Splunk Search

Community Activity

Why am I getting error "Unknown search command 'sourcetype'" using a subsearch in a where command? I want to do something like the below command but it is giving me an error. sourcetype=SplunkKafka_messaging \| spath... by maximus_reborn Path Finder in Splunk Search 05-26-2017 0 6	0	6
How to create splunk search for common filed/value across the multiple servers? Hello All, I am trying to build search for common value across multiple host. For example , i have a common field ca... by agarwal_sumit New Member in Splunk Search 05-26-2017 0 2	0	2
How to get timestamp of the beginning event in the stats count by sourcetype=priorityEvents \| rex field=_raw "User\sID\s(?<user_id>.\d{0,8}+)" \| stats count by user_id \| where count ... by ibob0304 Communicator in Splunk Search 05-26-2017 0 1	0	1
How to extract content between two strings? Hi Team, I have an error message coming up in Splunk like below. The required log message will come in the middle of... by senthamilselvan Engager in Splunk Search 05-26-2017 0 5	0	5
MAP command in splunk Hi Team, I am having a difficulty in understanding map command. In the below commands, we need to extract work order ... by arjitgoswami Explorer in Splunk Search 05-26-2017 0 5	0	5
map command not working Hi All, when I am trying to run the subsearch separately, I am getting values. But when I am using map to run the b... by arjitgoswami Explorer in Splunk Search 05-26-2017 0 4	0	4
Time difference where values are at random place in a file. Hi All, I need to search for time taken since a value popped up in the logs. The problem here is that this value is... by arjitgoswami Explorer in Splunk Search 05-26-2017 0 9	0	9
tstats behaviour change in Splunk 6.6, expected change or bug ? Hi ! Splunk 6.6 being out officially, I had the (bad) surprise to discover is very annoying change in tstats command... by guilmxm Influencer in Splunk Search 05-26-2017 1 7	1	7
regular express to stop at "=" Hi, I have a search string that does the following: temperature sourcetype=kaa \| rex field=_raw "\"endpointKeyHash\"... by wuming79 Path Finder in Splunk Search 05-25-2017 0 8	0	8
DHCP and Proxy Search - Join Performance Issues I have a working search using join that correlates DHCP addresses by machine name to find web proxy traffic as the de... by michaeldeck Engager in Splunk Search 05-25-2017 0 3	0	3
Multiple regex in a field extraction Hi, What I mean is that I want to parse all the error messages in my logs into one field called Errors but the regul... by byu168 Path Finder in Splunk Search 05-25-2017 0 4	0	4
stats by _time and field values in that time frame Expected stats result Time every 5mins \| Apps \|count 1:00 \|app1,ap... by knarayana New Member in Splunk Search 05-25-2017 0 1	0	1
How to get max value of string inside braces Hi All, I am new to splunk and need help in creating a table to get max value. Below are my sample logs - 2017-05-2... by jsamadhan New Member in Splunk Search 05-25-2017 0 3	0	3
IP Range Lookup I have IP lookup table (ips.csv) mixed with different types of formats such as ip ----------------------- 192.168.1.... by splunkrocks2014 Communicator in Splunk Search 05-25-2017 1 4	1	4
remove the special character ' from beginning and end of the field value Hi, I am reeving the logs from email gateway and all the field values are between ' character and those are captur... by mustafag Path Finder in Splunk Search 05-25-2017 0 12	0	12
How to edit the base search for my dashboards? So I have a dashboard currently that runs 6 reports to build all of it's widgets. Basically 1 per widget. The issue i... by jbrierton New Member in Splunk Search 05-25-2017 0 5	0	5
overlay chart how to create a single chart with two values. one showing sum of requests in span=5m window and other showing request... by maniishpawar Path Finder in Splunk Search 05-25-2017 0 11	0	11
how to get current user's timezone in html Can you help me to get the timezone of current logged in user. I am able to get the username by below command, var c... by arcotdeepika Engager in Splunk Search 05-25-2017 0 4	0	4
UI:: How to open daterange :: calendar on load in timepicker How to open daterange calendar on load in timepicker. Instead of user click the accordion, how to open the calendar ... by arcotdeepika Engager in Splunk Search 05-25-2017 0 2	0	2
How to get timing data If I do index=whatever, I get something that looks like this: 2017-05-24T13:46:08Z\|pegawifiview1495761514\|8501114746... by Physiker New Member in Splunk Search 05-25-2017 0 3	0	3
How to edit my search to figure out average time tracking? Alright...new to Splunk and actually been figuring it out as I go along. The only problem I am having is I am trying... by rickyrivera1 New Member in Splunk Search 05-25-2017 0 3	0	3
How to make a chart overlay I'm trying to make a graph using a chart overlay, scenario is I want to put all the transactions with minutes to the ... by vino06 New Member in Splunk Search 05-25-2017 0 3	0	3
How to remove event that contain special characters only Hi Splunk Ninjas, Good Day. Just like to ask on how can I remove event that contain special character only, as sampl... by dantimola Communicator in Splunk Search 05-25-2017 0 1	0	1
How to get started with making a choropleth map using data within a CSV file? I went through documentation but not able to relate with my requirement. If someone is already in practice with maps,... by dsiob Communicator in Splunk Search 05-24-2017 0 3	0	3
How to get 3 different hours data Hello everyone, my search looks like this, base search \| reg " " \| \| bin _time as desired_times span=4h \| \| where _ti... by prathapkcsc Explorer in Splunk Search 05-24-2017 0 12	0	12