Splunk Search

Community Activity

Unable to create time series chart in Splunk dashboard Hi All, I need help in creating time chart for the following request: I have a field by name field.status that will ... by santosh_hb Explorer in Splunk Search 04-24-2017 0 9	0	9
Percentile values over time Hi I have a query to look at the number of times a user does an event, and then get different percentiles of these. ... by ewanbrown Path Finder in Splunk Search 04-24-2017 0 6	0	6
How to write a search that shows all saved searches, reports & lookup tables that are shared globally? Hi, Is it possible to write a search that shows all saved searches, reports & lookup tables that are shared globally... by HeinzWaescher Motivator in Splunk Search 04-24-2017 0 3	0	3
Can we create lookup table for specific owner? Hi, Is there any way that we can create lookup table for specific user? As I checked outputlookup command and it doe... by sumangala Path Finder in Splunk Search 04-24-2017 1 9	1	9
How can I find computers that have been infected for three consecutive days? I want to find the host IPs for three consecutive days of antivirus detection. Please help me. ex) - sourcetype: viru... by superhm Explorer in Splunk Search 04-24-2017 0 2	0	2
Received event for unconfigured/disabled/delted...... I am a splunk novice. Https://answers.splunk.com/answers/522405/why-is-there-no-data-in-my-summary-index.html URL o... by xsstest Communicator in Splunk Search 04-23-2017 0 4	0	4
How does 'partial=True' affects 'timechart' results? I am grouping time buckets using 'span' and I'd like to trim partial time buckets at the beginning and end of the sea... by abonuccelli_spl Splunk Employee in Splunk Search 04-22-2017 2 3	2	3
Refining the search through lookup Hi, Below is the search I am running on a set of servers in the lookup file , I don't want to run the search on all ... by macadminrohit Contributor in Splunk Search 04-22-2017 0 7	0	7
Strange relationship between fieldformat command and postprocess The fieldformat command ( http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Fieldformat ) offers a ... by sideview SplunkTrust in Splunk Search 04-22-2017 1 5	1	5
Remove non alphanumeric at the very start in props.conf Is it possible to remove all non alpha-numeric when taking in data in the props.conf? I have tried wiht regex but i ... by robertlynch2020 Influencer in Splunk Search 04-22-2017 0 13	0	13
How to change a name within a field? I have hundreds of .tmp files that begin with evb* and exist within the "File Name" field. All I want to do is change... by happysplunkyay New Member in Splunk Search 04-21-2017 0 8	0	8
VIM syntax highlighting for splunk config files Just wanted to share with the community the plugin and syntax highlighter I've made for VIM. To enable syntax highli... by yoho Contributor in Splunk Search 04-21-2017 14 10	14	10
Help me with transaction command Is there any option other than transaction command to measure the time between events? because i am already using tra... by sravankaripe Communicator in Splunk Search 04-21-2017 0 1	0	1
How to edit my search to limit the distinct user count by set number of events per unique user? I was asked to provide active users since December 2016. With the logs we're working with, there's really no way to ... by ON34C02151009 Explorer in Splunk Search 04-21-2017 0 12	0	12
Eval RegEx for Host Name from FQDN Is there a way to write an eval to pull back host name Server1 from Server1.12.city.net by jhayIV Engager in Splunk Search 04-21-2017 0 2	0	2
How to edit my search to track event counts by Index/Sourcetype to see when data is no longer being received? Looking to build a report to list all the indexes/sourcetypes in use. And be able to monitor event counts as they go ... by joesrepsol Path Finder in Splunk Search 04-21-2017 0 8	0	8
How to check if a word is in a CSV file, and if it is, display results in a table? I have some data, if the message contains a word which is in a csv file, then results should show in a table. How sho... by nagarjuna280 Communicator in Splunk Search 04-21-2017 0 3	0	3
Why is there a difference in results depending on whether or not there are quotation marks in my search syntax? A search for "ip=100.2.2.2" userid=foobar (identifying information has been changed) produces 5 results. However, whe... by jian Explorer in Splunk Search 04-21-2017 0 7	0	7
How can I find the reoccurring group of transactions over time? Hey Folks, I have a transaction search that "groups" various things of interest (5m maxspan etc ). I was wondering -... by RocIngersol Explorer in Splunk Search 04-21-2017 0 6	0	6
how to extract these fields using regular expression "cvpEditAction" : "R", "cvpEditAllowedAmount" : 333.57, Could someone please help me how to extract these? thanks. by prashanthberam Explorer in Splunk Search 04-21-2017 0 7	0	7
Could anyone explain what the below eval condition is doing my search? The following is the search in my Splunk. Now I am just trying to understand the structure and that condition means c... by pavanae Builder in Splunk Search 04-21-2017 1 4	1	4
How to serach for Windows Server created and enabled accounts of type Administrator - excluding Standard user account type. I thought the following query would return that but I can see accounts of type "Standard User". "search host=* AND s... by acabralg Explorer in Splunk Search 04-21-2017 0 11	0	11
how to find out scripts running on indexers hi, Is there a way to find out the scripts running by users on indexers because few backs when i ask a user , he tol... by kteng2024 Path Finder in Splunk Search 04-21-2017 0 3	0	3
MV field split by comma and not line break I have a group of multivalue fields that are listed with linebreaks . I'm looking to remove the line breaks from one ... by mdsnmss SplunkTrust in Splunk Search 04-21-2017 1 1	1	1
Evaluate multiple events with same data. I would like to count the number of times a Server went down based on up/down status field. How can i evaluate multip... by biec1 Explorer in Splunk Search 04-21-2017 0 4	0	4