Splunk Search

Community Activity

Resources used by each saved search Hi. I wanted to find out if Splunk is able to show the CPU and memory usages from each savedsearch. Thanks. by splunkrocks2014 Communicator in Splunk Search 06-22-2017 0 4	0	4
Any way to align a long field value? When I insert my search query, both fields solution, and description, are displayed in a very long string, where the ... by rkaakaty Path Finder in Splunk Search 06-22-2017 0 3	0	3
How to reduce the cisco ASA logs using regex? Hi, Is there a way to ignore a event containing the message before indexing using regex in props.conf and transforms... by kiran331 Builder in Splunk Search 06-22-2017 0 10	0	10
static set of values for query Hi How can I pass a static set of values to the query. For example an array of computer names to a query that list a... by maniishpawar Path Finder in Splunk Search 06-22-2017 0 8	0	8
Getting count of field instead of a list of them Hello, I am getting a stack of CVE field values, I just wanted to display the number of them (count). Here is my cod... by rkaakaty Path Finder in Splunk Search 06-22-2017 0 1	0	1
Timechart - Use with other time values in event not _time I currently have a feed that indexes fine, however within the message there are various other timestamps that I'd lik... by robwheeler Engager in Splunk Search 06-22-2017 0 1	0	1
Why do standard navigation menu items disappear on custom dashboards? In the latest versions of Splunk 6.2+, the navigation menu items disappear on any custom dashboard. Only the first "S... by greg Communicator in Splunk Search 06-22-2017 2 8	2	8
How to exclude condition from search depending on variable? Hi! On my dashboard there is the dropdown list. I want to exlude its token criteria from search query if default val... by yurykiselev Path Finder in Splunk Search 06-22-2017 0 3	0	3
how to search events with a common value Hi to all, I need to find if a user performs a login and a logout in 15 seconds performed by the same user (same coo... by andreac81 Explorer in Splunk Search 06-22-2017 0 8	0	8
regex for selecting all fields except specified fields Hi, Could you please help me to select all the fields except specified fields. My data is pipe separated. My Data:: ... by gvnd Path Finder in Splunk Search 06-22-2017 0 1	0	1
How to append the field by matching two different data source I have one Source =”ABC.csv” and a lookup “a_alert”. ABS.csv contains fields such as ID, Description (200 free chara... by ninadbhaskarwar Path Finder in Splunk Search 06-21-2017 0 6	0	6
how to do search median Hi Ihave a question this is input date item field_1 field_2 field_3 2016/01/01 x 1 ... by thomas22966710 New Member in Splunk Search 06-21-2017 0 3	0	3
earliest - latest question I'm a newby so forgive my ignorance with Splunk. I'm running this real time and only want it to run from 6:30am to 1... by kstanley New Member in Splunk Search 06-21-2017 0 4	0	4
How to generate an IIS search for how many transactions have hit a single server? New to Splunk and am having trouble writing a search that would tell me how many IIS transactions have hit a single s... by Curman New Member in Splunk Search 06-21-2017 0 4	0	4
Formatting axis lables on a time based chart I have a search that uses timechart to show a count of certain events per day for a one month period. Nothing fancy: ... by tsmithsplunk Path Finder in Splunk Search 06-21-2017 0 2	0	2
How do I troubleshoot why Splunk has stopped indexing data and searching "index=_internal" produces no results? Hi everyone, I have a big issue. Since Friday, my single node Splunk instance stopped indexing data. I was in the pr... by Federica_92 Communicator in Splunk Search 06-21-2017 0 9	0	9
Foreign key Hi! I have two indexes: patients and examination patients: \| id name \| gender \| date_of_birth \| examination: \| user_... by yurykiselev Path Finder in Splunk Search 06-21-2017 0 3	0	3
How to search in scheduled report Hi, Is it possible to search in a scheduled report? I scheduled a request in a report because this request takes som... by PaulDelcorde Engager in Splunk Search 06-21-2017 0 6	0	6
How do you combine two or more values from search results into one? I need to produce a report that shows average use of an app over a certain period of time. I noticed in the log the a... by igordon New Member in Splunk Search 06-21-2017 0 3	0	3
How to switch 2 strings in one field Hello, So basically I've got this field value : Refer to <A HREF='https://technet.microsoft.com/library/security/ms... by olivier120987 New Member in Splunk Search 06-21-2017 0 10	0	10
How can I check if the number of events in the last hour is greater than the second standard deviation of hourly occurrences over the last week? I am trying to determine if the number of Full GC events in the last hour is greater than the 2nd standard deviation ... by crisjnelson Explorer in Splunk Search 06-21-2017 0 4	0	4
why is eval function not working for calculated field but works when run as a search using two different source type My calculated field with the following eval function is not returning values round(if(svt_due_date=="null",sv_due_d... by LionelRubdi New Member in Splunk Search 06-21-2017 0 3	0	3
how to use rex command to rex out field starting from < and ending from > Hi Splunker, How would like to learn how can i rex out these fields names and i don't want to rex out startTimestam... by m7787580 Explorer in Splunk Search 06-21-2017 0 7	0	7
Unable to Extract Multiple values into a single feild ? Hi Everyone, I was unable to extract multiple Values into one feild from the the below Event data, Was trying to ext... by rakshithreddy Explorer in Splunk Search 06-20-2017 0 5	0	5
Extract json key as a column value for TOP command. I have a JSONs which have the following structure: { "fieldA": "valueA", "fieldB": "valueB", "fieldC": "valueC... by jasneet New Member in Splunk Search 06-20-2017 0 3	0	3