Splunk Search

Community Activity

Search to Correlate 2 different csv files. We have 2 different csv files under the same index and sourcetype. csv1.csv-Fields[uniquenumber Name status] csv2.c... by krishnacasso Path Finder in Splunk Search 02-21-2017 0 3	0	3
Append values as 0 with time for search and subsearch In my search query, I have 2 searches 1. This gives stats for today 2. This gives stats for the period entered as... by avaishsplunk Path Finder in Splunk Search 02-21-2017 0 3	0	3
Python Custom Search Command over SSH Greetz, For security purposes we wish to do a search from an untrusted host (could be compromised) and therefore can... by ephemeric Contributor in Splunk Search 02-21-2017 0 3	0	3
How to display column chart based on events count and display events size in bytes, KB, MB, and GB? Hi, i would like to display column chart based on events count and display events size in bytes,KB,MB and GB if even... by rajgowd1 Communicator in Splunk Search 02-21-2017 0 5	0	5
Ignore unlike rows I have a log that a software package provides which creates a standard record for each event. The standard format ... by Mkaz New Member in Splunk Search 02-21-2017 0 3	0	3
\| `incident_review` time incident was assigned / closed If I run the following search from 'incident_review' I can establish certain fields, but I need to try and calculate ... by jacqu3sy Path Finder in Splunk Search 02-21-2017 0 9	0	9
How to get the count of events per value I have two fields, cid Status and delivery_date. How could I get the total unique count of cids which has Status as D... by repo12 New Member in Splunk Search 02-21-2017 0 4	0	4
Nested Search Hi, I have two tables: table1: share, cost, time A , 10 , 2017-02-20 A , 14 , 2017-02-21 B , ... by hankmath Observer in Splunk Search 02-21-2017 0 1	0	1
How to search and filter emails of the same subject where "Support@email.com" is the sender? Hi my use case is to search for only email chains that are replied (attended) by Support team. I have managed to extr... by leonjxtan Path Finder in Splunk Search 02-21-2017 0 5	0	5
count (all) / Count (unique) = result -> chart Hey all, I have a logfile looking like this: Host ----- Message test ----- Error1 test ----- Error1 prod ----- Erro... by dexxter275 Explorer in Splunk Search 02-21-2017 1 8	1	8
How can I add the total row count somewhere on the pie chart? I have a search string for creating a pie chart If I want to show the total rows on the top or anywhere of the chart.... by brian661 New Member in Splunk Search 02-21-2017 0 5	0	5
Why does expanding time range on search cause results to disappear? When I run the following search with a time range restricted to a single day (9th of January) index=main sourcetype=... by fvegdom Path Finder in Splunk Search 02-21-2017 0 7	0	7
Popup window from drilldown link Hi, I have a summary dashboard with drilldown links and once the user clicks on the link, the page is redirected t... by shangshin Builder in Splunk Search 02-21-2017 2 2	2	2
Rex - Extract till first set of numbers Hi, I have following values in field - DATA for which I want to extract text from start till the first set of number... by harshal_chakran Builder in Splunk Search 02-21-2017 0 4	0	4
Generic search to pull Job Name 20170221/032119.169 - U0020408 UC4ALERT: External Dependency inside jobplan NEWREL.JOBPLAN.X. CLEAN.SET_PARA.RTH_FOR_... by harsush Path Finder in Splunk Search 02-21-2017 0 1	0	1
How to wait for the SearchManager job to finish? Currently, I run the search query and get the last 3 records, basic on these records and generate the charts. However... by chrismok Path Finder in Splunk Search 02-21-2017 5 6	5	6
Do we have to write fields .conf file for every indexed field extraction Hi I have extracted ipaddress during indextime. Do I have to use fields.conf for every time I during the Index time ... by ankithreddy777 Contributor in Splunk Search 02-21-2017 0 1	0	1
Passing results from subsearch to a field in parent search Hello! I'm interested in passing a result or results (a list of users from proxy logs) from a subsearch into a field... by Splunkquish Explorer in Splunk Search 02-21-2017 1 8	1	8
Regex assistance We have a field such as - activity="POST->/cirrus/v1.0/providers" We would like to extract everything after the POST-... by ddrillic Ultra Champion in Splunk Search 02-20-2017 0 8	0	8
How to hide some specific events from the search results? On my search results, I need to hide some specific events from the output? Currently I am running a search to find if... by sreejith2k2 Explorer in Splunk Search 02-20-2017 0 13	0	13
Average between 2 fields D+HH:MM:SS Hi, I try to realize an average enter 2 fields which appear in the form of D+HH:MM:SS so i converted with dur2sec. ... by Abarny Path Finder in Splunk Search 02-20-2017 0 7	0	7
How to extract and calculate the sum of a field from different searches? Hello, i have on a dashboard with 5 different searches, where i have a common (calculated) field (let's call it a sc... by papemalik Explorer in Splunk Search 02-20-2017 0 17	0	17
How to edit my configurations to perform an index time field extraction? Hello All My current environment is as follows : Syslog/UF (Universal Forwarder) -> HF (Heavy Forwarder) -> Indexer... by vr2312 Builder in Splunk Search 02-20-2017 0 5	0	5
How to convert time to strptime? TransactionEndTime=2017-02-20T05:11:16.255-05:00; TransactionStartTime=2017-02-20T05:11:16.216-05:00; by karthi2809 Builder in Splunk Search 02-20-2017 0 1	0	1
for every command we filter fields and giving few fields to the next command, why eval gives all fields to the next command index=* sourcetype=history browser=chrome \| eval name="raj" giving output as many fields like sourecetype, browser, ... by nagarjuna280 Communicator in Splunk Search 02-20-2017 0 1	0	1