Splunk Search

Community Activity

Save value of a field of one event and compare it with all other found events Hello, I have a list of three events, each of them has the same ID in the field ID. One event containing a field tha... by ckunath Communicator in Splunk Search 04-06-2017 0 3	0	3
How to get concurrent transactions for multiple hosts? Hello, I'm having trouble getting concurrent events by host. I can get concurrent key transactions for a single hos... by drmed Explorer in Splunk Search 04-06-2017 0 4	0	4
not getting expected results from using multiple sourcetypes Hi, I am reposting this question because when I posted first time i didnt use the code button (101 010). sorry for... by Laya123 Communicator in Splunk Search 04-06-2017 0 7	0	7
Searching issues in comparing data Hi Splunker beginner here. I'm having an issue in forming the search syntax for comparing the biggest amount of clie... by user290317 Explorer in Splunk Search 04-06-2017 0 3	0	3
Search on data model object, weird behavior Hi guys, i'm fairly new to Splunk and have a problem regarding searches on data models. So what i did is, i created ... by MemoreX42 Explorer in Splunk Search 04-06-2017 3 2	3	2
extract selected data from given field I've error messages in the filed name "ErrorMessage"; i want to extract only error code using regex expression. Pls s... by x05311 Explorer in Splunk Search 04-05-2017 0 1	0	1
How to use rex to extract only the date field? hi everyone my log is: 2017-03-07T14:21:17.061-0600,,0,,,,,1,0,0,0, 1753-01-01 00:00:00.0000000,0,1753-01-01 00... by fertlaloc New Member in Splunk Search 04-05-2017 0 1	0	1
Distinct count by hour by type I currently have a search: ... \| eval hour=strftime(_time,"%H") \| streamstats time_window=1h dc(vehicle_id) AS dc_vi... by plucas_splunk Splunk Employee in Splunk Search 04-05-2017 0 5	0	5
How to include a few events from the log prior to the event that triggered the alert? I would like to setup a scheduled alert which includes the event that triggers the alert, plus a few events prior the... by splunkIT Splunk Employee in Splunk Search 04-05-2017 0 1	0	1
ignore certain occurances out of multiple occurances in an event Hello, I have a log file with a bunch of entries like this: [INFO ] Wed, 5 Apr 2017 at 08:19:52 AM EDT TestClass [De... by explorer436 New Member in Splunk Search 04-05-2017 0 1	0	1
HELP with Search and Bar Chart... Hello all, I am trying to search on multiple values, which are not being populated in a field. And then renaming th... by leomedina Explorer in Splunk Search 04-05-2017 0 3	0	3
Days Between Question I am trying to determine the days between a static date and current date in this query I added a the 2008r2 column w... by jhayIV Engager in Splunk Search 04-05-2017 0 2	0	2
REX expression for multiple extractions in columns Hello all, I was hoping I could get a bit of assistance in figuring out a rex expression I could use to extract part... by raby1996 Path Finder in Splunk Search 04-05-2017 0 5	0	5
I need to set 24hours default search intervals for user role We have 3 custom roles (user, power user and admin) and i would like to set 24hours as default search interval or blo... by jayakumar89 Explorer in Splunk Search 04-05-2017 0 3	0	3
How to get duration of transactions within the earliest and latest time? Hi all, Below is how the data I have. currentDate user _time 2017-02-01 aaa 8:00:00 2017-02-01 aaa 9:12... by limalbert Path Finder in Splunk Search 04-05-2017 0 4	0	4
Is there a way to write a splunk query which displays our props.conf , transform.conf , indexes.conf configuarion as outputs I would like to see in props.conf how data parsing is done My query should return results stating sourcetype ... by nasamajh09 New Member in Splunk Search 04-05-2017 0 2	0	2
How to Display Each Event of User with "X" Number of Failed Logins Good morning, I have the following search: index=[my index] source=[my source] sourcetype=[my sourcetype] event=log... by SplunkLunk Path Finder in Splunk Search 04-05-2017 0 5	0	5
User has left the company, but audit shows failed logins every 15 minutes. How can I find the source of these failed attempts? Hello everyone, I have inherited shared responsibility for a Splunk instance. We recently had a user departure, and ... by grittonc Contributor in Splunk Search 04-05-2017 0 5	0	5
How can I tag or mark _internal events from different environments? We have a requirement to collect data from testing enclaves (that have copies of production devices) to our primary S... by sniderwj Explorer in Splunk Search 04-05-2017 0 4	0	4
Calculating data with multiple transactions per order Hi, I have the following data with the following columns, OrderNo, Transaction Start, Transaction Stop. I wrote a se... by timm747747 Path Finder in Splunk Search 04-05-2017 1 5	1	5
Merging search results into lookup file I am having lookup file with list of Jobs to be monitored. I want to create a table with the jobs name from lookup fi... by Kwip Contributor in Splunk Search 04-05-2017 0 2	0	2
Use inputlookup to find servers not reporting Here's the scenario: server102 has not reported data in the last 15 minutes. I want to use my inputlookup in conjunct... by hippe21 Explorer in Splunk Search 04-05-2017 0 10	0	10
Nedd regex help to use part of a filepath as source type I have a source of /var/log/opscode/desired_sourcetype/current. I need to get the part of the filename that is called... by brent_weaver Builder in Splunk Search 04-05-2017 0 6	0	6
How to correct timestamp parsing and field extraction of XML log? Hi, novice splunker here. I'm having an issue in getting all the timestamps correctly parsed from the DATE and TIME ... by user290317 Explorer in Splunk Search 04-05-2017 0 2	0	2
How to search a area based on a given lat/lon Hi, I have a requirement - the user will enter a lat,lon in the filter and expects Splunk to search the "nearby 10km... by meenal901 Communicator in Splunk Search 04-05-2017 0 1	0	1