Splunk Search

Community Activity

	what does status=200 mean? Hi, please explain, what is the function of 'status'? why we use status? what's its function?what does it do? what d... by Akshay2Patil Engager in Splunk Search 05-29-2017 0 3	0	3
	Filter Multiple Event Results Into A Single Value I would like to return the value of a string only once even if it shows up multiple times in splunk. For example: "r... by dunsha New Member in Splunk Search 05-29-2017 0 3	0	3
	Combine two record sets where a distinct value matches (without using join) I have a search that generates two distinct types of record entries (searching for "for event"): 2015-05-05 for eve... by chinchin96 New Member in Splunk Search 05-29-2017 0 8	0	8
	multi field in different rows Hi at all, I'm ingesting many csv where there are a variable number of columns. some of this columns have name "ser... by gcusello SplunkTrust in Splunk Search 05-29-2017 0 4	0	4
	Display data on single bar line in chart I have some records in csv, each record has a column 'payment method'. I have to count by 'payment method' and the re... by rvisj New Member in Splunk Search 05-29-2017 0 5	0	5
	How to use evaluate function across multiple multivalue fields Hi, I am trying to create an anomaly detector for unusually high thruputs across all sourcetypes in my Splunk intern... by mngeow Engager in Splunk Search 05-29-2017 0 1	0	1
	Convert JSON to table I tried looking up for a solution and went through almost all suggestions. None worked for me. I have the following j... by splunk_skr Explorer in Splunk Search 05-29-2017 0 4	0	4
	How to split event into multiple rows in a table? Hello everyone, I'm trying to get an analysis of an process log file. The logfile contains an event for every ended ... by mihenn Path Finder in Splunk Search 05-29-2017 0 3	0	3
	Using regex to extract word after semicolons Hi I am attempt to extra host names from logs they always appear after the 4th semicolon : E.g. I want the extra t... by TCK101 New Member in Splunk Search 05-29-2017 0 2	0	2
	How to determine if logs are not being used? Is there a way to determine which logs are not being used anymore, and therefore can be deleted? For example, maybe ... by JimSchlaker New Member in Splunk Search 05-27-2017 0 4	0	4
	Why does my summary search not produce any results? Hi to all, I have a summary search that doesn't produce results, if I copy and paste the same search in "search & re... by andreac81 Explorer in Splunk Search 05-27-2017 0 4	0	4
	How to append search results multiple times based on change in particular field value Hi, I want to something like - append [Query-2] by clause Situation is I have a result set from query-1 and query-... by sunilpanda023 Path Finder in Splunk Search 05-27-2017 0 2	0	2
	Is it possible to search Splunk for list of concurrent searches usage over time? Hello, is it possible to search Splunk for list of concurrent searches usage over time by searching internal log? S... by Motoko89 Path Finder in Splunk Search 05-26-2017 0 3	0	3
	SPlunk Searches slow Hello, I am facing challenges to search query in SPlunk 6.4.1 environment But Splunk Performance is very slow. We ha... by sahils New Member in Splunk Search 05-26-2017 0 15	0	15
	Manage alert threshold and rows returned all within the custom condition in the alert This kind of spiraled as I was helping a coworker with an alert they had all the duration and times hardcoded in the ... by Cuyose Builder in Splunk Search 05-26-2017 0 4	0	4
	Search event format in Splunk Suppose I have a log file having 11 lines like below having two line same as in G: A B C G D E F G H I J Now in Splu... by loveforsplunk Explorer in Splunk Search 05-26-2017 0 2	0	2
	How to use rex to extract the values? I want to make a table that shows ACTION, DATABASE USER, PRIVILEGE, CLIENT USER and DBID; I want the value between '... by ewise1 New Member in Splunk Search 05-26-2017 0 3	0	3
	Replacing part of string when it's equal to a field value Hi! I have fields myfield and name which contains text of an email going like this: Example1: myfield="From: Smith, ... by mszopa Explorer in Splunk Search 05-26-2017 0 9	0	9
	Can I add events to a transaction? I have a transaction based on a bunch of events from a common source with a common transaction ID, something like \|"... by MonkeyK Builder in Splunk Search 05-26-2017 0 8	0	8
	How to edit my regex to replace a number 0-9? Hi Team, I have requirement, where I need to replace a series of numbers with something like this a/b/c/123456 with ... by smaran06 Path Finder in Splunk Search 05-26-2017 0 9	0	9
	question on search query Looking for a single result that includes both values of clicked link then added up in a total column search... \| ev... by roayers Explorer in Splunk Search 05-26-2017 0 5	0	5
	Why am I getting error "Unknown search command 'sourcetype'" using a subsearch in a where command? I want to do something like the below command but it is giving me an error. sourcetype=SplunkKafka_messaging \| spath... by maximus_reborn Path Finder in Splunk Search 05-26-2017 0 6	0	6
	How to create splunk search for common filed/value across the multiple servers? Hello All, I am trying to build search for common value across multiple host. For example , i have a common field ca... by agarwal_sumit New Member in Splunk Search 05-26-2017 0 2	0	2
	How to get timestamp of the beginning event in the stats count by sourcetype=priorityEvents \| rex field=_raw "User\sID\s(?<user_id>.\d{0,8}+)" \| stats count by user_id \| where count ... by ibob0304 Communicator in Splunk Search 05-26-2017 0 1	0	1
	How to extract content between two strings? Hi Team, I have an error message coming up in Splunk like below. The required log message will come in the middle of... by senthamilselvan Engager in Splunk Search 05-26-2017 0 5	0	5