Splunk Search

Community Activity

How to extract desired information from Transaction ignoring duplicates I am trying to capture particular types of errors that occur in our logs. I've searched for my key events in my base... by like2splunk Explorer in Splunk Search 05-17-2017 0 3	0	3
How does one create a pie chart that would result in 3 equal pie slices? I'm logging memory stats, and I have fields like "mem_free", "mem_used", and "mem_cache" that represent memory in MB.... by fdswitch Explorer in Splunk Search 05-17-2017 0 3	0	3
Moving 3 day count - any built in search commands for this? Hi all, I have some data like so Day \| Count 1 \| 200 2 \| 200 3 \| 300 4 \| 100 5 \| 200 ... \| ... I can graph a timec... by himynamesdave Contributor in Splunk Search 05-17-2017 0 1	0	1
Extract Last 12 Characters Hi, I wonder whether someone could help me please. I have the following string, which I'm trying to extract the last... by IRHM73 Motivator in Splunk Search 05-17-2017 0 2	0	2
How to edit my search to generate a report of Current Status over time? Greetings everyone. I'm trying to do what I think is a simple task, but for some reason it is troubling. I loaded so... by wmusch New Member in Splunk Search 05-17-2017 0 1	0	1
Is it possible to pass a URL (Not static) from a search field to create a clickable link in a dashboard? I can hard-code a static URL, but when I pass a value, Splunk adds the host to the URL to direct the link internally. by rromanelli Explorer in Splunk Search 05-17-2017 0 7	0	7
How to search for 5 failed logins followed by 1 successful login from one user to find brute force attacks? Dear Experts, Kindly help to create a search for 5 failed logins followed by 1 successful login from one user. I... by sumit29 Path Finder in Splunk Search 05-17-2017 0 7	0	7
Splunk to activate python script Hi. i want to ask if you guys have any idea how to connect a splunk search to run a python script? What I'm doing is ... by mrccasi Explorer in Splunk Search 05-17-2017 0 3	0	3
group different source in one querry Hi all, I'm running Splunk 6.6 and I like to group different sources of an Index to count them within one querry. Th... by bosch_softtec Path Finder in Splunk Search 05-17-2017 0 6	0	6
SPLUNK update existing events Hi Experts, I have a case like below: I have events with order_id, order_status, ord_creation_date being indexed fo... by imanpoeiri Communicator in Splunk Search 05-17-2017 4 5	4	5
Inactive Users Hello Splunk, I am attempting to write a query that searches Splunk for any users that have not logged in for the p... by williamdicker New Member in Splunk Search 05-16-2017 0 4	0	4
What is wrong with this regular expression to extract the URL from our logs? I am attempting to extract the URL from our webfilter logs. The automatic field extraction process did not work. I ... by harrisoncs Explorer in Splunk Search 05-16-2017 0 5	0	5
How to reset sourcetype and do field extractions using props.conf and/or transforms.conf? My Splunk setup has 3 layers, Forwarders - 50+Indexers - 4, running on different machinesSearch Heads - 3, running o... by deepak02 Path Finder in Splunk Search 05-16-2017 0 2	0	2
Why do I receive "Error in 'eval' command: The expression is malformed. An unexpected character is reached at '”%Y-%m-%d %H:%M”)'." in my Splunk Light search? Hi everyone ! I am a new user in Splunk (Great application and these days very useful); I read this document and I tr... by tomasnelson Explorer in Splunk Search 05-16-2017 0 6	0	6
How to parse search time from one dashboard to another Hello all, I have several dashboards and would like to keep the same time searching period when navigating from one ... by leomedina Explorer in Splunk Search 05-16-2017 0 2	0	2
Need to extract JSESSIONID from result Query: index="prod" "Null Pointer Exception" Result: Key: value, key; value, JSESSIONID:123456.ATG.PROD, key: value ... by rh417692 Path Finder in Splunk Search 05-16-2017 0 6	0	6
Drill down Single Value Hi, I want to drill down a single value. I have a single value named High Risk and I created a table now I want to ... by dchalasani Path Finder in Splunk Search 05-16-2017 0 3	0	3
Why does appending an accelerated saved search not use acceleration? 2 searches to illustrate: \| noop \| stats count \| append [ savedsearch my_accel_search ] \| savedsearch my_accel_sear... by twinspop Influencer in Splunk Search 05-16-2017 0 3	0	3
How to monitor transaction duration, but only account from 8AM to 6PM? I have the fallowing search: index="my_app" p_id=635392908992408562 \| transaction p_id \| eval starttime=strftime(_ti... by moisesroth Path Finder in Splunk Search 05-16-2017 0 7	0	7
View Summary Index query Hi, I have been handed over a bunch of summary indexes I should be using as base. I have full access to the Search ... by deepak02 Path Finder in Splunk Search 05-16-2017 0 4	0	4
Transactions based on distinct values of extracted field Hi, I'm trying to create transactions from events like this: Session opened: [some id] Session closed: [some id] ... by mjuopperi_elisa New Member in Splunk Search 05-16-2017 0 1	0	1
How to do the time conversion for 2017-04-14T13:52:21.000Z to a readable format? How to do the time conversion for 2017-04-14T13:52:21.000Z to an understandable format? Any one please tell me the Qu... by dchalasani Path Finder in Splunk Search 05-16-2017 0 21	0	21
Splitting one event into multiple events This should be a simple question. In fact, I've succeeded in doing this before, but I no longer have that app and I c... by Branden Builder in Splunk Search 05-16-2017 1 4	1	4
How to edit my search to remove duplicates from a table? hi, I am using table which shows up duplicates, shown below. Here some track has multiple status (eg: Yellow and Red)... by dsiob Communicator in Splunk Search 05-16-2017 0 8	0	8
How to show results from two indexes in single timechart visualization? HI I have two data sources, how can I show them in a single time chart graph? Search I'm trying (index=abc resul... by kiran331 Builder in Splunk Search 05-16-2017 0 6	0	6