Splunk Search

Community Activity

how does the attribute "maxHotIdleSecs" work? In my indexes.conf file (C:\Program Files\Splunk\etc\system\local) I have the attribute "maxHotIdleSecs = 86400" So ... by aywong Path Finder in Splunk Search 04-21-2017 0 10	0	10
SPL: extract logfile name from source field Hi, I am trying to setup a dropdown bar for a dashboard and would like to setup dynamic inputs based on the source lo... by danielsofoulis Path Finder in Splunk Search 04-21-2017 0 6	0	6
How edit my search to get a chart of bin counts over time? I'd like to create a chart of bin counts over time (with a span defined). Right now, I can get the result over the wh... by viraptor New Member in Splunk Search 04-21-2017 0 4	0	4
Why I have "Duplicate values causing conflict" with eval ? Hi, Can you tell me why i can't update my dynamic list on my dashboard ? I have this message : "Duplicate values cau... by Abarny Path Finder in Splunk Search 04-21-2017 0 5	0	5
Group multiple Keys and count the values by status and table the results Good day, i have the follwing key values: CMD=LOOK ITEM1=APPLE ITEM2=APPLE ITEM3=ORANGE STAT=0 CMD=LOOK ITEM1=APPLE ... by mkrauss1 Explorer in Splunk Search 04-21-2017 0 5	0	5
HELP! Extracting JSON rex not working... Hello all, I am trying new things and expanding my palate but having a problem extracting JSON. My Search: index=t... by leomedina Explorer in Splunk Search 04-20-2017 0 6	0	6
How to use a list of whitelist mac addresses to find "bad" mac addresses? Hello, for control dhcp server, need to search "bad" mac addresses, but use whitelist . And need modify search string... by k909 Engager in Splunk Search 04-20-2017 0 5	0	5
Is there a search that can be used to determine if Linux logs have been cleared or deleted? Greetings, In Windows, there's a nice EventID you can query to see when system, application, or security event logs ... by SplunkLunk Path Finder in Splunk Search 04-20-2017 0 3	0	3
How to use join to combine my two search? i have to two different sourcetypes with two different key but values are same for both keys Please help me with se... by sravankaripe Communicator in Splunk Search 04-20-2017 0 4	0	4
How to find duplicate values in a multivalue field? Hi I have logs in Splunk containing lines like this: UserPolicies=13=5\|0=81540803\|7=137\|9=76\|13=3\|1=11\|21=10 UserPoli... by jovi New Member in Splunk Search 04-20-2017 0 3	0	3
Combining separate columns based on x-axis value I initially created a chart that will show log count for a number of hosts: ... \| chart count by host source \| ... wh... by sepkarimpour Path Finder in Splunk Search 04-20-2017 1 1	1	1
How to edit my search to split statistics results per day? HI Guys. I have a search that shows our HTTP code errors and do a error percentage of that based on total value of re... by alisonchicoria New Member in Splunk Search 04-20-2017 0 4	0	4
Grouping (Range?) HTTP Status codes Hi, I have queries that I'd like to group HTTP Status codes together... (i.e. anything 200-299, or 300-399, or 400... by dbcase Motivator in Splunk Search 04-20-2017 0 4	0	4
how to write rex for my use case i want to retrive BLOCKED_PARENT (This item is blocked because its parent cannot syndicate.) message from the belo... by sravankaripe Communicator in Splunk Search 04-20-2017 0 2	0	2
Timechart with multiple fields Hi , I need to add one more field "row_num" in the same timechart Search query is index=abc \| timechart span=1hr ... by imthesplunker Path Finder in Splunk Search 04-20-2017 0 6	0	6
How filter with join ? hi guys, I want to filter my request where when logs{}.newStateId!=5 i recover the projects{}.id but this join isn't... by Abarny Path Finder in Splunk Search 04-20-2017 0 6	0	6
Large lookup files in a distributed environment: how can we force the .tsidx indexes to build on all search heads? Splunk automagically builds .tsidx indexes on Lookup files which are large. This is triggered the 1st time someone pe... by rsouth Engager in Splunk Search 04-20-2017 2 3	2	3
Adding a WHERE clause to chart so only NON-matching results are shown on visualization I'm currently generating a chart with ... \| chart count by host source \| ... so it counts the number of lines output ... by sepkarimpour Path Finder in Splunk Search 04-20-2017 0 7	0	7
makemv delims not working Hi, don't seem to see the problem but makemv doesn't work on the search below. sourcetype=st1 < some search >\|rename... by mcm10285 Communicator in Splunk Search 04-20-2017 1 2	1	2
How can we fetch data for specific time interval by comparing time. Hi, I have a search query in which I want to display the data for a particular time interval. I have data for 5 day... by AKG1_old1 Builder in Splunk Search 04-20-2017 0 11	0	11
How to generate searches for the SLA Matrix feature for an alert, alarm, or incident? Can anyone quick help me with a query 1. where I can get the SLA for incident triggered time and incident acknowledg... by danda New Member in Splunk Search 04-20-2017 0 2	0	2
How to edit my search to get the count of a decision field? Hi I am trying to get the count if a field decision="ACCEPT" or decision="REJECT" by merchant and his ID , but coun... by sukundur Engager in Splunk Search 04-19-2017 0 4	0	4
How to retrieve one field from multiple responses? I'm trying to retrieve a field from a response: here is the example: response=[{"code":0,"count":1,"mobile":"123456... by greeshmak Explorer in Splunk Search 04-19-2017 0 1	0	1
How to using NET-SNMP on Windows to receive and log SNMP traps to file from cisco router/switch? I have installed NET-SNMP on splunk machine (winserver 2008 R2). 1. splunk machine - edit file C:/usr/ etc/snmp/sn... by ledaipro Explorer in Splunk Search 04-19-2017 0 6	0	6
Regex to extract two strings from log and make as field Log - (given 2 lines for example) 2017/02/21 03:46:12.119-0800 [http-bio-8480-exec-3] C3AF4B3F9C2E40D2006D1513C81191... by pingdpk Engager in Splunk Search 04-19-2017 0 5	0	5