Splunk Search

Community Activity

How to edit the base search for my dashboards? So I have a dashboard currently that runs 6 reports to build all of it's widgets. Basically 1 per widget. The issue i... by jbrierton New Member in Splunk Search 05-25-2017 0 5	0	5
overlay chart how to create a single chart with two values. one showing sum of requests in span=5m window and other showing request... by maniishpawar Path Finder in Splunk Search 05-25-2017 0 11	0	11
how to get current user's timezone in html Can you help me to get the timezone of current logged in user. I am able to get the username by below command, var c... by arcotdeepika Engager in Splunk Search 05-25-2017 0 4	0	4
UI:: How to open daterange :: calendar on load in timepicker How to open daterange calendar on load in timepicker. Instead of user click the accordion, how to open the calendar ... by arcotdeepika Engager in Splunk Search 05-25-2017 0 2	0	2
How to get timing data If I do index=whatever, I get something that looks like this: 2017-05-24T13:46:08Z\|pegawifiview1495761514\|8501114746... by Physiker New Member in Splunk Search 05-25-2017 0 3	0	3
How to edit my search to figure out average time tracking? Alright...new to Splunk and actually been figuring it out as I go along. The only problem I am having is I am trying... by rickyrivera1 New Member in Splunk Search 05-25-2017 0 3	0	3
How to make a chart overlay I'm trying to make a graph using a chart overlay, scenario is I want to put all the transactions with minutes to the ... by vino06 New Member in Splunk Search 05-25-2017 0 3	0	3
How to remove event that contain special characters only Hi Splunk Ninjas, Good Day. Just like to ask on how can I remove event that contain special character only, as sampl... by dantimola Communicator in Splunk Search 05-25-2017 0 1	0	1
How to get started with making a choropleth map using data within a CSV file? I went through documentation but not able to relate with my requirement. If someone is already in practice with maps,... by dsiob Communicator in Splunk Search 05-24-2017 0 3	0	3
How to get 3 different hours data Hello everyone, my search looks like this, base search \| reg " " \| \| bin _time as desired_times span=4h \| \| where _ti... by prathapkcsc Explorer in Splunk Search 05-24-2017 0 12	0	12
How to extract the fields in my raw event data at indexing time? Hi, How to extract the fields in the below Raw event using props.conf and transforms.conf 05/24/17 13:22:12 abcxyz... by kiran331 Builder in Splunk Search 05-24-2017 0 2	0	2
Search affinity for non-multisite cluster I have 2 locations, and not a ton of resources. Multisite clustering took too much -- it seems like I need at least 3... by oliverj Communicator in Splunk Search 05-24-2017 0 1	0	1
How to edit my stats search to display a bar chart? Hi I have a data with fields OS and Name. I need to show the count and values of OS for Each Name like on X-axis al... by kiran331 Builder in Splunk Search 05-24-2017 0 1	0	1
How to extract the month from date field in string? I have a date field in a string with the format as mn/day/year. I need to extract the month from the same. Can someon... by srinadh New Member in Splunk Search 05-24-2017 0 3	0	3
Is it is posible to use a variable in a regex of a field extraction ? Hi I would like to know if it is possible to use a variable in a regex extraction. ....\| eval snr=602 \| rex "(?<blab... by edrivera3 Builder in Splunk Search 05-24-2017 1 4	1	4
Strange message for SMS Alert Hi, I'm currently trying to implement SMS Alert for Splunk. I have a SMS Gateway server in my organisation and I'm us... by qiaojing Path Finder in Splunk Search 05-24-2017 0 9	0	9
Regex help! How to use the Regex to extract the first 2 words OR 3 words from below field values? OS: Windows 10 Enterprise Wind... by kiran331 Builder in Splunk Search 05-24-2017 0 10	0	10
How to use rex out the below text ? Full or partial cease : </strung></td> <td width="100%" galign="top" >Full< I would like to extract the below te... by m7787580 Explorer in Splunk Search 05-24-2017 0 17	0	17
Trying to extract the value of a field which occurs twice in one event. Regex maybe? I am hopeful someone has a suggestion for this reporting issue. I have an event generated by Microsoft SQL Audit, wh... by rob_gibson Path Finder in Splunk Search 05-24-2017 0 3	0	3
field rename help Hi, I am receiving the logs from McAfee Email gateway. In this log, there is a field name as "action" which has ven... by mustafag Path Finder in Splunk Search 05-24-2017 1 5	1	5
comparing events within same field and it should continues We need to find out the Ids along with DispatchTime which are not dispatched in correct sequence. ID ... by srinivasup Explorer in Splunk Search 05-24-2017 0 4	0	4
working with timestamps and need to pull the records which are matching conditions I wrote a Splunk search and it's giving my expected results: index=main sourcetype="log" \| rename SERVICE_ID AS SUB... by srinivasup Explorer in Splunk Search 05-24-2017 0 6	0	6
How to reconcile a field in two different sourcetypes? My use case is: There is sourcetype1, which has tradeID field; also sourcetype2, which also has tradeID field. I thi... by leonjxtan Path Finder in Splunk Search 05-24-2017 0 6	0	6
How can I view and search multiple indexes from dashboards I have a dashboard that lists/groups recently updated dashboards and I just wanted to know if there was a way to also... by eyaluodba Path Finder in Splunk Search 05-23-2017 0 4	0	4
timechart function issue Hi everyone, my query look like this base search \| reg " " \| \| bin _time as desired_times span=4h \| table _time se... by prathapkcsc Explorer in Splunk Search 05-23-2017 0 4	0	4