Splunk Search

Community Activity

Nested Search Query on across multiple files Hi, I am trying to do a nested search. in Log A, I want to get all the users who has accessed "X". So my search quer... by tanyongjin Explorer in Splunk Search 05-08-2017 0 3	0	3
Fixed-width field extraction but removing trailing spaces I am currently defining some sourcetypes for some db2 SMF logs (oh joy). Luckily, the fields are well defined and are... by rturk Builder in Splunk Search 05-08-2017 0 5	0	5
Lookup CSV location Hi, I would like to ask if the CSV file that is being referenced to in the search command can be from any directory ... by tanyongjin Explorer in Splunk Search 05-08-2017 1 2	1	2
with the same search conditions, I cannot make eval if function to return true... For some use case, I need to make a new true/false field. Below condition returns 11 events in my data sample: \|... by leonjxtan Path Finder in Splunk Search 05-08-2017 0 4	0	4
Drilldown with $click$ values not working I have a dashboard where I display a list of wines. I want to be able to incrementally add the wine name to a search ... by bowesmana SplunkTrust in Splunk Search 05-08-2017 0 8	0	8
Different results for error "specified span would result in too many (>50000) rows" based on time range I am trying to run the below to get the avg/max number of hits per second each day. I have tried this multiple time... by keet1009 New Member in Splunk Search 05-08-2017 0 1	0	1
Problem while joining Hi everyone Need your kind help. I have 50+ fields under index='abc' i want to join the same with a lookup which h... by nilaksh92 Path Finder in Splunk Search 05-08-2017 0 2	0	2
How to extract logs by rex ? How to extract logs by rex ? "TranStartTime":"2017-05-08T02:40:58.856-04:00", "TranEndTime":"2017-05-08T02:40:58.902-... by karthi2809 Builder in Splunk Search 05-08-2017 0 2	0	2
Show individual counts for each item in a multivalue field in a single stats row I am trying to get a count for individual items in a multivalue field. Here's my current search: \| stats count(_time... by kalik Explorer in Splunk Search 05-08-2017 0 5	0	5
format output of a string in a particular format? I have a search query that returns numbers like 170503007 and 170504021 as outputs. Need to format them as 2017/05/03... by erhksadhwani New Member in Splunk Search 05-08-2017 0 1	0	1
using stats function to return latest value but need associated timestamp of that value stats latest(sequence)returns the latest sequence number but I need to display the associated timestamp when the sequ... by erhksadhwani New Member in Splunk Search 05-08-2017 0 1	0	1
How to perform Behavioral Analysis/Cross-data correlation on Logs Hi, We are trying to perform analysis on logs to determine whether there is an significant relationship between the ... by tanyongjin Explorer in Splunk Search 05-07-2017 0 3	0	3
transaction to group events based on machine on and off time. cisco ASA Basically, I need to group my 2 events (built and teardown) in cisco ASA format by 2 fields (event,duration) the even... by baylor New Member in Splunk Search 05-07-2017 0 1	0	1
Want to make a button to link to a URL! I want to make a button to link to a URL. Looking at the Answer, I found it.May be I can do it by using java. But I w... by oda Communicator in Splunk Search 05-07-2017 0 3	0	3
Filter the output results based on custom date range I want to filter the output based on the below time format, I want keep only results until 12am not after 12am. Ou... by ibob0304 Communicator in Splunk Search 05-07-2017 0 10	0	10
How to pass a search to a macro for emailing purposes? HI All, I'm utilizing a search that we run throughout the day which looks for a specific service shutdown on all mon... by billyhigdon New Member in Splunk Search 05-06-2017 0 1	0	1
How to combine my 2 searches to list all source and destination IPs based on same destination port? I'm trying to get my current 2 searches into 1. I am trying to get a list of all source and destination ip's based o... by tve784 Path Finder in Splunk Search 05-06-2017 0 18	0	18
How to check if an event runs once a day I have a job that runs and deletes data from a data base. After it deletes the data it outputs which days it deleted ... by Splunkster45 Communicator in Splunk Search 05-06-2017 0 5	0	5
Search: timechart percent error by host I'm looking to timehart errors (I'm using the count of the field 'level' for errors) by host. Since my some of my hos... by jiman7697 Explorer in Splunk Search 05-05-2017 0 2	0	2
Why is my name value pair being truncated after comma? Here is what my log looks like: Date_filed=record_create_ts Grain=D Load_Frq=D Data=18,2014-05-20 ... by Splunkster45 Communicator in Splunk Search 05-05-2017 0 3	0	3
how to get weekly data and week should be between saturday to friday Hello Guys, I have a requirement to show count of open tickets for every week. Week should be between saturday to f... by Chinmai Explorer in Splunk Search 05-05-2017 0 8	0	8
The SPL search command about port scanning Now I'm doing a port scan alert Policy. Port scanning is a hacker's attack method。I can see its activity track in th... by xsstest Communicator in Splunk Search 05-05-2017 0 5	0	5
single search multiple table in splunk? Hi All, Is that possible to view the result in multiple table for single search in Splunk not in dashboard? Thanks ... by rsathish47 Contributor in Splunk Search 05-05-2017 0 3	0	3
Extract fields from log message I used AOP concept to track few methods execution time and it will print the log as follows : Execution Time : [meth... by parameshjava Explorer in Splunk Search 05-04-2017 0 2	0	2
Extracting multiple fields from comma separated log Hello, Can someone help me to build a table report by extracting 3 fields from a comma separated log: Here's a log... by ptur Path Finder in Splunk Search 05-04-2017 0 1	0	1