Splunk Search

Community Activity

How to populate dropdown input with ids from search? Can anyone please help me to populate a Dropdown input with the ids from this this search: index=main sourcetype=main... by vtsguerrero Contributor in Splunk Search 05-10-2017 1 3	1	3
Combine search results from one source in chart I am trying to build a visualization of change data to show over time the number of concurrent changes on going. So t... by mackiae New Member in Splunk Search 05-10-2017 0 6	0	6
some records are missing when I list by table; but when I query that specific event, I can find it. I have a trade message sourcetype in JSON, which I properly set up in props.conf and can query fine. To do a reconci... by leonjxtan Path Finder in Splunk Search 05-10-2017 0 8	0	8
How to compute subtraction? Start Time End time Reason Difference 05/09/2016 18:05 05/12/2016 14:55 ... by m7787579 New Member in Splunk Search 05-09-2017 0 5	0	5
Why is the collect command not working when used with map command? If I do this search index=log NOT "INFO" earliest=-40d@d latest=-39d@d \| cluster t=0.3 field=raw showcount=t la... by TiagoTLD1 Communicator in Splunk Search 05-09-2017 0 3	0	3
How to organize values in Statistics search? Hi, I have a blob of text in both the title and description file, I've tried looking for how to seperate them when I ... by ecm9210 Engager in Splunk Search 05-09-2017 0 1	0	1
Should I use root events, root transactions, or root searches to set up my data model? I apologize in advance for the super broad question and I realize that the answer may depend heavily on the structure... by _jgpm_ Communicator in Splunk Search 05-09-2017 1 3	1	3
Why does the lack of subsearch results cause my search to fail with "Error in 'eval' command: Failed to parse the provided arguments."? Lack of subsearch results causing query to error I have a search that looks at historical data (using timewrap) and ... by akeneratlanticu Engager in Splunk Search 05-09-2017 0 2	0	2
Making same query run for different times Hi, I have a dashboard with a query that currently runs for the time range 'Today' everyday. I want the time range t... by deepak02 Path Finder in Splunk Search 05-09-2017 0 1	0	1
How to compare to a lookup table and pull fields? I have an index=foo and a lookup table defined as foo2. How can I compare my index to the table to show only results... by mgrosholz Path Finder in Splunk Search 05-09-2017 0 9	0	9
Multiple Value Field Extraction Help I am trying to come up with a Regex that will extract several field values from an event which can potentially have s... by jaoui Path Finder in Splunk Search 05-09-2017 1 2	1	2
Extracting fields from transactions that have status events I have a couple of transactions I have created for example: Transaction A: startswith=Begin_Process endswith=Request... by baegoon Explorer in Splunk Search 05-09-2017 0 2	0	2
Timechart field value by field woes Hello, I have log messages that look like this: Handled MessageTypeA in 10ms Handled MessageTypeB in 23ms Handled Me... by thelegendofando New Member in Splunk Search 05-09-2017 0 4	0	4
Top 10 hosts whose number of events has increased the most Hello, I would like to know which of my host have an increase in their event number compared to usual. I first tho... by rflouquet Explorer in Splunk Search 05-09-2017 0 16	0	16
How to extract more than one value out of a field extraction using delimiters I'm using props.conf and transforms.conf to extract fields with delimiters, some of which are multi-valued. Example:... by gregbo Communicator in Splunk Search 05-09-2017 0 2	0	2
Long label text in charts Hi all, I've tried to find a solution with other questions, and the main thing about I found is SideViews, but all t... by marina_rovira Contributor in Splunk Search 05-09-2017 0 9	0	9
Nested Search Query on across multiple files Hi, I am trying to do a nested search. in Log A, I want to get all the users who has accessed "X". So my search quer... by tanyongjin Explorer in Splunk Search 05-08-2017 0 3	0	3
Fixed-width field extraction but removing trailing spaces I am currently defining some sourcetypes for some db2 SMF logs (oh joy). Luckily, the fields are well defined and are... by rturk Builder in Splunk Search 05-08-2017 0 5	0	5
Lookup CSV location Hi, I would like to ask if the CSV file that is being referenced to in the search command can be from any directory ... by tanyongjin Explorer in Splunk Search 05-08-2017 1 2	1	2
with the same search conditions, I cannot make eval if function to return true... For some use case, I need to make a new true/false field. Below condition returns 11 events in my data sample: \|... by leonjxtan Path Finder in Splunk Search 05-08-2017 0 4	0	4
Drilldown with $click$ values not working I have a dashboard where I display a list of wines. I want to be able to incrementally add the wine name to a search ... by bowesmana SplunkTrust in Splunk Search 05-08-2017 0 8	0	8
Different results for error "specified span would result in too many (>50000) rows" based on time range I am trying to run the below to get the avg/max number of hits per second each day. I have tried this multiple time... by keet1009 New Member in Splunk Search 05-08-2017 0 1	0	1
Problem while joining Hi everyone Need your kind help. I have 50+ fields under index='abc' i want to join the same with a lookup which h... by nilaksh92 Path Finder in Splunk Search 05-08-2017 0 2	0	2
How to extract logs by rex ? How to extract logs by rex ? "TranStartTime":"2017-05-08T02:40:58.856-04:00", "TranEndTime":"2017-05-08T02:40:58.902-... by karthi2809 Builder in Splunk Search 05-08-2017 0 2	0	2
Show individual counts for each item in a multivalue field in a single stats row I am trying to get a count for individual items in a multivalue field. Here's my current search: \| stats count(_time... by kalik Explorer in Splunk Search 05-08-2017 0 5	0	5