Splunk Search

Community Activity

	How does Splunk check for server ulimit values? We have multisite indexer cluster: two sites, 4 indexers per site (Splunk v. 6.5.3) Few months ago, following Splunk'... by mlevsh Builder in Splunk Search 06-30-2017 0 1	0	1
	How to edit my search to match indexes ending with a set of values? Hi I have a search that needs to search in several indexes ending with several words, ex: index=stuff-xxx or index=... by ribeiror Engager in Splunk Search 06-30-2017 0 4	0	4
	Hunk search stalls and never finishes Hello we are using Hunk and when we just run a query such as: index=foo sourcetype=bar we get the results easily But... by EricLloyd79 Builder in Splunk Search 06-30-2017 0 2	0	2
	Foreach for multivalue variable Hi! _time \| id \| exam_type \| avg_reaction_time Patients pass several types of exams (exam_a, exam_b, exam_c...). E... by yurykiselev Path Finder in Splunk Search 06-30-2017 0 4	0	4
	Hi! I would like to create a field extraction of a multi-valued field. This is a typical relevant line from logs: [28/Jun/2017:07:26:04 -0400] conn=9354 op=7 msgId=8 - SRCH base="o=compan... by kisfoldik Explorer in Splunk Search 06-30-2017 0 11	0	11
	Data Model Query tstats Dear Experts, Request you help to convert this below query into tstats query. index=network_proxy category="Persona... by sumitkathpal Explorer in Splunk Search 06-30-2017 0 1	0	1
	how to create new search term earliest and latest spesific time Hello, I was created new search term, but it not worked, my example; sourcetype=xxxxx earliest=01/01/2017 12:00:0... by byapici New Member in Splunk Search 06-30-2017 0 3	0	3
	how to fetch all the events which are gerater than number for GC in my log Hi, How can we fetch all the occurence of GC which is greater than 300. we have some thing like below in logs. we w... by rajpalyalla Engager in Splunk Search 06-29-2017 0 7	0	7
	How to edit the regular expression in my search to extract a field? Hi, I am trying to extract error message and error code from logs in Splunk. I can see 2 patterns of these- pattern... by KrutikaDe New Member in Splunk Search 06-29-2017 0 3	0	3
	strftime() showing different time I converted my timeStampLight with strftime() but all my time was formatted to 31-12-9999 23:59:59 when I table time ... by wuming79 Path Finder in Splunk Search 06-29-2017 0 3	0	3
	Regex Help Hi Team, Need your help with Regex to extract key value pairs. Below is sample event 2017-06-27 14:35:38.000 INFO ... by newbie2tech Communicator in Splunk Search 06-29-2017 0 2	0	2
	i have a log file. i want to extract the words after "Instantiating" till dot.this will repeat many time in the log file and i want each in different row StpExfdsec Crsfseate 4 00fsdfsdggf93e1132:116fgsfs7575 2017-06-20 21:20:09 institat step definition 'Error maint... by DataOrg Builder in Splunk Search 06-29-2017 0 2	0	2
	Regex help! Hello All, Need assistance in regex creation. I want to remove every thing before an character. Example: /REGISTR... by sumanssah Communicator in Splunk Search 06-29-2017 0 2	0	2
	truncating and merge values I have a bunch of log error descriptions that have unique IDs at the end of the sentences "CC declined. 123" 1 "... by exocore123 Path Finder in Splunk Search 06-29-2017 0 11	0	11
	how to do a stats count and generate all of the fields I'm trying to do a stats command to find a count of any value less than 2 counts and display all the other fields. I... by mrtolu6 Path Finder in Splunk Search 06-29-2017 0 1	0	1
	Identify which dashboards are using inline searches I am looking out for a search query to fire on my search head: My intention is to find all the dashboards / reports ... by gagandeep_arora Path Finder in Splunk Search 06-29-2017 0 5	0	5
	How to edit my search to do an eval match and if so, to plot a timechart? I am trying to plot a timechart with a the following index="ABC" cs_uri_stem = "XYZ" \| timechart eval( if(match(cs_... by howardroark Explorer in Splunk Search 06-29-2017 0 4	0	4
	Why is my chart not displaying all field values? Hello, My chart for some reason, isn't displaying the value "high" and it has the high count at the bottom of the gr... by rkaakaty Path Finder in Splunk Search 06-29-2017 0 3	0	3
	Matching dissimilar field titles with a Subsearch Background is that I'm trying to pull in LDAP full names in from one search, and match that to UID from another searc... by sheltomt Path Finder in Splunk Search 06-29-2017 0 7	0	7
	How can I put fields from joined searches in a summary index? Hi folks; I have the following query that i use as a base search to feed a dashboard: index=app_caspectrum sourcety... by paimonsoror Builder in Splunk Search 06-29-2017 0 3	0	3
	How do you sort columns within a column? For example Name Code Pool Name1 100 p1 57 p32 ... by psangli Explorer in Splunk Search 06-29-2017 0 3	0	3
	how to show most recent value of "status" field for each server by group With log data as such: date_time server=server1 group=group1 status=statusA date_time server=server2 group=group1 st... by benjamincortega New Member in Splunk Search 06-29-2017 0 2	0	2
	How to replace a field's contents based on their number? I'm trying to replace the contents of a field to the severity based on the number (I.E. 0 to 19 with Low, 20 to 39 wi... by GenericSplunkUs Path Finder in Splunk Search 06-29-2017 0 2	0	2
	How to sort a string time format to show the latest time? Hi, I have a string date format that shows up when I do a search; what I did was did a field extraction and named th... by ewise1 New Member in Splunk Search 06-29-2017 0 10	0	10
	Is there a way to divide the addcoltotals from each case statement in my search? Is there a way to divide the addcoltotals from each case statement in the following : eval daysclass=case( NoOfDays<... by jhayIV Engager in Splunk Search 06-29-2017 0 1	0	1