Splunk Search

Community Activity

How to generate a regex to find text and values greater than or equal to 2000001? Hi , I have in my log like {"name":"liquid-networth","value":"2000001"} I need to get all value which is greater t... by kalais New Member in Splunk Search 05-31-2017 0 2	0	2
Is there a way to use default.meta to lock down write access to field extractions? We are considering locking down access to share field extractions. Is anyone aware of a way to do this easily? We... by the_wolverine Champion in Splunk Search 05-31-2017 0 2	0	2
Regex searching using a csv list vs inline RegEx My search results return a list of FQDN domain names. I need to replace that domain name with an app name when a port... by justinbarta Explorer in Splunk Search 05-31-2017 0 2	0	2
Is it possible to set a variable as the x-axis in a table? Hello, I don't specifically have anything down yet, I was just wondering if it would be possible to set a variable ... by kinda Engager in Splunk Search 05-31-2017 0 8	0	8
Daily Report for Windows Security Logs What would be the best search string for to do a Daily Report For Windows Security Logs for a 24 hour period? Is th... by paraspiral New Member in Splunk Search 05-31-2017 0 2	0	2
How do I modify the label for x-axis? I have a lookup table similar to the following: Week Status Number 13 May 17 ... by reswob4 Builder in Splunk Search 05-31-2017 0 3	0	3
How to edit my search to return a chart which counts failed and successful service executions and group by service name? Hey Splunk community. i want to create a search that returns a chart which counts the failed and successful service ... by martingawantka New Member in Splunk Search 05-31-2017 0 9	0	9
How to write a search for continuous day count? I have a scenario that when i write a search, i will get count for each day. But if there is no count that day, the r... by srinivasup Explorer in Splunk Search 05-31-2017 0 19	0	19
Search a keyword in log file I have a log file with suppose keyword "Completed". Now first thing I want to do in the search is , search for this ... by loveforsplunk Explorer in Splunk Search 05-31-2017 0 10	0	10
How to convert the date which is in text format (YYYY-MM-DD HH:MM:SS) to a new field called "month_name" (MMM) Hello, I have a field name called "opened_at" where the date in this field is in text format (YYYY-MM-DD HH:MM:SS). ... by tejasbharadwaj New Member in Splunk Search 05-31-2017 0 3	0	3
limit timechart average values to two places I'm attempting to look at average free memory in GB on a number of servers (named server01, server02, etc) over time.... by dang Path Finder in Splunk Search 05-31-2017 0 4	0	4
Tracking failed logins followed by successful logins using the transaction command, how can I make the search more efficient? I've been fooling around with the transaction command as I try and track failed logins followed by successful logins ... by jwalzerpitt Influencer in Splunk Search 05-31-2017 0 5	0	5
Ignore Empty valued bars in Bar Chart I have a report which shows top 3 errors by month,error. i am trying to plot this on a bar chart (Not timechart), so ... by harish_ka Communicator in Splunk Search 05-30-2017 0 5	0	5
calculating ratio of fields, grouping and plotting over time - cannot handle 'no results' searches Hi All, We are using splunk to periodically index (every 5 mins) some CSV files containing the following type of data... by sirsyedian New Member in Splunk Search 05-30-2017 0 4	0	4
How can I go geoip lookup and plot data on splunk 6 native map? Hi, I have been using Google Map app mainly for lookup the locations of ipaddress. With Splunk6, I can use native ma... by melonman Motivator in Splunk Search 05-30-2017 1 5	1	5
Keep Greatest 5 Counts by Date I'm counting exceptions over a 24 hour period. My search looks like this: index=exceptionsindex \| bin _time span=2... by ErikaE Communicator in Splunk Search 05-30-2017 0 8	0	8
Urldecode _raw at index time Hi, I am aware that it can be done at search-time via props.conf: [sourcetype] EVAL-_raw = urldecode(_raw) Is it po... by Ant1D Motivator in Splunk Search 05-30-2017 0 2	0	2
How to edit my search to find percentage of duplicate events? Hey Folks, Any suggestions on how to report on the total percent of my events that are duplicates? I can find my du... by RocIngersol Explorer in Splunk Search 05-30-2017 0 1	0	1
How to generate a search to find delta between totals from yesterday and today? I have a log for a documents database. It gives me a daily report of total documents in each collection (each collect... by feickertmd Communicator in Splunk Search 05-30-2017 0 2	0	2
what command will remove status the field from the returned events what command is used to remove the status field from the returned events by scs1960 New Member in Splunk Search 05-30-2017 0 3	0	3
Seeing duplicate events in Search Results ? I have a source as ///application.log in my inputs.conf.On the servers the application.log will be rolled when it fil... by arunsony New Member in Splunk Search 05-30-2017 0 23	0	23
Duplicate rex field extraction results In my log files there is a field (path = info.message) that has a certain string. I want to extract a part of that st... by funghorn Explorer in Splunk Search 05-30-2017 0 5	0	5
Rename values extracted into field Can you rename values extracted into fields? Example - Here is a field i have called "filename" and some examples of... by gnovak Builder in Splunk Search 05-30-2017 1 8	1	8
How many CPU cores required for handling concurrent searches no . of search head -1 (8 cores) no. of indexers - 4 (24-cores each) So, my system-wide concurrent searches limit i... by splunker12er Motivator in Splunk Search 05-30-2017 0 2	0	2
Calculations on fields with multiplier abbriviations Any ideas on how to handle this - I am imaging a horrible if/string statement, but any other ideas? i have a field "... by nickhills Ultra Champion in Splunk Search 05-30-2017 0 7	0	7