Splunk Search

Community Activity

Splunk query. I would like to count the number of times a Server went down, based on up/down state field. State field receives up o... by biec1 Explorer in Splunk Search 05-03-2017 0 2	0	2
extract date time from log entries I have the following log structure from which I want to index date time properly. INFO :20170503:11.21.54.48:XYZW... by muriloalves Explorer in Splunk Search 05-03-2017 0 6	0	6
Display the "others" or the rest after showing top results I have this search to show top 5 values: search... \| fields ALARM \| stats count by ALARM \| sort limit=5 -count Resu... by christopheryu Communicator in Splunk Search 05-03-2017 0 8	0	8
Setting a default action for alert in splunk HI, Is there anyway in splunk to set the "email" as default trigger action for an alert. by kteng2024 Path Finder in Splunk Search 05-03-2017 0 2	0	2
Cannot find any featureID in Geospatial Visualization. Hi Splunkers, I tried the new feature, Geospatial Visualization in Splunk V6.3 as "Option 1" posted on splunk blog. ... by sunrise Contributor in Splunk Search 05-03-2017 0 4	0	4
lookup table does not exist I am getting error as "Lookup table does not exist. It is referenced by configuration", but i have the lookup on the ... by srinathd Contributor in Splunk Search 05-03-2017 0 3	0	3
How to prevent "max concurrent searches reached" messages on the distributed management console? I've configured a dev Splunk 6.4 env, and noticed that my Distributed Management Console is getting "max concurrent s... by a212830 Champion in Splunk Search 05-03-2017 0 4	0	4
How to achieve vlookup in Splunk Hi, Kindly help me with the search query for my scenario. I have a lookup table A and a search B with common field u... by karthikklv Engager in Splunk Search 05-03-2017 0 4	0	4
How to edit my search to use transaction command to exclude values? Hi, I have the following search that returns 10,552 events over a given period of time: index=oracle (INSTANCE_NAME=... by ggiovan Engager in Splunk Search 05-03-2017 0 13	0	13
Counting from log based on email add for successful logins / incorrect password The following are sample logs for successful login and incorrect password attempts based on email address: May 2 0... by babidi New Member in Splunk Search 05-03-2017 0 3	0	3
Log filtering based on field value change. I have two kinds of logs sourcetype = abc IP = a.b.c.d status=active sourcetype = abc IP = a.b.c.e status=active so... by rakes568 Explorer in Splunk Search 05-03-2017 0 3	0	3
How to get the latest record of each month for each specific column? Dear guys, I'm very new in Splunk and I got some work task which still have no idea about the solution. Please k... by urapaveerapan Explorer in Splunk Search 05-03-2017 0 1	0	1
Extracting host from host segment doesn't work Hi : I have a monitoring stanza which splunk process is monitoring logs from: /var/log/hosts//Tue/-2017050209 This... by mmohiuddin1512 Explorer in Splunk Search 05-03-2017 0 5	0	5
Pick up the first occurrence of a word I want to pick only the first occurrence of word . index = index1 ERROR Event Result 2017-04-29T18:29:27.246+0000... by jw44250 New Member in Splunk Search 05-02-2017 0 15	0	15
Using field in lookup table to get field in second lookup table Hi All, I'm new to Splunk and I'm trying to mess around with a few lookup tables that I imported. I have two, let's... by billyhigdon New Member in Splunk Search 05-02-2017 0 1	0	1
run new search based on row-value and get the results in a new column I have the following table of results \|trkid \| values \| \|123 \| a \| \|124 \| b \| \|125 \| ... by gpincheiraa Engager in Splunk Search 05-02-2017 0 3	0	3
Generate list of all Fields in a Search? I would like to export a list of the fieldnames in any given search. How could I do this? by muebel SplunkTrust in Splunk Search 05-02-2017 3 13	3	13
how to get count of events for each 30 min Hi, index=_internal \|timechart span=30m count --- Im using this query looking for last 4hr data. 2017-05-02 15:30... by srinivasup Explorer in Splunk Search 05-02-2017 1 2	1	2
How to sort and group data by day and ID? I would like to display the events as the following: where it is grouped and sorted by day, and sorted by ID numer... by Yaichael Communicator in Splunk Search 05-02-2017 0 8	0	8
How to use rex field as subsearch input value My main search will extract a rex field. I want to use this rex field value as a search input in my subsearch so that... by hoyomi Explorer in Splunk Search 05-02-2017 0 5	0	5
Retrieve names of all fields Im trying to write a search where I can search for the names of the fields, so basically the search would return the ... by Dark_Ichigo Builder in Splunk Search 05-02-2017 2 4	2	4
Help using appendcols or join I wonder if someone can help me out with an issue I'm having using the append, appendcols, or join commands. Truth be... by fmfx1001 Explorer in Splunk Search 05-02-2017 0 7	0	7
is cleaner timechart formatting possible for login/logoff time report? (seeking better human readability) I'm attempted to get a report for login and logoff times on Windows workstations. Here is what I have done so far: i... by caseynordell Explorer in Splunk Search 05-02-2017 0 4	0	4
How do I preset two separte time span as form input? I have some research data on a dashabord. The data I want to highlight is in two separate time spans Jan 1 - Jan 30 a... by BinnyK Explorer in Splunk Search 05-02-2017 0 2	0	2
Is there any alternate for JOIN Hi, I'm having problems while joining the queries. I have the logs in same index and application but logging in dif... by greeshmak Explorer in Splunk Search 05-02-2017 0 4	0	4