Splunk Search

Community Activity

how to create new search term earliest and latest spesific time Hello, I was created new search term, but it not worked, my example; sourcetype=xxxxx earliest=01/01/2017 12:00:0... by byapici New Member in Splunk Search 06-30-2017 0 3	0	3
how to fetch all the events which are gerater than number for GC in my log Hi, How can we fetch all the occurence of GC which is greater than 300. we have some thing like below in logs. we w... by rajpalyalla Engager in Splunk Search 06-29-2017 0 7	0	7
How to edit the regular expression in my search to extract a field? Hi, I am trying to extract error message and error code from logs in Splunk. I can see 2 patterns of these- pattern... by KrutikaDe New Member in Splunk Search 06-29-2017 0 3	0	3
strftime() showing different time I converted my timeStampLight with strftime() but all my time was formatted to 31-12-9999 23:59:59 when I table time ... by wuming79 Path Finder in Splunk Search 06-29-2017 0 3	0	3
Regex Help Hi Team, Need your help with Regex to extract key value pairs. Below is sample event 2017-06-27 14:35:38.000 INFO ... by newbie2tech Communicator in Splunk Search 06-29-2017 0 2	0	2
i have a log file. i want to extract the words after "Instantiating" till dot.this will repeat many time in the log file and i want each in different row StpExfdsec Crsfseate 4 00fsdfsdggf93e1132:116fgsfs7575 2017-06-20 21:20:09 institat step definition 'Error maint... by DataOrg Builder in Splunk Search 06-29-2017 0 2	0	2
Regex help! Hello All, Need assistance in regex creation. I want to remove every thing before an character. Example: /REGISTR... by sumanssah Communicator in Splunk Search 06-29-2017 0 2	0	2
truncating and merge values I have a bunch of log error descriptions that have unique IDs at the end of the sentences "CC declined. 123" 1 "... by exocore123 Path Finder in Splunk Search 06-29-2017 0 11	0	11
how to do a stats count and generate all of the fields I'm trying to do a stats command to find a count of any value less than 2 counts and display all the other fields. I... by mrtolu6 Path Finder in Splunk Search 06-29-2017 0 1	0	1
Identify which dashboards are using inline searches I am looking out for a search query to fire on my search head: My intention is to find all the dashboards / reports ... by gagandeep_arora Path Finder in Splunk Search 06-29-2017 0 5	0	5
How to edit my search to do an eval match and if so, to plot a timechart? I am trying to plot a timechart with a the following index="ABC" cs_uri_stem = "XYZ" \| timechart eval( if(match(cs_... by howardroark Explorer in Splunk Search 06-29-2017 0 4	0	4
Why is my chart not displaying all field values? Hello, My chart for some reason, isn't displaying the value "high" and it has the high count at the bottom of the gr... by rkaakaty Path Finder in Splunk Search 06-29-2017 0 3	0	3
Matching dissimilar field titles with a Subsearch Background is that I'm trying to pull in LDAP full names in from one search, and match that to UID from another searc... by sheltomt Path Finder in Splunk Search 06-29-2017 0 7	0	7
How can I put fields from joined searches in a summary index? Hi folks; I have the following query that i use as a base search to feed a dashboard: index=app_caspectrum sourcety... by paimonsoror Builder in Splunk Search 06-29-2017 0 3	0	3
How do you sort columns within a column? For example Name Code Pool Name1 100 p1 57 p32 ... by psangli Explorer in Splunk Search 06-29-2017 0 3	0	3
how to show most recent value of "status" field for each server by group With log data as such: date_time server=server1 group=group1 status=statusA date_time server=server2 group=group1 st... by benjamincortega New Member in Splunk Search 06-29-2017 0 2	0	2
How to replace a field's contents based on their number? I'm trying to replace the contents of a field to the severity based on the number (I.E. 0 to 19 with Low, 20 to 39 wi... by GenericSplunkUs Path Finder in Splunk Search 06-29-2017 0 2	0	2
How to sort a string time format to show the latest time? Hi, I have a string date format that shows up when I do a search; what I did was did a field extraction and named th... by ewise1 New Member in Splunk Search 06-29-2017 0 10	0	10
Is there a way to divide the addcoltotals from each case statement in my search? Is there a way to divide the addcoltotals from each case statement in the following : eval daysclass=case( NoOfDays<... by jhayIV Engager in Splunk Search 06-29-2017 0 1	0	1
How to construct a log message containing session logs (open / close)? Hello, I want to build a log message that contains the logs of the same session: login loglog of logout And I want... by amir_thales Path Finder in Splunk Search 06-29-2017 0 16	0	16
Exclude value based on subsearch Hello, I want to exclude some values if that have the field SPAN_LOSS_MAX=50 between midnight to 7 a.m. This is my a... by ngerosa Path Finder in Splunk Search 06-29-2017 0 7	0	7
Search Query for comparing OS from live search and from lookup and showing the differences Hi All, I need to create a report for comparing OS versions of hosts from live search and from the lookup. Trying to... by harshsri21 New Member in Splunk Search 06-29-2017 0 1	0	1
In a search head cluster, how do I search users that have logged in the last 30 minutes, on what cluster member, and what kind of searches they are running? What setup is required and what will be the search so that I can find out, Who all have logged in to the system in t... by ronak Path Finder in Splunk Search 06-29-2017 0 6	0	6
Timechart vs. Chart (_time) to figure out bandwidth? When trying to figure out bandwidth, which search string makes more sense? \| eval MBs=(bytes*8/1024/1024) \| timecha... by albyva Communicator in Splunk Search 06-29-2017 1 3	1	3
Count as 1 value if TIMESTAMPs are consecutives Hello, I have this search string index="flap" DELTA_SPAN>= 3 \| eval TRATTA=NODO_A."->".NODO_Z \| stats count(TRATTA... by ngerosa Path Finder in Splunk Search 06-29-2017 0 7	0	7