Splunk Search

Community Activity

timestamp parsing issue for a specific time my log is: 2016-12-22 00:01:11,076 [myid:123] - INFO [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] - Accepted d... by kteng2024 Path Finder in Splunk Search 03-25-2017 0 5	0	5
Received error warning "Failed to parse timestamp. Defaulting to timestamp of previous event". How can I find which event in the source log threw this error? i am trying to debug an issue "failed to parse timestamp". In the splunkd log, i see the following warning :- 02-23... by kteng2024 Path Finder in Splunk Search 03-25-2017 0 2	0	2
changing the source type in splunk Hi, what happens if we change the source type of already existing data . For example , i have a monitor stanza like ... by kteng2024 Path Finder in Splunk Search 03-25-2017 1 4	1	4
Why is setting a token from result not working? Any ideas on why KER_RESULT would not be working? Tail end of base query... Updated code... <search id="events">... by snoobzilla Builder in Splunk Search 03-25-2017 2 15	2	15
Return command giving error for stats c(eval...) in splunk Hello Everyone, Am creating the dynamic query depending on condition and after that using return command to execute ... by snehalk Communicator in Splunk Search 03-25-2017 0 1	0	1
REX issue, quite an interesting one, potential bug? Just wondering if anyone has ever seen this before? This is the data I’m extracting from: "Classic,Audit Failure",1... by mrgibbon Contributor in Splunk Search 03-24-2017 0 8	0	8
How to form a search based on my data and my desired output? Hi All, I have the below format of data Name Value 1-Jan A 2-Jan B 2-Jan B 3-Jan C 2-Feb A 1-Mar V... by rsathish47 Contributor in Splunk Search 03-24-2017 0 6	0	6
Fields value correlation not working Hello, I have a query regarding ordering of ElapsedTime field. It is not coming properly with associated ServiceLaye... by hemendralodhi Contributor in Splunk Search 03-24-2017 0 7	0	7
How to combine additional events to an existing Transaction? Hello, I am trying to organize various types of events into single events. Currently I have a transaction set up to c... by like2splunk Explorer in Splunk Search 03-24-2017 0 4	0	4
Is there a limitation in the length of a search? Hello, I have a long Splunk search that I continue to add more conditions to each day so it keeps growing. Eventuall... by patricknguyen Explorer in Splunk Search 03-24-2017 0 4	0	4
How to write a crontab running from Monday 6 AM through Saturday 2 AM How to write a crontab from Monday 6 AM through Saturday 2 AM to run once in a hour. by srisplunk12 Engager in Splunk Search 03-24-2017 0 18	0	18
help me with search command -------\| eval test=if(condition,"INFO","Error") \| search test if condition is true the search must be behave as ----... by sravankaripe Communicator in Splunk Search 03-24-2017 0 3	0	3
How to add 2 different fields with under the same function? Hi guys, I need to do add enter 2 different fields under the same function. The first is with an ACResponse specific... by Abarny Path Finder in Splunk Search 03-24-2017 0 3	0	3
how to check the average queries time entered by the user Hi, Is there any way to find out how much time queries were taking to complete the job when the users enter the que... by kteng2024 Path Finder in Splunk Search 03-24-2017 0 2	0	2
Viewstates Error when trying to save/clone/edit search So we have a number of searches that cannot be saved or cloned due to viewstate errors. Many of them are accelerated... by JDukeSplunk Builder in Splunk Search 03-24-2017 1 1	1	1
How do I only show results using a token of a multivalue field? Hi all, I am new to using SPLUNK so please bare with me.... I have created a dashboard to utilise tokens in drop dow... by Reidap New Member in Splunk Search 03-24-2017 0 7	0	7
Help in Regex I have the field message - Method: Execute \| Class: GetUsersByVinActivity message- ... by vrmandadi Builder in Splunk Search 03-24-2017 0 3	0	3
How to trigger search based on a dynamic dropdown input? I am trying to create a dropdown box to allow the user to select a host category (Like backend or frontend) and then ... by ByteFlinger Engager in Splunk Search 03-24-2017 0 6	0	6
Timecharting delta by multiple fields My Sample event every minute looks like this: 03/06/2017 15:19:00 -0500, app01:JVM1=12, app01:JVM2=6, app01:JVM3=9, ... by mudragada Path Finder in Splunk Search 03-24-2017 0 8	0	8
How to graph sum of overlapping values given start time and duration? I've searched here for quite a while and didn't find what I'm looking for, or maybe I'm not wording it correctly... ... by rbernharnavy Engager in Splunk Search 03-24-2017 0 3	0	3
Maximum length of an Index name We are planning on some long and detailed index names. I'd like to know if there is a maximum length an Index name ca... by danbrook Explorer in Splunk Search 03-24-2017 0 2	0	2
How to fix one logfile with 3 different change-times? Hello, I have the following problem with every logfile on splunk. I explain it with one logfile as example. Logfil... by dexxter275 Explorer in Splunk Search 03-24-2017 0 6	0	6
Need help with regex in transforms.conf to find two words in an event Hallo, i have to filter the following literals in an event and i am new in regex: user:info ifconfig both literals... by gerdhuber Explorer in Splunk Search 03-23-2017 0 5	0	5
How to create a single dashboard that will change the search for each panel based on a dropdown input option? I have created 3 dashboards which displays performance metrics and client usage of the api. All 3 dashboards have the... by jxt950 Engager in Splunk Search 03-23-2017 0 4	0	4
How to rename the X-axis points in my chart from month number to month name? Hello, Right now on my line chart, the months are labelled as 1, 2, 3 - I would like them to be displayed as Jan, Feb... by pal4life Path Finder in Splunk Search 03-23-2017 0 8	0	8