Splunk Search

Community Activity

How to extract AppId from whole text Extracting AppID(s) from whole text and group by AppId and host txid:944::appId:3::test: txid:944::appId:3::tes2: ... by jw44250 New Member in Splunk Search 04-06-2017 0 4	0	4
Display Matches Between Query and Lookup File Hi, I wonder whether someone may be able to help me please. I'm using the following query to successfully return a l... by IRHM73 Motivator in Splunk Search 04-06-2017 0 3	0	3
Count seconds with no events by host I'm trying to capture the amount of time a particular host is idle. I can do that in a timechart easily enough but I... by jercra Explorer in Splunk Search 04-06-2017 0 4	0	4
More Elegant way to do a Lookup? I am trying to find a better way of doing the following search: <Search_all_proxies> [\|inputlookup list_of_naughty_u... by stakor Path Finder in Splunk Search 04-06-2017 0 8	0	8
Silent hit of limit Dear splunk employees, Can you please implement an improvement to splunk notifications: if any configuration limitat... by iKate Builder in Splunk Search 04-06-2017 3 4	3	4
Finding the host for which the REST thread limit reached Hi, I could see the following warning : " Can't handle request max thread limit for REST HTTP server" Is there any... by kteng2024 Path Finder in Splunk Search 04-06-2017 0 4	0	4
How to use mvfilter to get list of data that contain less and only less than the specific data? Hi all, I have a question related to my other question. https://answers.splunk.com/answers/518074/how-to-get-a-coun... by limalbert Path Finder in Splunk Search 04-06-2017 0 3	0	3
How do I extract the event time? I tried this but didn't work. \| return _time=strftime(_time,"%Y-%m-%d %H:%M:%S") by amccallon New Member in Splunk Search 04-06-2017 0 6	0	6
Comparing variables in a table I want to create a search that runs through a variable that contains many mac addresses that correspond to a specific... by JoshuaJohn Contributor in Splunk Search 04-06-2017 0 6	0	6
How can I include queried text string in a table output? Greetings, I'm search my Linux hosts for when the local firewall starts/stops. So I'm using the query: index= host... by SplunkLunk Path Finder in Splunk Search 04-06-2017 0 3	0	3
How to backup KV Store for specific lookups? We have several Lookups defined and i would like to backup kvstore for specific Lookups (For instance i need to backu... by jayakumar89 Explorer in Splunk Search 04-06-2017 1 3	1	3
Comparing field values(time) with Real Time and display the result Hi, One of the field value in splunk is 12/28/2016 15:13:10, i just wanted to compare with realtime and display the ... by nnimbe Path Finder in Splunk Search 04-06-2017 0 2	0	2
Save value of a field of one event and compare it with all other found events Hello, I have a list of three events, each of them has the same ID in the field ID. One event containing a field tha... by ckunath Communicator in Splunk Search 04-06-2017 0 3	0	3
How to get concurrent transactions for multiple hosts? Hello, I'm having trouble getting concurrent events by host. I can get concurrent key transactions for a single hos... by drmed Explorer in Splunk Search 04-06-2017 0 4	0	4
not getting expected results from using multiple sourcetypes Hi, I am reposting this question because when I posted first time i didnt use the code button (101 010). sorry for... by Laya123 Communicator in Splunk Search 04-06-2017 0 7	0	7
Searching issues in comparing data Hi Splunker beginner here. I'm having an issue in forming the search syntax for comparing the biggest amount of clie... by user290317 Explorer in Splunk Search 04-06-2017 0 3	0	3
Search on data model object, weird behavior Hi guys, i'm fairly new to Splunk and have a problem regarding searches on data models. So what i did is, i created ... by MemoreX42 Explorer in Splunk Search 04-06-2017 3 2	3	2
extract selected data from given field I've error messages in the filed name "ErrorMessage"; i want to extract only error code using regex expression. Pls s... by x05311 Explorer in Splunk Search 04-05-2017 0 1	0	1
How to use rex to extract only the date field? hi everyone my log is: 2017-03-07T14:21:17.061-0600,,0,,,,,1,0,0,0, 1753-01-01 00:00:00.0000000,0,1753-01-01 00... by fertlaloc New Member in Splunk Search 04-05-2017 0 1	0	1
Distinct count by hour by type I currently have a search: ... \| eval hour=strftime(_time,"%H") \| streamstats time_window=1h dc(vehicle_id) AS dc_vi... by plucas_splunk Splunk Employee in Splunk Search 04-05-2017 0 5	0	5
How to include a few events from the log prior to the event that triggered the alert? I would like to setup a scheduled alert which includes the event that triggers the alert, plus a few events prior the... by splunkIT Splunk Employee in Splunk Search 04-05-2017 0 1	0	1
ignore certain occurances out of multiple occurances in an event Hello, I have a log file with a bunch of entries like this: [INFO ] Wed, 5 Apr 2017 at 08:19:52 AM EDT TestClass [De... by explorer436 New Member in Splunk Search 04-05-2017 0 1	0	1
HELP with Search and Bar Chart... Hello all, I am trying to search on multiple values, which are not being populated in a field. And then renaming th... by leomedina Explorer in Splunk Search 04-05-2017 0 3	0	3
Days Between Question I am trying to determine the days between a static date and current date in this query I added a the 2008r2 column w... by jhayIV Engager in Splunk Search 04-05-2017 0 2	0	2
REX expression for multiple extractions in columns Hello all, I was hoping I could get a bit of assistance in figuring out a rex expression I could use to extract part... by raby1996 Path Finder in Splunk Search 04-05-2017 0 5	0	5