Splunk Search

Community Activity

Refining the search through lookup Hi, Below is the search I am running on a set of servers in the lookup file , I don't want to run the search on all ... by macadminrohit Contributor in Splunk Search 04-22-2017 0 7	0	7
Strange relationship between fieldformat command and postprocess The fieldformat command ( http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Fieldformat ) offers a ... by sideview SplunkTrust in Splunk Search 04-22-2017 1 5	1	5
Remove non alphanumeric at the very start in props.conf Is it possible to remove all non alpha-numeric when taking in data in the props.conf? I have tried wiht regex but i ... by robertlynch2020 Influencer in Splunk Search 04-22-2017 0 13	0	13
How to change a name within a field? I have hundreds of .tmp files that begin with evb* and exist within the "File Name" field. All I want to do is change... by happysplunkyay New Member in Splunk Search 04-21-2017 0 8	0	8
VIM syntax highlighting for splunk config files Just wanted to share with the community the plugin and syntax highlighter I've made for VIM. To enable syntax highli... by yoho Contributor in Splunk Search 04-21-2017 14 10	14	10
Help me with transaction command Is there any option other than transaction command to measure the time between events? because i am already using tra... by sravankaripe Communicator in Splunk Search 04-21-2017 0 1	0	1
How to edit my search to limit the distinct user count by set number of events per unique user? I was asked to provide active users since December 2016. With the logs we're working with, there's really no way to ... by ON34C02151009 Explorer in Splunk Search 04-21-2017 0 12	0	12
Eval RegEx for Host Name from FQDN Is there a way to write an eval to pull back host name Server1 from Server1.12.city.net by jhayIV Engager in Splunk Search 04-21-2017 0 2	0	2
How to edit my search to track event counts by Index/Sourcetype to see when data is no longer being received? Looking to build a report to list all the indexes/sourcetypes in use. And be able to monitor event counts as they go ... by joesrepsol Path Finder in Splunk Search 04-21-2017 0 8	0	8
How to check if a word is in a CSV file, and if it is, display results in a table? I have some data, if the message contains a word which is in a csv file, then results should show in a table. How sho... by nagarjuna280 Communicator in Splunk Search 04-21-2017 0 3	0	3
Why is there a difference in results depending on whether or not there are quotation marks in my search syntax? A search for "ip=100.2.2.2" userid=foobar (identifying information has been changed) produces 5 results. However, whe... by jian Explorer in Splunk Search 04-21-2017 0 7	0	7
How can I find the reoccurring group of transactions over time? Hey Folks, I have a transaction search that "groups" various things of interest (5m maxspan etc ). I was wondering -... by RocIngersol Explorer in Splunk Search 04-21-2017 0 6	0	6
how to extract these fields using regular expression "cvpEditAction" : "R", "cvpEditAllowedAmount" : 333.57, Could someone please help me how to extract these? thanks. by prashanthberam Explorer in Splunk Search 04-21-2017 0 7	0	7
Could anyone explain what the below eval condition is doing my search? The following is the search in my Splunk. Now I am just trying to understand the structure and that condition means c... by pavanae Builder in Splunk Search 04-21-2017 1 4	1	4
How to serach for Windows Server created and enabled accounts of type Administrator - excluding Standard user account type. I thought the following query would return that but I can see accounts of type "Standard User". "search host=* AND s... by acabralg Explorer in Splunk Search 04-21-2017 0 11	0	11
how to find out scripts running on indexers hi, Is there a way to find out the scripts running by users on indexers because few backs when i ask a user , he tol... by kteng2024 Path Finder in Splunk Search 04-21-2017 0 3	0	3
MV field split by comma and not line break I have a group of multivalue fields that are listed with linebreaks . I'm looking to remove the line breaks from one ... by mdsnmss SplunkTrust in Splunk Search 04-21-2017 1 1	1	1
Evaluate multiple events with same data. I would like to count the number of times a Server went down based on up/down status field. How can i evaluate multip... by biec1 Explorer in Splunk Search 04-21-2017 0 4	0	4
Cannot sort dynamic column in date format Hi, I tried to summary data in each assignment_group_name by month here is my code: index="snow" sourcetype="snow:... by urapaveerapan Explorer in Splunk Search 04-21-2017 0 3	0	3
Stats Distinct Count (X) + X[Values] Hi Splunkers, I have a query that gives me the following fields I want to work with. username Country (after usin... by JRamirezEnosys Explorer in Splunk Search 04-21-2017 0 3	0	3
Relative Time search (e.g. today 4AM) Hi, I have a report (scheduled to be run every 5 minutes) that I have built, it list the number of specific events ... by nicolas_pons New Member in Splunk Search 04-21-2017 0 3	0	3
Why are some searches only rarely executed without any warning or error? Hey everyone i have a little bit of a problem with some of my searches, as I am only rarely able to execute them. Sp... by hbusch New Member in Splunk Search 04-21-2017 0 5	0	5
how does the attribute "maxHotIdleSecs" work? In my indexes.conf file (C:\Program Files\Splunk\etc\system\local) I have the attribute "maxHotIdleSecs = 86400" So ... by aywong Path Finder in Splunk Search 04-21-2017 0 10	0	10
SPL: extract logfile name from source field Hi, I am trying to setup a dropdown bar for a dashboard and would like to setup dynamic inputs based on the source lo... by danielsofoulis Path Finder in Splunk Search 04-21-2017 0 6	0	6
How edit my search to get a chart of bin counts over time? I'd like to create a chart of bin counts over time (with a span defined). Right now, I can get the result over the wh... by viraptor New Member in Splunk Search 04-21-2017 0 4	0	4