Splunk Search

Community Activity

working with timestamps and need to pull the records which are matching conditions I wrote a Splunk search and it's giving my expected results: index=main sourcetype="log" \| rename SERVICE_ID AS SUB... by srinivasup Explorer in Splunk Search 05-24-2017 0 6	0	6
How to reconcile a field in two different sourcetypes? My use case is: There is sourcetype1, which has tradeID field; also sourcetype2, which also has tradeID field. I thi... by leonjxtan Path Finder in Splunk Search 05-24-2017 0 6	0	6
How can I view and search multiple indexes from dashboards I have a dashboard that lists/groups recently updated dashboards and I just wanted to know if there was a way to also... by eyaluodba Path Finder in Splunk Search 05-23-2017 0 4	0	4
timechart function issue Hi everyone, my query look like this base search \| reg " " \| \| bin _time as desired_times span=4h \| table _time se... by prathapkcsc Explorer in Splunk Search 05-23-2017 0 4	0	4
How to display a chart with search jobs and the time range within they run? I have some jobs, which have some time frame to run. Every job belongs to some track. My purpose is to plot Track vs ... by rvisj New Member in Splunk Search 05-23-2017 0 8	0	8
Finding a field value that is available in sourcetype2 but not available in sourcetype1 Hi, I would like to find a field value of a field (Email_Address) that is available in only sourcetype2 and not avai... by santosh_hb Explorer in Splunk Search 05-23-2017 0 9	0	9
How expand two related mutli value fields ? Hi, I'm trying to analyze some data that contains two related multi value fields that i want to expand. What i have ... by fbotte New Member in Splunk Search 05-23-2017 0 2	0	2
How to make a field extraction for my sample data? I want to make a field extraction by the name of Action to show this whole text ,'update ggsourceadmin.monitor set OR... by ewise1 New Member in Splunk Search 05-23-2017 0 2	0	2
How do I make a couple of indices in one table? Is it possible to have two different indices and have results in a single table? The Indices are... index=_internal ... by eyaluodba Path Finder in Splunk Search 05-23-2017 0 4	0	4
How to find RSA connection failures for a user? I need a script that will find rsa connection failures for a user by aarnelson New Member in Splunk Search 05-23-2017 0 1	0	1
Is it possible to count the number of times a field occurs within a transaction? Is it possible to get the number of times a Field occurs within an event? I've read posts on how to arrive at unique... by popdeluxe New Member in Splunk Search 05-23-2017 0 5	0	5
How to edit my search to find the counts for "heap dump" and "java core" fields by host? trying to list Heapdump and javacore counts across multiple hosts Splunk search host=A OR host=B OR host=C OR host=... by harishnpandey Explorer in Splunk Search 05-23-2017 0 3	0	3
Multiple queries to extract one value I eventually have to find out the 'N-' value. When I do this manually, I have to do it like this: Query: index="prod... by rh417692 Path Finder in Splunk Search 05-23-2017 0 18	0	18
Splunk DNS Resolution: How to get IPs resolve to host names? Hello all. I am trying to complete something that should be easy. I wish to have IPs resolve to host names in the S... by bowmanja New Member in Splunk Search 05-23-2017 0 3	0	3
How to create a dashboard that lists recently updated dashboards? my team has a lot of dashboards and I want to create a simple code for another one that groups and lists some of the ... by eyaluodba Path Finder in Splunk Search 05-23-2017 0 13	0	13
For all occurences, get the duration of a value dropping below a threshhold I have events that show signal strength. What I want to do is determine the start_time, end_time and duration of any ... by jpass Contributor in Splunk Search 05-23-2017 0 2	0	2
How to calculate changes over multiple column I have the following output from my base search: It shows accumulative value for each sampling time for each inter... by jgcsco Path Finder in Splunk Search 05-23-2017 0 1	0	1
I am trying to show VPN connection times with the time of day I am trying to show how long someone has been connected to the VPN for the last X days. There is an action field with... by justinearly New Member in Splunk Search 05-23-2017 0 8	0	8
Why search slows down drastically after error "Events may not be returned in sub-second order due to search memory limits"? Hi folks, It seems that some searches take an inordinately long time. My search is pretty simple: index=McAfee cef_... by jravida Communicator in Splunk Search 05-23-2017 2 4	2	4
Changing an app's name on Search Head Cluster When changing an app's name via the Splunk web interface ('Manage Apps' > 'Edit Properties'), the app's name is only ... by niek33 Engager in Splunk Search 05-23-2017 0 2	0	2
Chart using span logs does not show the columns in range order Hello, I am trying to chart some response time and wanted to use the log span as: index=myIndex "time_value" \| chart... by srenou New Member in Splunk Search 05-23-2017 0 8	0	8
How to display specific fields in statistics? References to tutorial http://docs.splunk.com/Documentation/Splunk/6.5.3/SearchTutorial/Searchwithfieldlookups, sour... by wuming79 Path Finder in Splunk Search 05-23-2017 0 3	0	3
How to split multiple values in a column and make into row I have the following search result which has multiple values in a cell: I would like to format the result into the... by jgcsco Path Finder in Splunk Search 05-22-2017 1 4	1	4
Trying to use subsearch to filter records Looking at event data to run some eval commands... specifically on records with any "Status" value. Then once I get t... by joesrepsol Path Finder in Splunk Search 05-22-2017 0 1	0	1
How to generate a search that counts specific strings that occur in _raw data? I have raw data events that contain the words "Request" or "Response" or "Offer". Each event will contain only one o... by riotto Path Finder in Splunk Search 05-22-2017 0 5	0	5