Splunk Search

Community Activity

Trouble with REX command on a multi-line event Hello, I'm running a streamstats command that prints out a series of previously-searched events. There are often more... by like2splunk Explorer in Splunk Search 04-18-2017 0 6	0	6
How to generate a search that will the display the count of two fields if the memory and CPU usage is greater than 80 per day? Hi, I am trying to create a report that looks at two fields: mem and cpu It should display the count of mem and cpu ... by mhassan24 Explorer in Splunk Search 04-18-2017 0 10	0	10
How to REX an entire line if it contains a keyword I want to REX an entire line if it contains a particular keyword. The event looks like this: 2017-03-08 10:34:34,067... by like2splunk Explorer in Splunk Search 04-18-2017 0 2	0	2
How to display a table row that expands with more than one level? I wonder if Splunk is able to display a table statistic with the following layout. Does anyone know? Thanks Catego... by splunkrocks2014 Communicator in Splunk Search 04-18-2017 0 2	0	2
How To Use tstats with nested data models - getting empty results I have a DataModel named "AccessLogs" and it has a DataSet hierarchy that looks like this RootSearchDS // sourcetyp... by theironcook Explorer in Splunk Search 04-18-2017 1 2	1	2
How to use regex determine whether a field is an IP address I extracted a field named "apche_zhuji_sip", but the content is not accurate, some are not IP, how do I use regular e... by xsstest Communicator in Splunk Search 04-18-2017 0 1	0	1
Search Query returns only 50000 Events/Results List totally though total Events/Results are almost 56Lakh Events. Hi Splunk Users, Observing an Issue while I try to Query the Splunk for Search Query returns only 50000 Events/Res... by dhsetty Explorer in Splunk Search 04-18-2017 0 7	0	7
If statement for earliest time I have a search that needs to either snap to 7am ( -7h@d+7h) or 7pm ( -7h@d+19h) depending on whether the time of sea... by mstark31 Path Finder in Splunk Search 04-18-2017 0 5	0	5
Add values to the end of table Hi guys, Can you tell me if is it possible to add a values on fields to the end of a table to an other fields Exem... by Abarny Path Finder in Splunk Search 04-18-2017 0 2	0	2
Single Value Sparklines Hi All, I've recently created a single value dashboard panel with % trend, and sparkline underneath showing the curr... by craigwilkinson Path Finder in Splunk Search 04-18-2017 1 2	1	2
How do I handle fields with nothing between a delimiter on a rex field extraction? Hello Splunkers, My problem is nearly similar to this one, only not spaces. https://answers.splunk.com/answers/36982... by lloydknight Builder in Splunk Search 04-17-2017 0 3	0	3
Problem with Cisco ASA search query (iplocation) Hi, I have a search string that shows the top 20 security related events by country on my Cisco ASA. eventtype=cisc... by madstylex New Member in Splunk Search 04-17-2017 0 4	0	4
How to write a search to determine a slow and low attack from authentication logs? Hi Is there a way to determine a slow and low attack from authentication logs? I have a situation where I have to al... by kiran331 Builder in Splunk Search 04-17-2017 0 1	0	1
Is there a way to see and identify new entries in an Index Search? I would like to be able to identify new servers in the indexed search below: index=####vsource=######### Extract.csv... by jhayIV Engager in Splunk Search 04-17-2017 0 1	0	1
Why is the Automatic lookup not returning latest data? We have a automatic lookup which is based on a lookup being appended by a report. Lookup is refreshed 6 times a day a... by varun85negi Engager in Splunk Search 04-17-2017 0 4	0	4
Error event log format and search For any error Splunk gives a request id and link to search for that particular error details. In my, going to that Sp... by gaurav_maniar Builder in Splunk Search 04-17-2017 0 4	0	4
How to generate a search to display day over day comparison? Date Val Change? 4/13 60 no 4/12 60 no 4/11 60 yes 4/10 50 ... by ryanprayacn Explorer in Splunk Search 04-17-2017 0 5	0	5
How to edit my search to find the Max Mbps transferred per day? I need to find a way to figure out how to get the Max Mbps per day over the course of a certain time frame, say a wee... by ckozma New Member in Splunk Search 04-17-2017 0 4	0	4
How to generate a search that will target IP addresses with greater than 100 post requests as Spam? We need to identify the unique IP addresses of the spammers who are generating more number of POST requests generatin... by mcvr New Member in Splunk Search 04-17-2017 0 2	0	2
Pie Chart max value vs active value I want to create a pie chart that has a max value of 22000 (This is hard-coded in) then I have a variable list of Mac... by JoshuaJohn Contributor in Splunk Search 04-17-2017 0 5	0	5
Issue with splunk stop/restart command in CentOS 7.2 Hi All, Our distributed splunk setup contains a deployment server, an indexer cluster master, 3 peer indexers and 2 ... by keerthana_k Communicator in Splunk Search 04-17-2017 0 1	0	1
i have to exclude particular host from this query? \| metadata type=hosts index=xx_prod\| eval age = now() - recentTime \| eval status= case(age < 1800,"Running",age > 180... by karthi2809 Builder in Splunk Search 04-17-2017 0 3	0	3
How to make field in splunk using the field inside the CSV file..?? why every input data from TCP/UDP, the field always inputted to the data inside, so the data did have field, caused t... by rianbagus New Member in Splunk Search 04-17-2017 0 1	0	1
Why do I receive "Limit (50000 results) reached." Warning message ? When I was searchng with the following query for one day, sourcetype=web_access \| chart count by sourceIP There w... by Masa Splunk Employee in Splunk Search 04-17-2017 1 8	1	8
I have an event with status=0 status=0 status=0 .... I want if all status fields values are 0 then new_field value is "sucess " else new_field="failure" I have an event with status=0 status=0 status=0 .... I want if all status fields values are 0 then new_field value is... by nagarjuna280 Communicator in Splunk Search 04-16-2017 0 2	0	2