Splunk Search

Community Activity

MV field split by comma and not line break I have a group of multivalue fields that are listed with linebreaks . I'm looking to remove the line breaks from one ... by mdsnmss SplunkTrust in Splunk Search 04-21-2017 1 1	1	1
Evaluate multiple events with same data. I would like to count the number of times a Server went down based on up/down status field. How can i evaluate multip... by biec1 Explorer in Splunk Search 04-21-2017 0 4	0	4
Cannot sort dynamic column in date format Hi, I tried to summary data in each assignment_group_name by month here is my code: index="snow" sourcetype="snow:... by urapaveerapan Explorer in Splunk Search 04-21-2017 0 3	0	3
Stats Distinct Count (X) + X[Values] Hi Splunkers, I have a query that gives me the following fields I want to work with. username Country (after usin... by JRamirezEnosys Explorer in Splunk Search 04-21-2017 0 3	0	3
Relative Time search (e.g. today 4AM) Hi, I have a report (scheduled to be run every 5 minutes) that I have built, it list the number of specific events ... by nicolas_pons New Member in Splunk Search 04-21-2017 0 3	0	3
Why are some searches only rarely executed without any warning or error? Hey everyone i have a little bit of a problem with some of my searches, as I am only rarely able to execute them. Sp... by hbusch New Member in Splunk Search 04-21-2017 0 5	0	5
how does the attribute "maxHotIdleSecs" work? In my indexes.conf file (C:\Program Files\Splunk\etc\system\local) I have the attribute "maxHotIdleSecs = 86400" So ... by aywong Path Finder in Splunk Search 04-21-2017 0 10	0	10
SPL: extract logfile name from source field Hi, I am trying to setup a dropdown bar for a dashboard and would like to setup dynamic inputs based on the source lo... by danielsofoulis Path Finder in Splunk Search 04-21-2017 0 6	0	6
How edit my search to get a chart of bin counts over time? I'd like to create a chart of bin counts over time (with a span defined). Right now, I can get the result over the wh... by viraptor New Member in Splunk Search 04-21-2017 0 4	0	4
Why I have "Duplicate values causing conflict" with eval ? Hi, Can you tell me why i can't update my dynamic list on my dashboard ? I have this message : "Duplicate values cau... by Abarny Path Finder in Splunk Search 04-21-2017 0 5	0	5
Group multiple Keys and count the values by status and table the results Good day, i have the follwing key values: CMD=LOOK ITEM1=APPLE ITEM2=APPLE ITEM3=ORANGE STAT=0 CMD=LOOK ITEM1=APPLE ... by mkrauss1 Explorer in Splunk Search 04-21-2017 0 5	0	5
HELP! Extracting JSON rex not working... Hello all, I am trying new things and expanding my palate but having a problem extracting JSON. My Search: index=t... by leomedina Explorer in Splunk Search 04-20-2017 0 6	0	6
How to use a list of whitelist mac addresses to find "bad" mac addresses? Hello, for control dhcp server, need to search "bad" mac addresses, but use whitelist . And need modify search string... by k909 Engager in Splunk Search 04-20-2017 0 5	0	5
Is there a search that can be used to determine if Linux logs have been cleared or deleted? Greetings, In Windows, there's a nice EventID you can query to see when system, application, or security event logs ... by SplunkLunk Path Finder in Splunk Search 04-20-2017 0 3	0	3
How to use join to combine my two search? i have to two different sourcetypes with two different key but values are same for both keys Please help me with se... by sravankaripe Communicator in Splunk Search 04-20-2017 0 4	0	4
How to find duplicate values in a multivalue field? Hi I have logs in Splunk containing lines like this: UserPolicies=13=5\|0=81540803\|7=137\|9=76\|13=3\|1=11\|21=10 UserPoli... by jovi New Member in Splunk Search 04-20-2017 0 3	0	3
Combining separate columns based on x-axis value I initially created a chart that will show log count for a number of hosts: ... \| chart count by host source \| ... wh... by sepkarimpour Path Finder in Splunk Search 04-20-2017 1 1	1	1
How to edit my search to split statistics results per day? HI Guys. I have a search that shows our HTTP code errors and do a error percentage of that based on total value of re... by alisonchicoria New Member in Splunk Search 04-20-2017 0 4	0	4
Grouping (Range?) HTTP Status codes Hi, I have queries that I'd like to group HTTP Status codes together... (i.e. anything 200-299, or 300-399, or 400... by dbcase Motivator in Splunk Search 04-20-2017 0 4	0	4
how to write rex for my use case i want to retrive BLOCKED_PARENT (This item is blocked because its parent cannot syndicate.) message from the belo... by sravankaripe Communicator in Splunk Search 04-20-2017 0 2	0	2
Timechart with multiple fields Hi , I need to add one more field "row_num" in the same timechart Search query is index=abc \| timechart span=1hr ... by imthesplunker Path Finder in Splunk Search 04-20-2017 0 6	0	6
How filter with join ? hi guys, I want to filter my request where when logs{}.newStateId!=5 i recover the projects{}.id but this join isn't... by Abarny Path Finder in Splunk Search 04-20-2017 0 6	0	6
Large lookup files in a distributed environment: how can we force the .tsidx indexes to build on all search heads? Splunk automagically builds .tsidx indexes on Lookup files which are large. This is triggered the 1st time someone pe... by rsouth Engager in Splunk Search 04-20-2017 2 3	2	3
Adding a WHERE clause to chart so only NON-matching results are shown on visualization I'm currently generating a chart with ... \| chart count by host source \| ... so it counts the number of lines output ... by sepkarimpour Path Finder in Splunk Search 04-20-2017 0 7	0	7
makemv delims not working Hi, don't seem to see the problem but makemv doesn't work on the search below. sourcetype=st1 < some search >\|rename... by mcm10285 Communicator in Splunk Search 04-20-2017 1 2	1	2