Splunk Search

Community Activity

Error in 'transaction' command: Descending time ordered events required, but the preceding search does not guarantee time order I believe commands like "transaction" work on the _time metadata field that is hidden in each event. This is similar ... by thisissplunk Builder in Splunk Search 04-03-2017 0 1	0	1
How to change the unit values (5G to 5 and 400M to .4) for a scripted input? I have scripted output from UGE qhost command that gives memory in G (GBs) or if less than 1GB, in M (MBs). I'd like... by shearsey New Member in Splunk Search 04-03-2017 0 3	0	3
How to count the number of occurences of distinct strings associated with a specific json tag across multiple events? Hello, I am very new to this tool. I have Splunk set up to monitor a log file and extract json being written to that... by dhartzog New Member in Splunk Search 04-03-2017 0 3	0	3
Need to run a subsearch with practically unlimited rows Hi, Currently I'm trying to run a query which take the results of a subsearch as a parameter as follows: index="vid... by anthony_copus Explorer in Splunk Search 04-03-2017 0 3	0	3
How to extract multi key value from a single event Here is the logs, event=SUCCESS_FROM_SERVICE UserID=abc currentTime=2017-03-31T05:22:52.176Z headline="[{'contentUU... by shaal89 New Member in Splunk Search 04-03-2017 0 3	0	3
How to index Oracle audit trails stored in .aud files? Hi, I have a request from a client to index the .aud files generated by Oracle. I have been searching Splunk Answers... by f_luciani Path Finder in Splunk Search 04-03-2017 1 12	1	12
Getting a value from subsearch (index="myindex" OR index="wineventlog") AND ((host=MYSERVER1 OR host=MYSERVER2) AND (EventCode=20274 OR EventCode=20... by tmontney Builder in Splunk Search 04-03-2017 0 24	0	24
display single row vertically Is there a way to display a single row table in vertical form ? simpleresult ist like key1 key2 key3 I'd like key1 ... by sbsbb Builder in Splunk Search 04-03-2017 0 2	0	2
Rename a Column When Using Stats Function Good morning, This must be really simple. I have the query: index=[my index] sourcetype=[my sourcetype] event=logi... by SplunkLunk Path Finder in Splunk Search 04-03-2017 0 4	0	4
Is it possible to write a search that shows the selected timerange of saved searches? Hi, Is it possible to write a search that shows the selected timeranges for all saved searches? The result table wo... by HeinzWaescher Motivator in Splunk Search 04-03-2017 0 2	0	2
timechart time format change I am trying to tabulate number of specific operation per day using this format timechart span=1d count as DLCreateCo... by gancw1 Explorer in Splunk Search 04-03-2017 0 8	0	8
How to push the search query to lookup file If I write a search query and want to push the search query code to my lookup. Ho to do it?? by vivek_manoj Explorer in Splunk Search 04-03-2017 0 6	0	6
Find Time-Range for Most Recent event. So I have splunk events and I want to display information as a time range. For example: event type1: Started proc1 id... by njwrk Engager in Splunk Search 04-02-2017 0 3	0	3
How to extract multivalue pipe separated subfields (with header) from a field? I have a data source from DBX that has a field called "description" that contains a pipe separated format with header... by jedatt01 Builder in Splunk Search 04-02-2017 0 3	0	3
Finding a percentage for every value in another field I am looking for source IPs that have a high percentage of being blocked. The evaluations below work fine if I use ju... by stakor Path Finder in Splunk Search 04-01-2017 0 1	0	1
how do i query all events with ID4738 for a specific user? how do i query all events with windows ID 4738 for a specific user by tksre New Member in Splunk Search 04-01-2017 0 3	0	3
How to merge multiple query in single output I have 5 query merged in single output. In statistics tab I am getting expected values. But in visualization tab when... by twh1 Communicator in Splunk Search 04-01-2017 0 5	0	5
How to select one event from a transaction? I need to group the events (in this case by JSESSIONID) and select the one with the max date I have the groups with... by juanpavergara Engager in Splunk Search 04-01-2017 0 2	0	2
Grouping results in a table by IP address I know I have bumped into this in the past, but I can think of a good keyword to do a search on... I have a search t... by stakor Path Finder in Splunk Search 04-01-2017 0 2	0	2
How to find all the searches having "index=" in the search or Alert or Reports Hi, Am fine tuning my environment, so i listing out the searches which are using index= in the search. But as * is ... by SathyaNarayanan Path Finder in Splunk Search 04-01-2017 0 9	0	9
whats happens when hot buckets are not specified ? hi, Can i please know what happens if maxHotBuckets is not specified , when will splunk roll the buckets from hot to... by kteng2024 Path Finder in Splunk Search 03-31-2017 0 1	0	1
Assigning a variable to field values consolidated by wildcard I'm trying to wrap my head around assigning a variable to field values that have been consolidated by wildcard. The s... by smutherbavaro New Member in Splunk Search 03-31-2017 0 4	0	4
How to edit my search to raise a group of fields to the power of 2? Hello, I am attempting to raise a group of fields to the power of 2 but Splunk is not returning any results. Below i... by epresson New Member in Splunk Search 03-31-2017 0 7	0	7
Extract String using REGEX I am fairly new to REGEX and need help with extracting values from the below event 22 Mar 2017 18:41:15,320 WARN Sin... by ashishlal82 Explorer in Splunk Search 03-31-2017 0 5	0	5
timechart auto scale, how to over-ride? I have a very simple query that shows the number of events over the course of a month -- plotted on a timechart: \| t... by Michael Contributor in Splunk Search 03-31-2017 0 4	0	4