	2
Trying to chart process over time unsuccessfully with CPU query Able to get the expected value running this query, however how would I plot this over time as a timechart? sourcetyp... by mightaswelby Explorer in Splunk Search 07-14-2017 0 4	0	4
Search Query consuming high memory utilization on indexers Hi, I am trying to find a list of search queries in a specific time frame that consumed high memory on the indexers.... by harshsri21 New Member in Splunk Search 07-14-2017 0 2	0	2
Query related to earliest & latest functions Hi All, I need help to figure out a query which give me a report based on time. I have tried out my hands with some ... by mdyunusraza Observer in Splunk Search 07-14-2017 0 4	0	4
How will I get second latest time after rex search? I am using the below rex command and then finding out the latest and earliest time . Search \|rex ".*execution.date=... by prateek_mishra New Member in Splunk Search 07-13-2017 0 4	0	4
How to extract substring from a string Hi Everyone, I have a string field that contains similar values as given below: String = This is the string (generic... by bagarwal Path Finder in Splunk Search 07-13-2017 0 3	0	3
How do I check if some servers are calling into splunk? Please what is the Splunk search command to find out if a Server is calling into Splunk. I am trying to find out the ... by egreg7 Engager in Splunk Search 07-13-2017 0 1	0	1