Splunk Search

Community Activity

Index XML files from a url How can we index XML files from a url ending in .xml in splunk? We have an XML URL that we need to index into splunk,... by abhijitnath89 Path Finder in Splunk Search 03-10-2017 0 5	0	5
Display Date on Dashboard panel I want to show the previous week date on Title of panel. Can anyone have some thoughts for it? by chintan_shah Path Finder in Splunk Search 03-10-2017 0 3	0	3
Swap field and values I have a list of fields within a Datamodel collected as values within the field named "unknown" \| datamodel Authenti... by muebel SplunkTrust in Splunk Search 03-10-2017 0 2	0	2
append search incorrect time window I have a multisearch to view data for yesterday only. [search index=... earliest = -1d@d latest=+0d@d\| search .... ... by akhasriya Engager in Splunk Search 03-10-2017 0 2	0	2
What to do when appendcols command can't handle larger counts? We need to determine a 30 day average based on the count of two events, a request and a response. The issue is that e... by f5x6kb8 Explorer in Splunk Search 03-10-2017 0 4	0	4
How to combine my two search queries using join or subsearch? Hi, I have 2 different search queries which i need to combine and generate the report as similar to dashboard and ou... by Gowtham0809 New Member in Splunk Search 03-10-2017 0 1	0	1
setup.xml: problems with windows scripted input format I have a setup.xml which uses the following format for scripted inputs on Unix systems: # inputs.conf [script://./bi... by mw Splunk Employee in Splunk Search 03-10-2017 2 9	2	9
Could not use strptime to parse timestamp Hi all, I'm adding detail files from FreeRadius, which looks like following: Wed May 2 10:28:04 2012 NAS-IP-Ad... by stwong Communicator in Splunk Search 03-09-2017 1 6	1	6
How to a create a table search for my data? i have fields key and value field "key" contains values sessionID txnID eventSeverity msgType ... by sravankaripe Communicator in Splunk Search 03-09-2017 0 2	0	2
How to generate a search to find persistent connections between client workstations to the internet? I have squid proxy log that I want to mine for persistent connections from my client workstations to the internet (ie... by pdumblet Explorer in Splunk Search 03-09-2017 0 3	0	3
How to use eval to sum a large set of fields with field name matching a pattern? I have several fields like this: types.events.1 types.events.2 types.events.3 etc I can use eval to sum them like t... by driekhof Path Finder in Splunk Search 03-09-2017 0 7	0	7
How can you restrict a role or user from creating field extractions? How do you restrict a role from creating field extractions? There's event actions drop down for search results where ... by devinmclean Path Finder in Splunk Search 03-09-2017 0 3	0	3
use a subsearch to define earliest and latest for main search I want to use a sub search to find events, then use the time as a boundary for the main search. In my case, I search ... by yannK Splunk Employee in Splunk Search 03-09-2017 6 3	6	3
Unable to get graph from csv data input. I must have this data to be converted to graph. I have attached the csv. Is it possible? When I try this it gives be ... by kingshukm New Member in Splunk Search 03-09-2017 0 5	0	5
Give complete log output on search When I do a search, the search results only show the lines of the logs that are matching my query. Is it possible to ... by YanwuGuTelus New Member in Splunk Search 03-09-2017 0 5	0	5
How do I include time range fields, Cron Schedule, and Alert Condition in my search to validate my Splunk Alert? Hello Everyone , We need to validate our teams Splunk Alerts are correct. And that the Alert conditions thresholds... by theoborrero Explorer in Splunk Search 03-09-2017 0 3	0	3
Is it possible to group events by date range within 1 second? Sorry if this was a question asked before but i couldn't seem to find it. I am trying to do a group by on _time so th... by dcheng123 Engager in Splunk Search 03-09-2017 0 4	0	4
How to edit my search to convert a string to date format? hello! i have this date: 20150225123000998 I want this format date : 25/02/2015 12:30:00 998 (not important) m... by gasdrubadiss New Member in Splunk Search 03-09-2017 0 1	0	1
How to use the time input field to calculate time as seconds? Hi, In my form, I have labeled my time input as field3 such as: input type="time" token="field3" searchWhenCha... by abzmhzsplunk New Member in Splunk Search 03-09-2017 0 6	0	6
How to remove values of 0 from my search results? I have a search that calculates a time duration for windows events logon and logout. ....\| eval duration=tostrin... by packet_hunter Contributor in Splunk Search 03-09-2017 0 8	0	8
How do i get Unique events for my search keyword I am getting so many results for a single search keyword.how do i make a unique single result for that search keyword... by rakesh_498115 Motivator in Splunk Search 03-09-2017 0 2	0	2
Identify searches that take long time in a SH Cluster. Is there a way to find out which query i staking long time and consuming more CPU and memeory utilisation via a splun... by sarnagar Contributor in Splunk Search 03-09-2017 0 4	0	4
index=_audit contents? Could someone please tell me what these following fields in the audit index refer to? OR please guide me to the right... by saranya_fmr Communicator in Splunk Search 03-09-2017 0 3	0	3
How to find an active user session on different machines at the same time? Hello Splunkers. Using the wineventlog I can tell when a user logged on and off based on EventCodes 4624 and 4634 an... by guimilare Communicator in Splunk Search 03-09-2017 0 3	0	3
Null Search Swapper Hello, When using the "Null Search Swapper" functionality with code like the one we can find in the "Splunk 6.x Dash... by jebabin Engager in Splunk Search 03-09-2017 0 3	0	3