Splunk Search

Community Activity

Getting count of field instead of a list of them Hello, I am getting a stack of CVE field values, I just wanted to display the number of them (count). Here is my cod... by rkaakaty Path Finder in Splunk Search 06-22-2017 0 1	0	1
Timechart - Use with other time values in event not _time I currently have a feed that indexes fine, however within the message there are various other timestamps that I'd lik... by robwheeler Engager in Splunk Search 06-22-2017 0 1	0	1
Why do standard navigation menu items disappear on custom dashboards? In the latest versions of Splunk 6.2+, the navigation menu items disappear on any custom dashboard. Only the first "S... by greg Communicator in Splunk Search 06-22-2017 2 8	2	8
How to exclude condition from search depending on variable? Hi! On my dashboard there is the dropdown list. I want to exlude its token criteria from search query if default val... by yurykiselev Path Finder in Splunk Search 06-22-2017 0 3	0	3
how to search events with a common value Hi to all, I need to find if a user performs a login and a logout in 15 seconds performed by the same user (same coo... by andreac81 Explorer in Splunk Search 06-22-2017 0 8	0	8
regex for selecting all fields except specified fields Hi, Could you please help me to select all the fields except specified fields. My data is pipe separated. My Data:: ... by gvnd Path Finder in Splunk Search 06-22-2017 0 1	0	1
How to append the field by matching two different data source I have one Source =”ABC.csv” and a lookup “a_alert”. ABS.csv contains fields such as ID, Description (200 free chara... by ninadbhaskarwar Path Finder in Splunk Search 06-21-2017 0 6	0	6
how to do search median Hi Ihave a question this is input date item field_1 field_2 field_3 2016/01/01 x 1 ... by thomas22966710 New Member in Splunk Search 06-21-2017 0 3	0	3
earliest - latest question I'm a newby so forgive my ignorance with Splunk. I'm running this real time and only want it to run from 6:30am to 1... by kstanley New Member in Splunk Search 06-21-2017 0 4	0	4
How to generate an IIS search for how many transactions have hit a single server? New to Splunk and am having trouble writing a search that would tell me how many IIS transactions have hit a single s... by Curman New Member in Splunk Search 06-21-2017 0 4	0	4
Formatting axis lables on a time based chart I have a search that uses timechart to show a count of certain events per day for a one month period. Nothing fancy: ... by tsmithsplunk Path Finder in Splunk Search 06-21-2017 0 2	0	2
How do I troubleshoot why Splunk has stopped indexing data and searching "index=_internal" produces no results? Hi everyone, I have a big issue. Since Friday, my single node Splunk instance stopped indexing data. I was in the pr... by Federica_92 Communicator in Splunk Search 06-21-2017 0 9	0	9
Foreign key Hi! I have two indexes: patients and examination patients: \| id name \| gender \| date_of_birth \| examination: \| user_... by yurykiselev Path Finder in Splunk Search 06-21-2017 0 3	0	3
How to search in scheduled report Hi, Is it possible to search in a scheduled report? I scheduled a request in a report because this request takes som... by PaulDelcorde Engager in Splunk Search 06-21-2017 0 6	0	6
How do you combine two or more values from search results into one? I need to produce a report that shows average use of an app over a certain period of time. I noticed in the log the a... by igordon New Member in Splunk Search 06-21-2017 0 3	0	3
How to switch 2 strings in one field Hello, So basically I've got this field value : Refer to <A HREF='https://technet.microsoft.com/library/security/ms... by olivier120987 New Member in Splunk Search 06-21-2017 0 10	0	10
How can I check if the number of events in the last hour is greater than the second standard deviation of hourly occurrences over the last week? I am trying to determine if the number of Full GC events in the last hour is greater than the 2nd standard deviation ... by crisjnelson Explorer in Splunk Search 06-21-2017 0 4	0	4
why is eval function not working for calculated field but works when run as a search using two different source type My calculated field with the following eval function is not returning values round(if(svt_due_date=="null",sv_due_d... by LionelRubdi New Member in Splunk Search 06-21-2017 0 3	0	3
how to use rex command to rex out field starting from < and ending from > Hi Splunker, How would like to learn how can i rex out these fields names and i don't want to rex out startTimestam... by m7787580 Explorer in Splunk Search 06-21-2017 0 7	0	7
Unable to Extract Multiple values into a single feild ? Hi Everyone, I was unable to extract multiple Values into one feild from the the below Event data, Was trying to ext... by rakshithreddy Explorer in Splunk Search 06-20-2017 0 5	0	5
Extract json key as a column value for TOP command. I have a JSONs which have the following structure: { "fieldA": "valueA", "fieldB": "valueB", "fieldC": "valueC... by jasneet New Member in Splunk Search 06-20-2017 0 3	0	3
If a user adds a CSV input as lookup, is it the same as an administrator's ability to upload and "add data"? Will the search and results be the same if a user or power user adds a CSV file as a lookup file compared to the admi... by dxw350 Path Finder in Splunk Search 06-20-2017 0 2	0	2
How to group by a multivalue field within a group visualization? I'm able to get the data I'm looking for on the stats tab, but because there are multiple values for one of the colum... by tjago11 Communicator in Splunk Search 06-20-2017 0 6	0	6
Getting Time of last occurrence of a sbstring I have events like below in a log file- 06/18/2017 22:35:10,Message="Finished Cleanup" 06/18/2017 22:57:02,Message="... by siddharthmis Explorer in Splunk Search 06-20-2017 0 3	0	3
Reporting total scanned events in emailed search results After running a search the display above the time bar will show X amount of matching events, indicating the number of... by Akita881 New Member in Splunk Search 06-20-2017 0 5	0	5