Splunk Search

Community Activity

Show a result even if no events match I am trying to get the result even if no results matches. fillnull works fine with- search sourcetype="test" Status... by siddharthmis Explorer in Splunk Search 02-23-2017 0 4	0	4
Regex help! Hi How to extract the Ips from the below windows event both Client IP-1 and Client Ip-2 02/22/2017 09:05:24 AM Log... by kiran331 Builder in Splunk Search 02-22-2017 0 4	0	4
system uptime calculation I have a field uptime which is being forwarded from one of the server i want to monitor its uptime. This field has ac... by pprakash2 Explorer in Splunk Search 02-22-2017 1 5	1	5
add a count column in the table Hi All. I want to add an additional column in the table to display how many times a particular host in the set time... by ringbbg Engager in Splunk Search 02-22-2017 0 3	0	3
How to calculate autoLB time interval? Can i please know how to calculate the autoLB time interval as i am planning to change the default value. For example... by kteng2024 Path Finder in Splunk Search 02-22-2017 0 3	0	3
Transaction search and appendcols - missing cols Hey folks, I have two separate searches that work fine and return the expected results. I.e. 1 - index=blah field1... by RocIngersol Explorer in Splunk Search 02-22-2017 0 12	0	12
Adjust time difference for suspended and unsuspended events I am trying to find a solution for adjust my time interval for time to resolve. There are two indexes being used, the... by 1067062 New Member in Splunk Search 02-22-2017 0 6	0	6
tstats issue following upgrade from 6.4.4 to 6.5.2 I’m having an issue with the tstats command not producing any results when calling a namespace post tscollect. For e... by adayton20 Contributor in Splunk Search 02-22-2017 1 6	1	6
How to filter IIS logs with regular expression? Greetings, I'm trying to make a regular expression to filter the IIS logs. I want Splunk to index only logs whose sc... by markuxProof Path Finder in Splunk Search 02-22-2017 0 6	0	6
How to display SplunkIcons Glyphs library and where can I find them? I use SplunkIcons glyphs to display some states with search command "rangemap". I would like to see the icons are ava... by erwan_raulet Explorer in Splunk Search 02-22-2017 2 7	2	7
Compare two counts from two time searches I need to be able to find the difference between two "Count" values; the count for today, and the count yesterday. M... by smcdonald20 Path Finder in Splunk Search 02-22-2017 0 9	0	9
Extracting Fields & Regular Expression Formating I have Active Directory logs that do not have many fields associated with them. Each log is over 100 lines and I wish... by santorof Communicator in Splunk Search 02-22-2017 0 2	0	2
Help me with Rex in search query "sessionID":"123456567" "sessionID":"ABCnsh8ah" Please help me with Rex to pick 123456567 ABCnsh8ah from above _ra... by sravankaripe Communicator in Splunk Search 02-22-2017 0 3	0	3
Why am I getting lookup search error "[server x] Script for lookup table 'user_agents' returned error code 1. Results may be incorrect"? We are using Splunk version 6.3 and facing an issue with a lookup table. While running the search, it returns below e... by cdcproject New Member in Splunk Search 02-22-2017 0 1	0	1
Can the results of the same search vary between use in a search bar and a dashboard? hi, I am writing the following search query in the dashboard panel sourcetype=xml22 \|where $field1$ = 7\|search Tex... by 20065945 Explorer in Splunk Search 02-22-2017 0 3	0	3
Secuirty checks with help of splunk Hi, I want to figure out, how long an employee inside office. Once employee enters into office he will do card swipe... by srinivasup Explorer in Splunk Search 02-22-2017 0 8	0	8
output lookup to /app/lookups I have a saved search that generates a table of users each day: search "my users" \| table username, id I want to tu... by himynamesdave Contributor in Splunk Search 02-22-2017 0 3	0	3
Wildcard not working in monitor input I used following syntax to monitor a file input in windows [monitor://D:\app\logs\a.log] The above stanza is not in... by reach2tushar Explorer in Splunk Search 02-21-2017 0 6	0	6
count eval results doesn't match the results under the Events tab I have a simple search with stats count eval (u_id is a numeric field): index=myindex base search \| stats count(eval... by rarbabi New Member in Splunk Search 02-21-2017 0 1	0	1
stats count by variable field names? I have a need to stats count by a list of variable fields that I don't know the names of. (stats count by * doesn't... by the_wolverine Champion in Splunk Search 02-21-2017 0 2	0	2
How to calculate time difference of 2 events with logs that do not have a common string? Hi, I have Siebel logs like below: event 1: MessageFlow MsgFlowDetail 4 00005609588f0d40:0 2017-01-30 09:38:48 ... by huligesh Engager in Splunk Search 02-21-2017 0 4	0	4
How to extract a field that is within an already extracted field? Hi Ninja I've done a field extraction for apache access log like Referer. Referer= http(s)://FQDN/Abc/dasd/sadfasf/... by krishnacasso Path Finder in Splunk Search 02-21-2017 0 2	0	2
Modify lookup cells by search command I have a lookup called FailuresList It contains the following fields: date, site, text, excluded I would like to modi... by ICAP_RND Engager in Splunk Search 02-21-2017 0 6	0	6
Extract key-value pairs while ignoring "header" data using regex. I have a regular expression that works on part of my data. Given the log entry: pam_vas: Authentication <succeeded> ... by oliverj Communicator in Splunk Search 02-21-2017 0 16	0	16
Search to Correlate 2 different csv files. We have 2 different csv files under the same index and sourcetype. csv1.csv-Fields[uniquenumber Name status] csv2.c... by krishnacasso Path Finder in Splunk Search 02-21-2017 0 3	0	3