Splunk Search

Community Activity

How to chart a list of key value pairs Hi there, I am using Splunk's REST API Modular Input to input data from Apache Solr. Once a day a facet query is sent... by Tom1187 Path Finder in Splunk Search 04-16-2017 0 6	0	6
Joining fields from three different indexes and sourcetypes I have three searches that I want to merge into one single table as search output. I will try to explain my case thro... by ismarslomic Path Finder in Splunk Search 04-16-2017 3 9	3	9
replacing and output Hello all, I have the following search: index =datapower environment=PROD mpgw(Subscription-Aysnc) 'HTTP response c... by leomedina Explorer in Splunk Search 04-15-2017 0 2	0	2
Combining and comparing 2 date results Hi Splunkers, I'm new to splunk and i'm working on a dashboard for a service/application. What i'm trying to do is t... by bartp New Member in Splunk Search 04-15-2017 0 5	0	5
Need help with REX and Panels Hi, I am newbie to Splunk. Here's some of my sample logs, where I need to count the number of occurrences for each of... by karanvirsharma New Member in Splunk Search 04-14-2017 0 2	0	2
Can find the string in event but count, timechart, where does not work hi there, new to Splunk here..question: Event log: 4/14/2017 16:00:00 +0000, blah blah...., statusCode="'20'", s... by maximusdm Communicator in Splunk Search 04-14-2017 0 3	0	3
streamstats vs. tstats Hi, I have a customer who is using streamstats to validate data is coming into Splunk. I recommended tstats, and do... by a212830 Champion in Splunk Search 04-14-2017 0 7	0	7
How to map every event which has a lat and long field? I have 35 events. Each one has a lat and long field. How do I map each one of them to an individual point on a map? W... by jdunlea Contributor in Splunk Search 04-14-2017 0 3	0	3
Can you expose an env variable as a field in events coming from that forwarder I am trying to expose an environment variable and make it a field for events coming from a splunk universal forwarder... by stath002 Path Finder in Splunk Search 04-14-2017 0 2	0	2
How to generate a search to find a local account added to admin group within one hour? How can I find if a local account/user has been created and then added to the admin/domain admin group within a span ... by abdul_jabbar New Member in Splunk Search 04-14-2017 0 1	0	1
Can I perform If-Then-Else logic within a search? I have a field that I want to report on, but in some of my events, that field is missing (null) and so I'd like to us... by maverick Splunk Employee in Splunk Search 04-14-2017 6 4	6	4
If function returning integers? This code snippet is being used to calculate a time into a normal time in the H.M format. The numbers are something l... by jordanb93 Explorer in Splunk Search 04-14-2017 0 2	0	2
I am not being able to calculate time difference between two event codes that are 1100 and 13, and also i want to exclude the logs if the interval between these two codes are less than 15 seconds Am trying below query but its not Working: index=* (sourcetype=WinEventLog:System OR sourcetype=WinEventLog:Security)... by himapate Explorer in Splunk Search 04-14-2017 0 2	0	2
How to find duration between multiple timestamps of different users? Hi all, The boundary of the logs: date and user. Total logs is more than 1000 logs. How should I list the date? I a... by limalbert Path Finder in Splunk Search 04-14-2017 0 3	0	3
return command - exit (or return known value) if no results found I have a search that is basically (there are actually 2 sub searches, but this makes it easier to understand): index... by thewer Explorer in Splunk Search 04-14-2017 2 5	2	5
Multiple values for table and values unique Hi guys, Can you help me ? I need to do a table like this New date available \| Origine date available 25/... by Abarny Path Finder in Splunk Search 04-14-2017 0 2	0	2
data is displayed by alphabetic order of the month name when using date_month to sort In 4.2.x, instead of June, July, August, September, the data listed as August, July, June, September. Data is display... by zliu Splunk Employee in Splunk Search 04-14-2017 1 4	1	4
how to search in default indexes (not only one) in one app without providing the index. Hello folks There is a way to configure which indexes belongs which splunk app. Is there also a way to configure in ... by zugji Path Finder in Splunk Search 04-14-2017 0 2	0	2
cron search in dashboard panel Hello, I am trying to create a search query, which i will later transfer to dashboard panel. This query is monitorin... by Fleshwriter Explorer in Splunk Search 04-13-2017 0 2	0	2
How to get the hostname from the logs? Hi, I have the syslogs coming from 4 consoles in to single path, how to extract the hostnames in inputs.conf file? ... by kiran331 Builder in Splunk Search 04-13-2017 0 3	0	3
Lookup on text file not working I wanted to use a file to use for usernames. For example, I want to know when the following people's account informat... by johnblakley Explorer in Splunk Search 04-13-2017 0 3	0	3
Calculate delta for range of time I'm fairly new to Splunk and its query language. I have this data that I'd like to search through and visualize in a ... by gauravnj1 Engager in Splunk Search 04-13-2017 0 5	0	5
How to get the previous savedsearch by a given savedsearch from the same user? I used the following query to get a list of savedsearches by a given user: index=_internal user="John Doe" \| table ... by splunkrocks2014 Communicator in Splunk Search 04-13-2017 0 11	0	11
Multiple lookups, with an OR I am looking to use lookups in an OR for a search. Roughly what I want to do is: <search> ((if IP_From_BAD_IP matche... by stakor Path Finder in Splunk Search 04-13-2017 0 2	0	2
How can I show the fields which have a specific value? I'm running the following - index=<claims_index> geico \| table *. This index has around 200 fields and I would like t... by ddrillic Ultra Champion in Splunk Search 04-13-2017 0 7	0	7