Splunk Search

Community Activity

characters that need to be in quotations When you search in Splunk, I know some characters need to be in quotations-- field="value with spaces". I'm trying to... by camillak Path Finder in Splunk Search 03-02-2017 0 3	0	3
Why is my field extraction not consistent across all events? I want to extract a field which is uuid format and name it instanceid. props.conf settings EXTRACT-fields_5 = \[[i... by diavolo Path Finder in Splunk Search 03-02-2017 0 11	0	11
When using sparkline to display a table, why am I unable to list "host" field information? I'm not able to populate the host field with information when using the search below. When I look at the events tab, ... by jward6004 Explorer in Splunk Search 03-02-2017 0 2	0	2
Searching wildcard on a field that can possibly have null values Hello everyone, I am very close to a solution for my problem, but I am not quite there yet. I created a view that a... by centrafraserk Path Finder in Splunk Search 03-02-2017 1 5	1	5
I am trying to select a date range based on a single date field within a log. As an example - sourcetype="tickets" SubmitDate between 01/01/17 - 01/31/17. Any help would be appreciated. I am trying to select a date range based on a single date field within a log. As an example - sourcetype="tickets" S... by ChipOC New Member in Splunk Search 03-02-2017 0 1	0	1
Sorting Field name that is dynamically named in a particular order My search compares between the past two month (i.e. now we are in March, my search compares between January & Februar... by Parameshwara Path Finder in Splunk Search 03-02-2017 1 7	1	7
Percentage Timechart Hello I'm trying to add a percentage for each day. Here is what I have: index=tt OrderIntegration.asmx "PlaceOrderR... by tkwaller Builder in Splunk Search 03-02-2017 0 6	0	6
How to use field value count to filter the search result? I want to generate a search which generates results based on the threshold of field value count. I.E.,, My base sear... by Kwip Contributor in Splunk Search 03-01-2017 0 7	0	7
How to get correct host information from a Universal Forwarder to intermediary heavy forwarder to Splunk Cloud We have a setup where we have a syslog-ng server that forwards all events using a UF to a HF and then to the cloud. ... by tegnatomm Engager in Splunk Search 03-01-2017 0 2	0	2
understanding the transforms.conf hi, Can someone please explain me the below transforms.conf . I read the documentation ,but it's not clear to me . [... by kteng2024 Path Finder in Splunk Search 03-01-2017 0 2	0	2
How to write a query to have count of time where time is greater than 20s hits of one field "Time " against total time hits "Time" ,to create alert . here is a search i'm using for one alert. sourcetype=xx source="yy" method= timeDiff\| eval Time=ltrim(rtrim... by guru865 Path Finder in Splunk Search 03-01-2017 0 4	0	4
How to trim values from results Hi, We are looking to have my file name more readable and that being said FIlename looks like below and need to trim ... by splunker9999 Path Finder in Splunk Search 03-01-2017 0 6	0	6
How to generate a search to find unique IPs hitting a specific URL in Specific Time Range? Hello - I'm trying to write a search string that finds unique IPs hitting a specific URL in 30 minute bursts. For exa... by mistydennis Communicator in Splunk Search 03-01-2017 0 6	0	6
How to extract source and destination IP fields? I am trying to configure various search fields for a firewall log from the field extractor but Splunk is pulling up s... by rootchin Engager in Splunk Search 03-01-2017 1 3	1	3
Display only differences in values, between 2 events Hello, I'm looking events that track changes to a configuration. The first event is the "before" state the newest e... by chengka Explorer in Splunk Search 03-01-2017 0 14	0	14
How to edit my search to limit results to a specific user? Hi i'm working w/ the below search and getting good results for all currently logged in user accounts but would anyon... by cjsweeney1 Explorer in Splunk Search 03-01-2017 0 3	0	3
How to include only certain fields in an email sent from an alert I have an alert that looks for a pattern in an event that is an xml: ie. ":2017-03-01 06:02:16,194 INFO 7010 Syste... by riotto Path Finder in Splunk Search 03-01-2017 0 3	0	3
How to generate a search that determines inactivity of firewall rules? I'm having issues creating a search that determines inactivity of firewall rules. I'd like to determine if a firewal... by elpfarr Explorer in Splunk Search 03-01-2017 0 5	0	5
Unknown error for peer xxx. Search Results might be incomplete Splunk 6.4.2のSearch head 2台、Indexer 12台の分散環境を使っていますが、時間がかかるサーチを実行するとUI上に以下のエラーが表示されることがありますが、エラーが表示される原因および解決方法を教えてくだ... by cwl Contributor in Splunk Search 03-01-2017 0 1	0	1
Why does appendcols cause a search to produce different results? Hello all, I have an index of events, each of which has an enter and exit timestamp where _time is associated to the... by andrewtrobec Motivator in Splunk Search 03-01-2017 0 8	0	8
How can I merge 2 tabled rows and add field values from columns as new fields? I am looking to combine columns/values from row 2 to row 1 as additional columns. I am not sure which commands shoul... by nidhsha2 New Member in Splunk Search 03-01-2017 0 5	0	5
Why am I receiving "Search process did not exit cleanly, exit_code=255, description="exited with code 255"" error with my current search? Hi Folks, While executing the below command on Search and Reporting app, we are getting below error. could you pleas... by lksridhar Explorer in Splunk Search 03-01-2017 0 5	0	5
Searching Splunk logs and looking for occurrences of values fed from a CSV file Hi, All, Here's what I have: I have a csv file (1 column, 1000 values) which I've uploaded to the lookup dir: "/opt/... by carpe_diem12 New Member in Splunk Search 03-01-2017 0 9	0	9
mainframe log parsing help - crazy log format Greetings I have been staring at the below for sometime and I have no idea where to start to get this log to parse c... by ebailey Communicator in Splunk Search 03-01-2017 0 7	0	7
Group by two or many fields fields Hi This is my data : I want to group result by two fields like that : I follow the instructions on this topic ... by Naaba New Member in Splunk Search 03-01-2017 0 9	0	9