Splunk Search

Community Activity

stats vs timechart i am getting two different outputs while using stats count( 1hr time interval) and timechart count span=1h. I was u... by apillai01 New Member in Splunk Search 04-09-2017 0 9	0	9
Make map command process values in series Hi all! How can I make map command process all the list of submitted to its input values(thousands), not just the n... by iKate Builder in Splunk Search 04-08-2017 1 12	1	12
pass case statement result to search string I have tokens coming from drilldown index="test" \| eval res_time = case( "PRIORITY CODE" == "1" ,"Resolution Time <=... by k_harini Communicator in Splunk Search 04-08-2017 0 11	0	11
How to extract user and source ip from Cisco Syslog message? X_wan-network` sourcetype=wan_syslog EventType=local6.warning "Login" \| rex field=_raw “(?\w+;(?\w+)” \| table _time,h... by jthomp7626 New Member in Splunk Search 04-07-2017 0 2	0	2
query to find the last 5 searches ran by user hi, Is there any query to find out last five queries ran by a user. We can do it by using history command. by kteng2024 Path Finder in Splunk Search 04-07-2017 0 1	0	1
Extracting fields from Syslog event I have an alert set up to email me if I see failed log on to a list of servers. I would like to alter this alert to o... by avalle Path Finder in Splunk Search 04-07-2017 0 3	0	3
How to adjust table alignment by x05311 Explorer in Splunk Search 04-07-2017 0 5	0	5
Can I make sichart behave like chart? So I have a working query that uses chart to visualize some data by some categories. Example: index=myData \| chart c... by rharrigan Engager in Splunk Search 04-07-2017 0 3	0	3
Is it possible to filter Events by condition and count the left over events per day? Hello Folks, I am new to splunk and try to create a search that displays me all Emails that was send 6 Weeks after a... by therrmann5 New Member in Splunk Search 04-07-2017 0 1	0	1
How to generate a search to find dashboards so that we can export the result Hi, Is there any search to find the all the dashboards along with usernames, email id, and when it was created. I kn... by kteng2024 Path Finder in Splunk Search 04-07-2017 1 4	1	4
Search for same time frame on the same day of different weeks Hello! I've been spinning my wheels on this problem for a few hours. I have to build a report in Splunk that will s... by wolfreb Explorer in Splunk Search 04-07-2017 0 7	0	7
Automatic field extraction syntax: quoting, escaping quotes (Note that this entire post is about text being written to logs that Splunk scans, not about queries or query syntax.... by larrywest Explorer in Splunk Search 04-07-2017 0 1	0	1
Adding additional field from one json field. Hi all, I just started discovering Splunk. I am extracting a file containing JSON data. The data looks something li... by jankappe Explorer in Splunk Search 04-07-2017 0 3	0	3
After upgrading to Splunk 6.5.0, what is the best way to alert when forwarders don't check in for more than 2-3 minutes? I'm currently using a very old deployment monitor search to determine when forwarders are down and it doesn't seem to... by johnpof Path Finder in Splunk Search 04-07-2017 0 6	0	6
Time Difference between events that reoccur with identical messages but at a different time I am trying to find a query that can calculate the time difference between 2 events. It should give me the time for t... by mhassan24 Explorer in Splunk Search 04-07-2017 0 5	0	5
How do I get an any selection to work on a multiselect where filter? Hi all, I am currently working towards generating a user dashboard that requires nothing but text entry and multise... by denymw Explorer in Splunk Search 04-07-2017 0 5	0	5
Raw json file getting truncated Using splunk developer version. I've set TRUNCATE to 25000 and max_events to a large number as well, but the informa... by jimbolya New Member in Splunk Search 04-07-2017 0 3	0	3
Is it possible to print a line chart with: line with value, line with mean+stdev and line with mean-stdev? Hi people! I'm trying to print a line chart with three values: valuemean(value) - stdev(value)mean(value) + stdev(v... by erabadan Engager in Splunk Search 04-07-2017 0 3	0	3
Why is the regex in inputs.conf not working for monitoring my log files? Hi I have the following file in multiple sub directories. I am trying to pick them up but the below is not working ... by robertlynch2020 Influencer in Splunk Search 04-07-2017 0 13	0	13
How to generate a search that will filter data from a CSV file? hi guys I'm new to Splunk I have two csv files: A and B A has name, ages, height, weight B is the limitation factor... by laudai Path Finder in Splunk Search 04-07-2017 0 2	0	2
How do i create this kind of relationship of two indexes For example ID field1. ID field2 1 A. 1 X 2 B. 2. Y 1. E. 1. Z... by DiegoAlba Explorer in Splunk Search 04-07-2017 0 3	0	3
Radial gauge with precise numbers I can obtain a gauge with the needle pointing to the total events with method=GET and the total being the sum of the ... by juanpavergara Engager in Splunk Search 04-07-2017 0 1	0	1
how to know the current retention policy Hi, Is there anyway to know the current retention policy we have in splunk environment for all the indexes ? by kteng2024 Path Finder in Splunk Search 04-07-2017 0 2	0	2
how to separate the value into two different fields using like function For example i have the field , description field like KM - PROD - MSSQL 2008 VA ... by umsundar2015 Path Finder in Splunk Search 04-06-2017 0 10	0	10
How to extract AppId from whole text Extracting AppID(s) from whole text and group by AppId and host txid:944::appId:3::test: txid:944::appId:3::tes2: ... by jw44250 New Member in Splunk Search 04-06-2017 0 4	0	4