Splunk Search

Community Activity

Add specific fields into the timechart OTHER category. I'm generating a report of the daily usage of my users indexes over the past week using this search: earliest=-7d@d ... by dglinder Path Finder in Splunk Search 03-27-2017 1 2	1	2
Create Scatter Diagram That Show Data Fall Within Average Range Hi all, i try to create a scatter diagram that will show idea range of values and how many fall within it. I try use ... by qygoh Engager in Splunk Search 03-27-2017 0 4	0	4
multiple search queries in one panel Can anyone help simplify attached XML to display result in one panel as described below Current Result 3 panels ... by luvukrishna Engager in Splunk Search 03-26-2017 0 3	0	3
Excute sql statement on splunk db connect Hi All, am connected to oracle database & am trying to get data from it using splunk dbconnect, amd trying to excute... by MAShawky Explorer in Splunk Search 03-26-2017 0 1	0	1
How to setup multiple SQL statements in a single DB Connection input Hi Everyone, I am creating DB inputs in the Splunk DB Connector 3.0.2. I would like to run 2 sql statements or possi... by tpirozzi Explorer in Splunk Search 03-26-2017 0 3	0	3
indexer search limits reached Hi, When i ran a command which will fetch the events from last 7 days from a host , splunk is throwing below message... by kteng2024 Path Finder in Splunk Search 03-26-2017 0 1	0	1
Creating local temporary file creates Checksum mismatch Hello, I'm trying to create an app that runs a script that executes an app, and the app creates a log file that I'm ... by Epicism1 Explorer in Splunk Search 03-26-2017 0 2	0	2
How to count hosts that have a field value of ((X OR Y) AND (A OR B)), over the course of time? I am looking to find hosts that have two field values over the course of time for the search, for example a week. T... by stakor Path Finder in Splunk Search 03-26-2017 0 2	0	2
How to use rex to extract values from URLs into a field? Hello all, From the following list http://www.foo.com:80/main.html http://www.foo.com:80/xe/journal/v1/book/nF1.jpg... by willamwar Path Finder in Splunk Search 03-26-2017 0 4	0	4
How to pass unused fields in an outer search? Hello, I need to execute a search where the 5 fields from one search would be used to search another data. Also, I n... by jagdeepgupta813 Explorer in Splunk Search 03-26-2017 0 4	0	4
How to identify symantec ep av logs in splunk Can any one tell how we can identify the symantec EP old av logs and will be there any source to pull these logs ? by vkumar6 Explorer in Splunk Search 03-26-2017 0 1	0	1
kvstore lookups and efficiency I wanted to get peoples thoughts on using multiple data sources in Splunk and whether it’s worth doing some processin... by brent_weaver Builder in Splunk Search 03-25-2017 0 1	0	1
searching bro_dns answers{} array bro_dns shows the results of a dns query as what I presume is an array, for example: answers: [ [-] mt-inges... by splunkjosef Explorer in Splunk Search 03-25-2017 0 6	0	6
How to update a lookup file with top command results? Hi, I have lookup file with host and count fields as below host.csv host count ----------------- host1 10 host2 2... by srinivasup Explorer in Splunk Search 03-25-2017 0 3	0	3
Display Avg Column sourcetype="email_process" \| eval processing_time_in_seconds = processing_time/1000 \| table email, processing_time ,p... by signpriya82 New Member in Splunk Search 03-25-2017 0 2	0	2
How do I combine my two alerts into a single search? The use case involves two alerts: ALERT 1: raising the alert when more than 4 systems got affected with the same vir... by samsingnok Engager in Splunk Search 03-25-2017 0 1	0	1
How to create a search to display with traffic on Splunk source and destination ports? help me with Splunk search to display the traffic on Splunk source and destination ports. by sravankaripe Communicator in Splunk Search 03-25-2017 0 1	0	1
How can I update tags and corresponding permissions from a lookup table via Search Processing Language? Hi, I have a list of hosts which are maintained and updated via a lookup table. Is it possible in Search Processing L... by jedatt01 Builder in Splunk Search 03-25-2017 0 1	0	1
How to edit my search to find real-time scheduled searches? Below is the search i am using to find the real time schedule searches .. but i would like to know which user is runn... by kteng2024 Path Finder in Splunk Search 03-25-2017 0 4	0	4
timestamp parsing issue for a specific time my log is: 2016-12-22 00:01:11,076 [myid:123] - INFO [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] - Accepted d... by kteng2024 Path Finder in Splunk Search 03-25-2017 0 5	0	5
Received error warning "Failed to parse timestamp. Defaulting to timestamp of previous event". How can I find which event in the source log threw this error? i am trying to debug an issue "failed to parse timestamp". In the splunkd log, i see the following warning :- 02-23... by kteng2024 Path Finder in Splunk Search 03-25-2017 0 2	0	2
changing the source type in splunk Hi, what happens if we change the source type of already existing data . For example , i have a monitor stanza like ... by kteng2024 Path Finder in Splunk Search 03-25-2017 1 4	1	4
Why is setting a token from result not working? Any ideas on why KER_RESULT would not be working? Tail end of base query... Updated code... <search id="events">... by snoobzilla Builder in Splunk Search 03-25-2017 2 15	2	15
Return command giving error for stats c(eval...) in splunk Hello Everyone, Am creating the dynamic query depending on condition and after that using return command to execute ... by snehalk Communicator in Splunk Search 03-25-2017 0 1	0	1
REX issue, quite an interesting one, potential bug? Just wondering if anyone has ever seen this before? This is the data I’m extracting from: "Classic,Audit Failure",1... by mrgibbon Contributor in Splunk Search 03-24-2017 0 8	0	8