Splunk Search

Community Activity

I Want to split the results by hour and server Hi all, We have data coming from 2 diferent servers and would like to get the count of users on each server by hour.... by leandrot Explorer in Splunk Search 07-03-2017 0 10	0	10
'Error in 'search' command: Unable to parse the search: Comparator '>' is missing a term on the left hand side' Hi, I am getting the below error 'Error in 'search' command: Unable to parse the search: Comparator '>' is miss... by prathapkcsc Explorer in Splunk Search 07-03-2017 0 7	0	7
How to Use Regex and filter out the GET logs Hi , We want to filter the data using REGEX in props.conf and tansforms.conf but still the data is coming into Splun... by anandhalagarasa Path Finder in Splunk Search 07-03-2017 0 3	0	3
How do I search for Day/Time with least amount of events? I want to find out which day of the week and time range has the least amount of traffic during the past 30 days durin... by bamalone New Member in Splunk Search 07-03-2017 0 1	0	1
Set wildcard lookup match without access to transforms.conf Hey all, I'm wondering if there is a way to set wildcard matches without needing access to transforms.conf. Here is ... by bruceclarke Contributor in Splunk Search 07-03-2017 2 4	2	4
Disabling the effect of wildcard in a Query Hi All , I have this query : index=no host=los* sourcetype= plp ( path=/desktop /pl/* ) OR ( path=/mobile/pl/* ... by shabdadev Engager in Splunk Search 07-03-2017 0 7	0	7
how to set earliest and latest for custom time I have to set earliest to @d for the custom time stamp query.. \| dedup EMPLOYEE_ID \|fields EMPLOYEE_ID STORE_NUMBER ... by k_harini Communicator in Splunk Search 07-03-2017 0 2	0	2
How to always display last (summary) row in table? I have a list of results in a table that spans on different pages. first page Col 1 Col2 Summar... by dehtallyutedeh Explorer in Splunk Search 07-02-2017 1 2	1	2
Listing a field where another specified field has changed? Hello Splunk Answers! Excuse the rookie question. I have a splunk instance that is consuming data with events that l... by a2368026 New Member in Splunk Search 07-01-2017 0 1	0	1
Eval variable doesnt work when trying to search for results Hi I'm new to Splunk and was wondering why this command does not work, and if there is a way to fix it. I would like... by chaninphx Path Finder in Splunk Search 07-01-2017 0 5	0	5
how to append original search result with the table "number of scan:" \| convert timeformat="%Y-%m-%d" ctime(_time) AS date \| table source, date, Event there is no eve... by cyberportnoc Explorer in Splunk Search 07-01-2017 0 3	0	3
How to update a search after setting token value? Hi, I'm very new to Splunk. I'm trying to implement a reset button that will update the token value text_name to hav... by chaninphx Path Finder in Splunk Search 06-30-2017 0 2	0	2
Why is my Lookup table returning both matching and unmatched data corresponding to events? Hi , I am new to Splunk, but trying to get better. I want to hit the lookup against my events in such a way that ... by nishantmishra21 Engager in Splunk Search 06-30-2017 0 4	0	4
optimize corrolation coalesce searches I'm trying to understand if there is a way to improve search time. I am corrolating fields from 2 or 3 indexes where... by pmeyerson Path Finder in Splunk Search 06-30-2017 0 12	0	12
How does Splunk check for server ulimit values? We have multisite indexer cluster: two sites, 4 indexers per site (Splunk v. 6.5.3) Few months ago, following Splunk'... by mlevsh Builder in Splunk Search 06-30-2017 0 1	0	1
How to edit my search to match indexes ending with a set of values? Hi I have a search that needs to search in several indexes ending with several words, ex: index=stuff-xxx or index=... by ribeiror Engager in Splunk Search 06-30-2017 0 4	0	4
Hunk search stalls and never finishes Hello we are using Hunk and when we just run a query such as: index=foo sourcetype=bar we get the results easily But... by EricLloyd79 Builder in Splunk Search 06-30-2017 0 2	0	2
Foreach for multivalue variable Hi! _time \| id \| exam_type \| avg_reaction_time Patients pass several types of exams (exam_a, exam_b, exam_c...). E... by yurykiselev Path Finder in Splunk Search 06-30-2017 0 4	0	4
Hi! I would like to create a field extraction of a multi-valued field. This is a typical relevant line from logs: [28/Jun/2017:07:26:04 -0400] conn=9354 op=7 msgId=8 - SRCH base="o=compan... by kisfoldik Explorer in Splunk Search 06-30-2017 0 11	0	11
Data Model Query tstats Dear Experts, Request you help to convert this below query into tstats query. index=network_proxy category="Persona... by sumitkathpal Explorer in Splunk Search 06-30-2017 0 1	0	1
how to create new search term earliest and latest spesific time Hello, I was created new search term, but it not worked, my example; sourcetype=xxxxx earliest=01/01/2017 12:00:0... by byapici New Member in Splunk Search 06-30-2017 0 3	0	3
how to fetch all the events which are gerater than number for GC in my log Hi, How can we fetch all the occurence of GC which is greater than 300. we have some thing like below in logs. we w... by rajpalyalla Engager in Splunk Search 06-29-2017 0 7	0	7
How to edit the regular expression in my search to extract a field? Hi, I am trying to extract error message and error code from logs in Splunk. I can see 2 patterns of these- pattern... by KrutikaDe New Member in Splunk Search 06-29-2017 0 3	0	3
strftime() showing different time I converted my timeStampLight with strftime() but all my time was formatted to 31-12-9999 23:59:59 when I table time ... by wuming79 Path Finder in Splunk Search 06-29-2017 0 3	0	3
Regex Help Hi Team, Need your help with Regex to extract key value pairs. Below is sample event 2017-06-27 14:35:38.000 INFO ... by newbie2tech Communicator in Splunk Search 06-29-2017 0 2	0	2