Splunk Search

Community Activity

How to extract multivalue pipe separated subfields (with header) from a field? I have a data source from DBX that has a field called "description" that contains a pipe separated format with header... by jedatt01 Builder in Splunk Search 04-02-2017 0 3	0	3
Finding a percentage for every value in another field I am looking for source IPs that have a high percentage of being blocked. The evaluations below work fine if I use ju... by stakor Path Finder in Splunk Search 04-01-2017 0 1	0	1
how do i query all events with ID4738 for a specific user? how do i query all events with windows ID 4738 for a specific user by tksre New Member in Splunk Search 04-01-2017 0 3	0	3
How to merge multiple query in single output I have 5 query merged in single output. In statistics tab I am getting expected values. But in visualization tab when... by twh1 Communicator in Splunk Search 04-01-2017 0 5	0	5
How to select one event from a transaction? I need to group the events (in this case by JSESSIONID) and select the one with the max date I have the groups with... by juanpavergara Engager in Splunk Search 04-01-2017 0 2	0	2
Grouping results in a table by IP address I know I have bumped into this in the past, but I can think of a good keyword to do a search on... I have a search t... by stakor Path Finder in Splunk Search 04-01-2017 0 2	0	2
How to find all the searches having "index=" in the search or Alert or Reports Hi, Am fine tuning my environment, so i listing out the searches which are using index= in the search. But as * is ... by SathyaNarayanan Path Finder in Splunk Search 04-01-2017 0 9	0	9
whats happens when hot buckets are not specified ? hi, Can i please know what happens if maxHotBuckets is not specified , when will splunk roll the buckets from hot to... by kteng2024 Path Finder in Splunk Search 03-31-2017 0 1	0	1
Assigning a variable to field values consolidated by wildcard I'm trying to wrap my head around assigning a variable to field values that have been consolidated by wildcard. The s... by smutherbavaro New Member in Splunk Search 03-31-2017 0 4	0	4
How to edit my search to raise a group of fields to the power of 2? Hello, I am attempting to raise a group of fields to the power of 2 but Splunk is not returning any results. Below i... by epresson New Member in Splunk Search 03-31-2017 0 7	0	7
Extract String using REGEX I am fairly new to REGEX and need help with extracting values from the below event 22 Mar 2017 18:41:15,320 WARN Sin... by ashishlal82 Explorer in Splunk Search 03-31-2017 0 5	0	5
timechart auto scale, how to over-ride? I have a very simple query that shows the number of events over the course of a month -- plotted on a timechart: \| t... by Michael Contributor in Splunk Search 03-31-2017 0 4	0	4
Comparing Chart Results to field This is my first time posting to the community, I hope this answer is not listed somewhere else.. if it is I have bee... by jamie_leclair Engager in Splunk Search 03-31-2017 0 3	0	3
How to get position of a not constant char/substring in another string? Hi all! As I understand, Splunk doesn't have any special functions for normal work with string. I need to get index ... by Nikita_Danilov Path Finder in Splunk Search 03-31-2017 0 10	0	10
Timechart of max(variable) - get actual time of peak, instead of bin time When I do a timechart - I get the max of my variable in the chart. However, if I hover over the value - the time ass... by sperl New Member in Splunk Search 03-31-2017 0 1	0	1
How to dynamically change the span parameter for a timechart? I have a dashboard panel that will display all events (for a given search) The result set may contain 100 or 10,000 e... by vdevarayan Path Finder in Splunk Search 03-31-2017 3 6	3	6
Field Extraction from existing field Although this works with no issue in SPL: \| rex field=fieldName "(?i)^(?P<test>.*)$" This EXTRACT-test = (?i)^(... by sloshburch Ultra Champion in Splunk Search 03-31-2017 0 5	0	5
dispatch reaper metrics In 6.5 it looks like there is a new metric event that tracks the dispatch reaper. You can view it with index=_intern... by jplumsdaine22 Influencer in Splunk Search 03-31-2017 0 1	0	1
How to write the search to get the user logon and logoff details on Splunk search head? Hi Folks, Could you please help me to get the search for Ldap user logon and logoff activity on Splunk search head? ... by lksridhar Explorer in Splunk Search 03-31-2017 0 2	0	2
How to append two different tables with different time intervals into a single table? Hi all. Apologies for asking such an unclear and hazy question. I have a situation to show transactions in 2 differen... by sundarrajan Path Finder in Splunk Search 03-31-2017 0 5	0	5
First & Last Occurrence of a Field Hi, Is there a way of discovering when an a field (e.g. like an IP address or MAC address) was first seen in the ind... by colinmchugo Explorer in Splunk Search 03-31-2017 0 1	0	1
Using the predict command on disk usage, how do I return the date as a single value when the field prediction(Used Space) = 1 or less? Hi. I'm using the predict command to determine when my machine will run out of disk based on the historical usage, ... by Norling80 Path Finder in Splunk Search 03-31-2017 1 5	1	5
Getting time differences between sub events in a transaction Hi all, I am have data about bus routes with arrival times at stops and I am trying to find the ride time between th... by srichansen Path Finder in Splunk Search 03-31-2017 0 8	0	8
Regex to cut the numerical portion of my search results Query : error SourceName=PaymentProcessingService Example of a common search result for under the field Exception... by jward6004 Explorer in Splunk Search 03-30-2017 0 11	0	11
How to combine separate events with a unique identifier? Hi, I get send-mail logs in separated events\lines (5 events). With a unique identifier that appears in any event. ... by bugnet Path Finder in Splunk Search 03-30-2017 0 6	0	6