Splunk Search

Community Activity

Is there a better way to edit my regular expression? Hey guys, I have field with values like: RQT4 - Ownership foo barr R11: Assistance fooo barr 192392 RQR11 -RFI A lot... by Accak Path Finder in Splunk Search 03-03-2017 0 5	0	5
How to search for the "Log In" and "Log Out" event when they appear to have the same pattern in my logs? Hi everybody, I have a problem with a log file to search the log In and log Out event. pattern : Line 2 --> Mar... by LNebout Path Finder in Splunk Search 03-03-2017 0 11	0	11
how to only show events with certain like values from stats command (or should my approach change?) Hello All, The business process is that every day a file will come and the name of the file will always change, howe... by johnmvang Path Finder in Splunk Search 03-03-2017 0 3	0	3
How to use the appendpipe command after using xyseries? I have the following displayed FEB-2016 March-2016 April-2016 May-2016 Application TechStack 2 ... by ASISH_9 Engager in Splunk Search 03-03-2017 0 4	0	4
How to calculate the difference in field values Hi all. I have two basic searches like this: index=first sourcetype=first-sourcetype \| stats count by FIELD1 index... by changux Builder in Splunk Search 03-03-2017 0 9	0	9
How to calculate the difference between count of two different searches? Hi all. I have a first search: index=first sourcetype=type1 \| stats count And a second: index=first sourcetype... by changux Builder in Splunk Search 03-03-2017 0 2	0	2
Is it possible to set "connect mode" for null values in a chart overlay? I have a column chart with chart overlay. Can we set "connect mode" for null values in chart overlay lines? by vaibhavagg2006 Communicator in Splunk Search 03-03-2017 0 4	0	4
Search timeline display problem in Chrome The search timeline is displaying improperly in the latest Chrome; it displays fine in latest Firefox and Safari. Thi... by ctoo Engager in Splunk Search 03-03-2017 0 4	0	4
If our max concurrent searches is 10, how does Splunk process searches for a dashboard with 20 panels? Our max concurrent searches in four CPUs is 10 (6 base + 4 ). If we open a dashboard with 20 panels, does it just run... by nagarjuna559 Explorer in Splunk Search 03-03-2017 0 1	0	1
How to fill a non existing field from other source Hello everyone, I have this search (index=trans_xxx_mycountry sourcetype=trans_xxx_mycountry) OR (index=trans_yyy_a... by jrballesteros05 Communicator in Splunk Search 03-03-2017 0 15	0	15
How do I create a field whose name is the value of another field? Like backticks or eval() in other languages. I have a set of data, perhaps XML, perhaps 5.x+ PerfMon, and it's in this format: aName=Field1 aValue=123 aName=Fiel... by Jason Motivator in Splunk Search 03-03-2017 10 8	10	8
How to have certain fields displayed at the search level and another set of fields displayed at the report/dashboard panel level? Sample Log: [02.22.2017 03:48:33.985] INFO - [CargoHub.com.aa.cargo.SPL.AirWaybillSCPSModule] TID[WMQJCAResourceAd... by andakun_222 New Member in Splunk Search 03-03-2017 0 6	0	6
How to generate a timechart from multiple data sources? I need a time chart from multiple source -- First source search : host=abcdefgh source="Test.log" index=app_ops_prod... by ataunk Explorer in Splunk Search 03-03-2017 0 5	0	5
How to calculate count of key per each different values? Hello guys, i,m new in Splunk and this is my question: Example, i have this NetFlow data: dest_port=1024 protoid=6... by monserta Explorer in Splunk Search 03-03-2017 0 8	0	8
Is it possible to use a lookup at index time, not search time? Hi Splunkers This is during parsing time .. not search time. Is there a way that I can use a lookup during parsing ... by mathiask Communicator in Splunk Search 03-03-2017 0 8	0	8
When using "tstats count", how to display zero results if there are no counts to display? I need to use tstats vs stats for performance reasons. I would like tstats count to show 0 if there are no counts to... by jsh315 Engager in Splunk Search 03-03-2017 0 8	0	8
Field Extraction is not working in Splunk. I am working on MS Azure logs and some of the fields are not getting parsed so I tried to use the field extraction in... by skukreja New Member in Splunk Search 03-03-2017 0 9	0	9
How to stop running searches on hidden panels? Hi I have a heavy dashboard, so i am trying to hide some panels. The idea is i have a check box that sets a token a... by robertlynch2020 Influencer in Splunk Search 03-03-2017 1 2	1	2
Need help to grep for a string from a search query. Below is the sample result i get after running a query. Mar 2 19:38:25 myhost apache2: "123.12.13.14" - - [02/Mar... by chetanhonnavile Explorer in Splunk Search 03-03-2017 0 1	0	1
Remove words from a String Hi guys! I need to remove words from 2 char in a string, I have a field like: comment="La pagina web es muy mala de... by sebafdez Explorer in Splunk Search 03-03-2017 0 3	0	3
Why is the table column edit symbol not showing up? I have formatted the table with simple table format visualization for columns in my local instance.. when i deploy it... by k_harini Communicator in Splunk Search 03-03-2017 0 1	0	1
RSS/Atom feed How can I add a RSS/Atom feed to my data input? by torreyt New Member in Splunk Search 03-02-2017 0 2	0	2
Sorting Rex extracted test My rex output extract gives following output in different environment. Is there any query to sort the returned text s... by nithinthomas New Member in Splunk Search 03-02-2017 0 4	0	4
How to extract file names from an unformatted URL string? Hi We need to extract file name from a URL. But URL in the log files have different formats or it has multiple spaces... by splunker9999 Path Finder in Splunk Search 03-02-2017 0 10	0	10
How do I use a stats sum and then divide by a field not used when summing? I have events that have tablespace, tablespace_size, table_owner, table_name, table_size ie WORK_TS 10000000 joe ... by riotto Path Finder in Splunk Search 03-02-2017 0 2	0	2