Splunk Search

Community Activity

how much data coming to an index hi, Is there any way we couldn't find out how much data coming to an particular index ? by kteng2024 Path Finder in Splunk Search 03-09-2017 0 3	0	3
Keeping long events together I've got a log of rails requests which are mostly parsed correctly. Almost every request seems to be a single event w... by viraptor New Member in Splunk Search 03-09-2017 0 1	0	1
streamstats event question Hi I amb calculating the averge between two consecutive events using streamstats, the question is that I have to do i... by jperezes Path Finder in Splunk Search 03-09-2017 0 2	0	2
Any regex masters out there? Working on a regex for a script log. Need to pull out user: User accounts for \\ -----------------------------------... by tkwaller Builder in Splunk Search 03-09-2017 0 9	0	9
Can I count multi-value fields? My event(NOT table): _time,id,eth_src,eth_dst 090000,1,u,v 090001,1,w,x 090002,1,y,z 090003,2,u,v 090004,2,w,x 09000... by i111040d New Member in Splunk Search 03-09-2017 0 5	0	5
How to edit my search to exclude events outside of certain times of the day? Greetings, I need to run a search and only pull certain events that happen between midnight and 5:00 AM. So I use t... by SplunkLunk Path Finder in Splunk Search 03-09-2017 0 13	0	13
How to extract string from a position until the end of line? I have lines like this: [2011/02/11@10:33:13.978+0100] P-18679 T-0 I Usr 2: (49) SYSTEM ERROR: Memor... by mdzmuran Observer in Splunk Search 03-09-2017 0 2	0	2
How to parse a JSON array into Splunk table? I have been searching for how to do this and I haven't really come across anything that matches my use case. I have ... by bshega Explorer in Splunk Search 03-09-2017 0 7	0	7
notify users to change password on their first login and every 3 month the password we share should expire in 3 days Hi all Can any one help me with password change notification to the user What exactly we need is if we create new u... by puneethgowda Communicator in Splunk Search 03-09-2017 0 4	0	4
Real time select today's data Hi I wonder if i could do this. I am able to select real time for last one hour ,24 hours etc and i want to select ... by puneethgowda Communicator in Splunk Search 03-09-2017 0 5	0	5
How to get the TPS of all events in a 24 hours by host . We are trying to get TPS for 3 diff hosts and ,need to be able to see the peak transactions for a given period. initi... by guru865 Path Finder in Splunk Search 03-08-2017 0 10	0	10
Why is manual field extraction not working for some fields in some events? I have manually set up a search time field extraction with regular expression in the props.conf. It happens so that o... by dkkim_splunk Splunk Employee in Splunk Search 03-08-2017 0 4	0	4
How to send email to multi users one by one I run a query and get the table like this, user user_email content Jack ... by chlily New Member in Splunk Search 03-08-2017 0 1	0	1
CSV vs KV store lookup. How large is large? Documentation comparing CSV and KV store notes that for large lookups, KV Store is preferred over CSV. http://dev.sp... by MonkeyK Builder in Splunk Search 03-08-2017 0 4	0	4
Monitoring a Large Wifi Environment I'm looking at monitoring potentially a large wifi network consisting of multiple access points and looking for any i... by Esky73 Builder in Splunk Search 03-08-2017 0 5	0	5
How to edit my real time alert to trigger when average CPU and memory usage exceeds 70% in a 2 minute span? I want an alert thrown whenever a two minute interval shows the average CPU and average Memory usage both exceeding 7... by DPZ_Luke Explorer in Splunk Search 03-08-2017 0 11	0	11
How to group my data so that any values with the same time will be merged into 1 row? Hi , I'm very new here with Splunk searches I'm trying to do a group by on my dataset so that any rows with the same... by dcheng123 Engager in Splunk Search 03-08-2017 0 1	0	1
Need search help Hello I have a search that timecharts useragent count by useragent. Simply index=apache useragent=* \| timechart ... by tkwaller Builder in Splunk Search 03-08-2017 0 2	0	2
How to create a regular expression on a multivalue field I have a multivalue (MV) field "filetypes" with values such as: test/Makefile.am,test/och_test.cc,test/fully1.py,24,... by jlkokko Path Finder in Splunk Search 03-08-2017 1 4	1	4
Hosts that have sent events over the last eight weeks (by week) but taking into account owner vacation I have a low volume index where hosts send one event every 24 hours. I need to determine if each host in today's sea... by regriffith Path Finder in Splunk Search 03-08-2017 0 3	0	3
Peak hours of the week by total daily percentage Hi, I need to display the peak times of day that events are occurring. Essentially, I want to find out the peak time... by SecureIA Path Finder in Splunk Search 03-08-2017 0 4	0	4
How to convert this string into a usable time format? Hi and thanks in advance, I am trying to convert the following time example field: 2017-03-02T09:41:38.405Z i... by jperezes Path Finder in Splunk Search 03-08-2017 0 2	0	2
Tried DELIMS, REPORT but cannot get neither working sample data : Number: 152119522 Date : 12/01/2015 12:00:00 AM, Execution Time: 1945 Area Code: 21 Area Name: reading... by Esky73 Builder in Splunk Search 03-07-2017 0 2	0	2
Display Field Even No Values Hi i encounter an issues when i try to display field in table form without any values my data look like table below: ... by qygoh Engager in Splunk Search 03-07-2017 0 10	0	10
MVZIP With the same field on the same Line Hello All, I have a set of data that looks like the excerpt below: [44] 2017-12-22 to 2017-12-29: 2017-12-22... by raby1996 Path Finder in Splunk Search 03-07-2017 0 2	0	2