Splunk Search

Community Activity

No results found, I want to show other message but I want stats count by field I am trying to compare the count based on ServiceMethod [field], but when there are no results found, that particular... by SS00110896 New Member in Splunk Search 02-26-2017 0 2	0	2
How to edit my search to extract a single record from an inputlookup file? I have an inputlookup file that shows temperature records and is formatted as follows rec-date,average-low,average-h... by rvoninski_splun Splunk Employee in Splunk Search 02-26-2017 0 6	0	6
How to add a static column to a table with dynamically search result I have a search successfully generate a dynamic table BUT I couldn't add a static column called baseline: I tried to... by bing_zheng New Member in Splunk Search 02-25-2017 0 4	0	4
How can I convert my time format to epoch time? Format i have in Splunk:- Duration as 9h:42m:32s I tried to use below search but it didn't worked. eval "Duration"... by m7787580 Explorer in Splunk Search 02-25-2017 0 3	0	3
How to use Windows event logs to alert for the failed attempts less than 5 occurring for every hour? Slow and Low attack? How to use Windows event logs to alert for the failed attempts less than 5 occurring for every h... by kiran331 Builder in Splunk Search 02-25-2017 0 1	0	1
line chart cumulative counters by host Problem: Creating a line chart from cumulative counter (i.e. snmp ifOutOctets or Windows TCP counters) for multiple ... by bmacias84 Champion in Splunk Search 02-25-2017 1 2	1	2
How to edit my search to find the status of tickets for my groups? Hello, i have a data from ticketing system where events looks (more or less for the simplicity) like this: date, ti... by tomaszwrona Explorer in Splunk Search 02-24-2017 0 4	0	4
How to calculate transaction per second for my search? for the search index=* some_events \| stats count how to calculate the transaction per second for this search (how... by abzmhzsplunk New Member in Splunk Search 02-24-2017 0 5	0	5
How to display bucket/histogram data with zero count? I'm trying to run a bucket/histogram of data but I want to display buckets that have zero count. By default, bucket ... by jbp4444 Path Finder in Splunk Search 02-24-2017 1 3	1	3
How to extract field for irrelevant data log to indexed? Event Flow (THREAD-XXXX) YYYY-MM-DD 15:53:38.486 - Server_Name flow step millis 32 ('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX... by karthikeyan_k14 New Member in Splunk Search 02-24-2017 0 1	0	1
How do I find Active Directory usernames logging in to ADFS from the Outlook App for iOS or Android? We'd like to identify all of the users that have set up the Outlook app for iOS or Android. All of the authentication... by saltybeagle Explorer in Splunk Search 02-24-2017 2 2	2	2
How to generate a regular expression that extracts a field in my event data? I need to do a field extraction for everything after the ) to the end of the first line. I've tried about every regex... by jeck11 Path Finder in Splunk Search 02-24-2017 0 9	0	9
How to create a bar chart that compares values over two time periods? I've created a search that displays the top 10 blocked destination ports over the last 4 hours. I've also managed to ... by swedishmike New Member in Splunk Search 02-24-2017 0 7	0	7
How do I correct error "Error in 'rest' command: Invalid argument: '/services/server/info' "? I've recently installed splunk 6.5.1 on windows 2008 R2. I've also enabled 'Health Check' in Monitoring Console, but... by lessthan80 Explorer in Splunk Search 02-24-2017 0 1	0	1
How can I get the 10 oldest events of a search first and quickly? All, Any idea how I get the 10 oldest events from the search below? I need it to validate that we have 90 days of r... by daniel333 Builder in Splunk Search 02-24-2017 0 1	0	1
Compare three data sources Hello I have three sources I should compare fields. Lets say index =A index=B and index=C. All the three sources hav... by jarapally Explorer in Splunk Search 02-24-2017 0 5	0	5
how to remove dot in timechart? index=xxx source="udp:4005" \|eval startTime = strptime(TransactionStartTime,"%FT%T.%3N%Z") \| eval endTime = strptime(... by karthi2809 Builder in Splunk Search 02-24-2017 0 3	0	3
DateTime Convertion Hi, I don't understand why my datetime extracted can't convert when same format has no issue host="gmw8" OR host="... by duyanhtr Engager in Splunk Search 02-24-2017 0 7	0	7
How to find out the first occurrence of an event with a search? Currently I am trying to figure out a way to pull the first time an event occurred. Specifically when one of our prog... by jmcaloon Explorer in Splunk Search 02-24-2017 0 4	0	4
Regex for nullQueue, conditional regex. Can someone figure it out? Hello all, I'm not sure this is doable with nullQueue in transforms to filter out events of this form, hopefully som... by adamsmith47 Communicator in Splunk Search 02-24-2017 0 1	0	1
How to edit my "stats (count)" search to display a table? Hi guys, i have a question about the function stats count (fields) by field \| where xxx . I want just the result of... by Abarny Path Finder in Splunk Search 02-24-2017 0 4	0	4
how to connect to a local log file which will be updating everytime i want to create a alert on log file which will be updating frequently..plz tell me the way to connect to that log fi... by prakashv546 New Member in Splunk Search 02-24-2017 0 2	0	2
How to keep fields after a chart command for use in dynamic drilldown If I have a table like this: TestName , OS , IsSuccessfull, , TestID T1 ,... by splunker56 New Member in Splunk Search 02-24-2017 0 7	0	7
How to modify my search to truncate time displayed on chart? Hi, I am tracking Splunk startup and stop through graph. My search: index=_audit action=splunkShuttingDown OR act... by AKG1_old1 Builder in Splunk Search 02-24-2017 0 1	0	1
How to sort my table columns? Can someone help in sorting table columns. Table contains Row1,Row2,Row3,Row11,Row22,Row33 I tried sorting in orde... by vnithin123 Engager in Splunk Search 02-24-2017 0 2	0	2