Splunk Search

Community Activity

500 internal server errors with /search/data/transforms/lookups page We are using Splunk 6.2.4 build 271043 on Ubuntu and we are seeing a couple of pages in the Lookups section that are ... by Erpenbeck Path Finder in Splunk Search 05-10-2017 0 5	0	5
Assigning future timestamps fails I am extracting timestamps from event to assign _time to events during index time. But timestamps are future date. Su... by ankithreddy777 Contributor in Splunk Search 05-10-2017 0 1	0	1
How to calculate row sum which each column has different weight? Hi I have a table as below. severity S0 S1 S2 S3 event A 1 0... by hakusama1024 New Member in Splunk Search 05-10-2017 0 2	0	2
Accounting for weekends and holidays I'm trying to come up with a method of accounting for weekends and holidays. Tell me, how should I implement this alg... by AlexeyPy Engager in Splunk Search 05-10-2017 0 1	0	1
Existing Query returning no data Hello everyone, We have a dashboard that contains a few panels that recently stopped returning data. I've tried to f... by kmccowen Path Finder in Splunk Search 05-10-2017 0 5	0	5
Search Chain Hopefully this is an easy one. We have an alert setup that notifies us if a specific error occurs more than 30 times ... by phillipmadm Explorer in Splunk Search 05-10-2017 0 2	0	2
How to format subsearch to give results with OR operator between and dropping field names. I have a scenario where my subsearch should yield results in following format. Index=index1 [search index=inde... by ankithreddy777 Contributor in Splunk Search 05-10-2017 0 2	0	2
How to populate dropdown input with ids from search? Can anyone please help me to populate a Dropdown input with the ids from this this search: index=main sourcetype=main... by vtsguerrero Contributor in Splunk Search 05-10-2017 1 3	1	3
Combine search results from one source in chart I am trying to build a visualization of change data to show over time the number of concurrent changes on going. So t... by mackiae New Member in Splunk Search 05-10-2017 0 6	0	6
some records are missing when I list by table; but when I query that specific event, I can find it. I have a trade message sourcetype in JSON, which I properly set up in props.conf and can query fine. To do a reconci... by leonjxtan Path Finder in Splunk Search 05-10-2017 0 8	0	8
How to compute subtraction? Start Time End time Reason Difference 05/09/2016 18:05 05/12/2016 14:55 ... by m7787579 New Member in Splunk Search 05-09-2017 0 5	0	5
Why is the collect command not working when used with map command? If I do this search index=log NOT "INFO" earliest=-40d@d latest=-39d@d \| cluster t=0.3 field=raw showcount=t la... by TiagoTLD1 Communicator in Splunk Search 05-09-2017 0 3	0	3
How to organize values in Statistics search? Hi, I have a blob of text in both the title and description file, I've tried looking for how to seperate them when I ... by ecm9210 Engager in Splunk Search 05-09-2017 0 1	0	1
Should I use root events, root transactions, or root searches to set up my data model? I apologize in advance for the super broad question and I realize that the answer may depend heavily on the structure... by _jgpm_ Communicator in Splunk Search 05-09-2017 1 3	1	3
Why does the lack of subsearch results cause my search to fail with "Error in 'eval' command: Failed to parse the provided arguments."? Lack of subsearch results causing query to error I have a search that looks at historical data (using timewrap) and ... by akeneratlanticu Engager in Splunk Search 05-09-2017 0 2	0	2
Making same query run for different times Hi, I have a dashboard with a query that currently runs for the time range 'Today' everyday. I want the time range t... by deepak02 Path Finder in Splunk Search 05-09-2017 0 1	0	1
How to compare to a lookup table and pull fields? I have an index=foo and a lookup table defined as foo2. How can I compare my index to the table to show only results... by mgrosholz Path Finder in Splunk Search 05-09-2017 0 9	0	9
Multiple Value Field Extraction Help I am trying to come up with a Regex that will extract several field values from an event which can potentially have s... by jaoui Path Finder in Splunk Search 05-09-2017 1 2	1	2
Extracting fields from transactions that have status events I have a couple of transactions I have created for example: Transaction A: startswith=Begin_Process endswith=Request... by baegoon Explorer in Splunk Search 05-09-2017 0 2	0	2
Timechart field value by field woes Hello, I have log messages that look like this: Handled MessageTypeA in 10ms Handled MessageTypeB in 23ms Handled Me... by thelegendofando New Member in Splunk Search 05-09-2017 0 4	0	4
Top 10 hosts whose number of events has increased the most Hello, I would like to know which of my host have an increase in their event number compared to usual. I first tho... by rflouquet Explorer in Splunk Search 05-09-2017 0 16	0	16
How to extract more than one value out of a field extraction using delimiters I'm using props.conf and transforms.conf to extract fields with delimiters, some of which are multi-valued. Example:... by gregbo Communicator in Splunk Search 05-09-2017 0 2	0	2
Long label text in charts Hi all, I've tried to find a solution with other questions, and the main thing about I found is SideViews, but all t... by marina_rovira Contributor in Splunk Search 05-09-2017 0 9	0	9
Nested Search Query on across multiple files Hi, I am trying to do a nested search. in Log A, I want to get all the users who has accessed "X". So my search quer... by tanyongjin Explorer in Splunk Search 05-08-2017 0 3	0	3
Fixed-width field extraction but removing trailing spaces I am currently defining some sourcetypes for some db2 SMF logs (oh joy). Luckily, the fields are well defined and are... by rturk Builder in Splunk Search 05-08-2017 0 5	0	5