Splunk Search

Community Activity

inputlookup format to insert wildcard * is it possible? inputlookup like: user mailbox smithj john smith bloggsj joe bloggs search string: \| inputlookup use... by r999 Path Finder in Splunk Search 04-25-2017 1 2	1	2
Need help on finding daily hourly max for a month for a timechart Hi All, I am pretty new to splunk and trying to figure out a splunk search query. I am extracting a monthly report o... by payalgarg27 Explorer in Splunk Search 04-25-2017 0 4	0	4
unable to filter specific source with REX i have data coming from different sources (catalina,sailpoint,accesslogs,etc) now i want to filter it into different ... by cleelakrishna Loves-to-Learn in Splunk Search 04-25-2017 0 1	0	1
Extract out the first line of results from Transaction command Hello guys, I have a sample log that looks like this: DATE, TIME, LOGIN, IP_ADDRESS, USERID, EMPLOYEE_ID, WORKSTAT... by silvermail Path Finder in Splunk Search 04-25-2017 0 7	0	7
Show meesage if no results but continue applyng commands if there are results I have a following query: index=main source=mylogsource.log "Response Message:*" "234998102" \| ifnoresults ---> (ev... by gpincheiraa Engager in Splunk Search 04-25-2017 0 1	0	1
Why does the timechart command give different values than stats command? Hi, I am getting difference in count while using stats in piechart and with same search with timechart in line graph... by umsundar2015 Path Finder in Splunk Search 04-25-2017 0 8	0	8
Splunk rex bring back sql query Hi Guys, I'm hoping someone can help. I have log data which is generated from SAS EG. I want to create a report whic... by ATMO1 New Member in Splunk Search 04-25-2017 0 4	0	4
what is difference between if search head fetching data from stand alone indexer and index clusterding environment Hi Folks, what is difference between if search head fetching data from stand alone indexer and index clustering envi... by lksridhar Explorer in Splunk Search 04-25-2017 0 1	0	1
For large lookups, should I use the kv store? Hi, I am developing a dashboard and search that needs to utilize a large lookup file (75k lines) that gets generated... by a212830 Champion in Splunk Search 04-25-2017 5 9	5	9
Case insensitive field extraction and reporting Hi, I am trying to extract a field from logs and generate report from it. Basically, I am trying to identify the aut... by rahiparikh Explorer in Splunk Search 04-25-2017 0 5	0	5
EventCode 4672 extraction prob? Hi, did anyone also figure out that the 4672 Windows Event is not completly extracted by splunk? 4672 is a importen... by ndcl Path Finder in Splunk Search 04-25-2017 0 6	0	6
Chart increment problem (decimal not integer) Hello guys, I've a problem : I can't set integers for the X axis, I have sometimes decimal values : XML options: ... by splunkreal Influencer in Splunk Search 04-25-2017 0 4	0	4
Regex in transform.conf delete text in the middle I'm having some trouble to delete the text in "plugin_set". Sample Incoming data: {"plugin_family": "somestuff", ... by Alwiinie New Member in Splunk Search 04-25-2017 0 6	0	6
Is there a way to auto adjust the Y-value to just show the significant part of the chart? All, Often times I just want to see the delta, not the sum of a timechart. Any ideas on if there is a way have Spl... by daniel333 Builder in Splunk Search 04-24-2017 0 2	0	2
How to find difference in value between search strings? Hi, I am using a single search string with two different time rage to find the disk space. Search string : index= ... by Gowtham0809 New Member in Splunk Search 04-24-2017 0 6	0	6
I want latest and earliest time along with report name I want latest and earliest time along with report name Ex: top 10 values : 20/04/2017- 22/04/2017 by nagarjuna280 Communicator in Splunk Search 04-24-2017 0 2	0	2
How to combine multiple panels into one table? I have multiple single value number panels I want to combine into one table, I want my table to look somewhat like th... by JoshuaJohn Contributor in Splunk Search 04-24-2017 0 1	0	1
How is the partial flag supposed to work with timechart? I'm not sure if I am misunderstanding the use case for the partial flag with timechart or if maybe something else is ... by maciep Champion in Splunk Search 04-24-2017 1 10	1	10
Subsearch as eval expression works with strings, but not fields I have a situation where I want to use a subsearch to resolve to a conditional expression in an if statement - a.k.a.... by jmeyers_splunk Splunk Employee in Splunk Search 04-24-2017 0 5	0	5
Is there a way to show local time of the device of that area? Hi I have a data source with device name and timestamp in UTC and gmtoffset values, I need to show the new field wit... by kiran331 Builder in Splunk Search 04-24-2017 0 2	0	2
How to edit my alert search to convert Available Memory value from bytes to a percentage? I need to create an alert which is if in a 10 period of time to see if memory percentage of the host is over 90%. Her... by sonila Path Finder in Splunk Search 04-24-2017 0 8	0	8
Saving search results on a network share (Linux SH to Windows network share drive) I'm trying to automate saving search results for use with other programs. I'm not a Splunk admin, but I want to be ab... by tmaltizo Path Finder in Splunk Search 04-24-2017 0 3	0	3
In a field value that contains text, how can I display or extract just the numerical value within that text? We have a "Message" field that always contains the same verbiage except for a numerical value. I only want the numeri... by steveklinck New Member in Splunk Search 04-24-2017 0 5	0	5
Lookup csv file, match codes and add field I have a csv file containing 2 rows: EventCode and Message Summary Have added the CSV as a lookup file and I can also... by erdalcan New Member in Splunk Search 04-24-2017 0 5	0	5
How to create and calculate a response time graph? How do i calculate every 10 seconds, the average response time for the past 5 minutes and plot on a graph. by maniishpawar Path Finder in Splunk Search 04-24-2017 0 15	0	15