Splunk Search

Community Activity

How can I get the 10 oldest events of a search first and quickly? All, Any idea how I get the 10 oldest events from the search below? I need it to validate that we have 90 days of r... by daniel333 Builder in Splunk Search 02-24-2017 0 1	0	1
Compare three data sources Hello I have three sources I should compare fields. Lets say index =A index=B and index=C. All the three sources hav... by jarapally Explorer in Splunk Search 02-24-2017 0 5	0	5
how to remove dot in timechart? index=xxx source="udp:4005" \|eval startTime = strptime(TransactionStartTime,"%FT%T.%3N%Z") \| eval endTime = strptime(... by karthi2809 Builder in Splunk Search 02-24-2017 0 3	0	3
DateTime Convertion Hi, I don't understand why my datetime extracted can't convert when same format has no issue host="gmw8" OR host="... by duyanhtr Engager in Splunk Search 02-24-2017 0 7	0	7
How to find out the first occurrence of an event with a search? Currently I am trying to figure out a way to pull the first time an event occurred. Specifically when one of our prog... by jmcaloon Explorer in Splunk Search 02-24-2017 0 4	0	4
Regex for nullQueue, conditional regex. Can someone figure it out? Hello all, I'm not sure this is doable with nullQueue in transforms to filter out events of this form, hopefully som... by adamsmith47 Communicator in Splunk Search 02-24-2017 0 1	0	1
How to edit my "stats (count)" search to display a table? Hi guys, i have a question about the function stats count (fields) by field \| where xxx . I want just the result of... by Abarny Path Finder in Splunk Search 02-24-2017 0 4	0	4
how to connect to a local log file which will be updating everytime i want to create a alert on log file which will be updating frequently..plz tell me the way to connect to that log fi... by prakashv546 New Member in Splunk Search 02-24-2017 0 2	0	2
How to keep fields after a chart command for use in dynamic drilldown If I have a table like this: TestName , OS , IsSuccessfull, , TestID T1 ,... by splunker56 New Member in Splunk Search 02-24-2017 0 7	0	7
How to modify my search to truncate time displayed on chart? Hi, I am tracking Splunk startup and stop through graph. My search: index=_audit action=splunkShuttingDown OR act... by AKG1_old1 Builder in Splunk Search 02-24-2017 0 1	0	1
How to sort my table columns? Can someone help in sorting table columns. Table contains Row1,Row2,Row3,Row11,Row22,Row33 I tried sorting in orde... by vnithin123 Engager in Splunk Search 02-24-2017 0 2	0	2
How to find the time taken by a field in certain time interval? I have set of events like below SessionID="F4E22EFDB35791C879400BABAD77879C",TransactionID="9885533d-b9a3-48ba-a6a1-... by dyapasrikanth Path Finder in Splunk Search 02-23-2017 0 2	0	2
Why is streamstats "reset_on_change=true" is not working? so here is my search : index=* sourcetype=xyz source=pp iso_direction="outgoing" 0210 \| eval Error_Count=if(de39_... by sathiyasun Explorer in Splunk Search 02-23-2017 0 6	0	6
Wilde card is not working for when using colorPalette type="map" and i need to add in wilde characters Below is the code that i have. It is in a table where colors will come up pending on the text that i have. I want to... by robertlynch2020 Influencer in Splunk Search 02-23-2017 0 3	0	3
Date Format Oddly Changes Hi All I have been using Splunk for a couple of Months now, last month i noticed that the date format was being inte... by talismanc New Member in Splunk Search 02-23-2017 0 4	0	4
How to generate a search that will list events together that have no common field? I have three different events that compose a single email transaction that I need to list together. The problem is th... by cmo87 New Member in Splunk Search 02-23-2017 0 3	0	3
How to edit my search to track consecutive and dual logins by the same user? Trying to make a table to track login of a user at same time from different IP. [AzA][][host][12/Mar/2017:**15:28:29... by krishnacasso Path Finder in Splunk Search 02-23-2017 0 13	0	13
What is the root cause of Splunk lookup error "'Could not find all of the specified destination fields in the lookup table.'"? Hi, I have a setup with 4 Search heads, 6 indexers and many forwarders. I keep seeing the below error in splunkd.lo... by deepak02 Path Finder in Splunk Search 02-23-2017 0 2	0	2
What can I search for in _internal data to monitor/audit Splunk admin activities? HI Team, I am trying to configure some alerts for tracking all Splunk admin activities like mentioned below where ch... by thezero Path Finder in Splunk Search 02-23-2017 0 1	0	1
How to create a report that lists the groups that a user belongs to? Our Active Directory logs contain a field called member_of and the value contains all the groups that a user is a mem... by digital_alchemy Path Finder in Splunk Search 02-23-2017 0 2	0	2
How To filter internal IP address in splunk search Hi All, I want to filter out internal IP range while searching, can please suggest some of the best search commands,... by nnimbe Path Finder in Splunk Search 02-23-2017 1 5	1	5
Calculating the disk read write ratio I have this below query . After the summation of values is calculated , i have to find the ratio of read versus wri... by shabdadev Engager in Splunk Search 02-23-2017 0 8	0	8
How to return field from a subsearch to main search for subsequent calculations I have an xml sourcetype, with multiple events correlated with a corrID field. For one class of events, I have a "be... by techols New Member in Splunk Search 02-23-2017 0 1	0	1
How to edit my timechart search to create a vertical line? Hi guys, I need to create a vertical line in a time chart. I thought that I could use the following search to draw t... by faustf Communicator in Splunk Search 02-23-2017 0 14	0	14
How do I extract a certain OU from my DN in my active directory data? I would like to extract a certain portion of my AD data to identify a certain OU. The OU I want to extract always app... by DPWSplunkPOC Explorer in Splunk Search 02-23-2017 0 1	0	1