Splunk Search

Community Activity

how to create line chart with multiple fields like timeline? hello, i have this raw table: 1 2 3 4 5 6 7 8 9 10 0 0 0 0 0 0 0 0 0 ... by avivn Explorer in Splunk Search 04-10-2017 0 3	0	3
+ fields command + question/observation on case sensititvity ... \| fields + _time GOUa this will give me my _time column on the left with other columns on the right matching th... by HattrickNZ Motivator in Splunk Search 04-10-2017 1 3	1	3
Eventtype or macros - Need Suggestion Hi Everyone, I need a suggestion to build the Splunk app or query . The situation is I had list of cities (lets... by himpor Engager in Splunk Search 04-10-2017 0 5	0	5
Data Enrichment from lookup with column header containing spaces Is it possible to use a csv file in a lookup specifically for data enrichment whereby the column header contains spac... by jacqu3sy Path Finder in Splunk Search 04-10-2017 0 8	0	8
How to configure LINE_BREAKER regex in props.conf? I have a data source that looks like this: I0908 09:35:18.395637 3109 vdisk_micro_migrate_egroup_op.cc:1075] ... I0... by louieb3 Path Finder in Splunk Search 04-10-2017 1 14	1	14
I have to subtract between 2 alternate rows. Like Row2-1,Row 4-3 . Not the difference between the consecutive rows. I used "Diff" but it gives diff b/w each row. Please suggest. TXName Period Value diffValue tx1 Period 1 25 tx1 Period 2 14 -11 tx2 Period 1 12 tx2 Period 2 20 8... by BTCM Engager in Splunk Search 04-10-2017 0 1	0	1
I have to find difference between alternate rows for a field like Row 2-1, Row 4-3. Not difference between all the consecutive rows. I used "diff" but it gives me difference between all the rows. Please suggest. TXName Period Value diffValue tx1 Period 1 25 tx1 Period 2 14 -11 tx2 Period 1 1... by BTCM Engager in Splunk Search 04-10-2017 1 1	1	1
How to break events as Every Line Hi All, What's the appropriate regex for event break Every Line? Is my props.conf correct? [index_name] LINE_BREAKE... by dantimola Communicator in Splunk Search 04-10-2017 0 2	0	2
Compare two field values and get matching third value from table Hello, i'm trying to do a search and then compare my result with a table from a .csv file (contains a table with ids... by ckunath Communicator in Splunk Search 04-10-2017 0 2	0	2
Count number of App IDs from log file The appId length can vary at any given time..it can be 1 or X length log files Log1 appId=1231 appId=12355 Log2 ... by jw44250 New Member in Splunk Search 04-09-2017 0 4	0	4
Move the Splunk from one server to another server What is the steps to move the Splunk, including the search and indexes from serverA to serverB? thks by SplunkCSIT Communicator in Splunk Search 04-09-2017 2 5	2	5
Real time search with python sdk and \| stats Hi guys, i think i'm missing something. I'm try to make a real time search with python sdk; after connection if i run... by maurelio79 Communicator in Splunk Search 04-09-2017 1 4	1	4
How to convert multivalue fields with corresponding value in another field to column-value pair? Hi All, We have recently configured the Splunk Add-on for Microsoft Cloud Services to pull o365 logs into Splunk. Fo... by lindbergh_calde Explorer in Splunk Search 04-09-2017 0 5	0	5
stats vs timechart i am getting two different outputs while using stats count( 1hr time interval) and timechart count span=1h. I was u... by apillai01 New Member in Splunk Search 04-09-2017 0 9	0	9
Make map command process values in series Hi all! How can I make map command process all the list of submitted to its input values(thousands), not just the n... by iKate Builder in Splunk Search 04-08-2017 1 12	1	12
pass case statement result to search string I have tokens coming from drilldown index="test" \| eval res_time = case( "PRIORITY CODE" == "1" ,"Resolution Time <=... by k_harini Communicator in Splunk Search 04-08-2017 0 11	0	11
How to extract user and source ip from Cisco Syslog message? X_wan-network` sourcetype=wan_syslog EventType=local6.warning "Login" \| rex field=_raw “(?\w+;(?\w+)” \| table _time,h... by jthomp7626 New Member in Splunk Search 04-07-2017 0 2	0	2
query to find the last 5 searches ran by user hi, Is there any query to find out last five queries ran by a user. We can do it by using history command. by kteng2024 Path Finder in Splunk Search 04-07-2017 0 1	0	1
Extracting fields from Syslog event I have an alert set up to email me if I see failed log on to a list of servers. I would like to alter this alert to o... by avalle Path Finder in Splunk Search 04-07-2017 0 3	0	3
How to adjust table alignment by x05311 Explorer in Splunk Search 04-07-2017 0 5	0	5
Can I make sichart behave like chart? So I have a working query that uses chart to visualize some data by some categories. Example: index=myData \| chart c... by rharrigan Engager in Splunk Search 04-07-2017 0 3	0	3
Is it possible to filter Events by condition and count the left over events per day? Hello Folks, I am new to splunk and try to create a search that displays me all Emails that was send 6 Weeks after a... by therrmann5 New Member in Splunk Search 04-07-2017 0 1	0	1
How to generate a search to find dashboards so that we can export the result Hi, Is there any search to find the all the dashboards along with usernames, email id, and when it was created. I kn... by kteng2024 Path Finder in Splunk Search 04-07-2017 1 4	1	4
Search for same time frame on the same day of different weeks Hello! I've been spinning my wheels on this problem for a few hours. I have to build a report in Splunk that will s... by wolfreb Explorer in Splunk Search 04-07-2017 0 7	0	7
Automatic field extraction syntax: quoting, escaping quotes (Note that this entire post is about text being written to logs that Splunk scans, not about queries or query syntax.... by larrywest Explorer in Splunk Search 04-07-2017 0 1	0	1