Splunk Search

Community Activity

count eval results doesn't match the results under the Events tab I have a simple search with stats count eval (u_id is a numeric field): index=myindex base search \| stats count(eval... by rarbabi New Member in Splunk Search 02-21-2017 0 1	0	1
stats count by variable field names? I have a need to stats count by a list of variable fields that I don't know the names of. (stats count by * doesn't... by the_wolverine Champion in Splunk Search 02-21-2017 0 2	0	2
How to calculate time difference of 2 events with logs that do not have a common string? Hi, I have Siebel logs like below: event 1: MessageFlow MsgFlowDetail 4 00005609588f0d40:0 2017-01-30 09:38:48 ... by huligesh Engager in Splunk Search 02-21-2017 0 4	0	4
How to extract a field that is within an already extracted field? Hi Ninja I've done a field extraction for apache access log like Referer. Referer= http(s)://FQDN/Abc/dasd/sadfasf/... by krishnacasso Path Finder in Splunk Search 02-21-2017 0 2	0	2
Modify lookup cells by search command I have a lookup called FailuresList It contains the following fields: date, site, text, excluded I would like to modi... by ICAP_RND Engager in Splunk Search 02-21-2017 0 6	0	6
Extract key-value pairs while ignoring "header" data using regex. I have a regular expression that works on part of my data. Given the log entry: pam_vas: Authentication <succeeded> ... by oliverj Communicator in Splunk Search 02-21-2017 0 16	0	16
Search to Correlate 2 different csv files. We have 2 different csv files under the same index and sourcetype. csv1.csv-Fields[uniquenumber Name status] csv2.c... by krishnacasso Path Finder in Splunk Search 02-21-2017 0 3	0	3
Append values as 0 with time for search and subsearch In my search query, I have 2 searches 1. This gives stats for today 2. This gives stats for the period entered as... by avaishsplunk Path Finder in Splunk Search 02-21-2017 0 3	0	3
Python Custom Search Command over SSH Greetz, For security purposes we wish to do a search from an untrusted host (could be compromised) and therefore can... by ephemeric Contributor in Splunk Search 02-21-2017 0 3	0	3
How to display column chart based on events count and display events size in bytes, KB, MB, and GB? Hi, i would like to display column chart based on events count and display events size in bytes,KB,MB and GB if even... by rajgowd1 Communicator in Splunk Search 02-21-2017 0 5	0	5
Ignore unlike rows I have a log that a software package provides which creates a standard record for each event. The standard format ... by Mkaz New Member in Splunk Search 02-21-2017 0 3	0	3
\| `incident_review` time incident was assigned / closed If I run the following search from 'incident_review' I can establish certain fields, but I need to try and calculate ... by jacqu3sy Path Finder in Splunk Search 02-21-2017 0 9	0	9
How to get the count of events per value I have two fields, cid Status and delivery_date. How could I get the total unique count of cids which has Status as D... by repo12 New Member in Splunk Search 02-21-2017 0 4	0	4
Nested Search Hi, I have two tables: table1: share, cost, time A , 10 , 2017-02-20 A , 14 , 2017-02-21 B , ... by hankmath Observer in Splunk Search 02-21-2017 0 1	0	1
How to search and filter emails of the same subject where "Support@email.com" is the sender? Hi my use case is to search for only email chains that are replied (attended) by Support team. I have managed to extr... by leonjxtan Path Finder in Splunk Search 02-21-2017 0 5	0	5
count (all) / Count (unique) = result -> chart Hey all, I have a logfile looking like this: Host ----- Message test ----- Error1 test ----- Error1 prod ----- Erro... by dexxter275 Explorer in Splunk Search 02-21-2017 1 8	1	8
How can I add the total row count somewhere on the pie chart? I have a search string for creating a pie chart If I want to show the total rows on the top or anywhere of the chart.... by brian661 New Member in Splunk Search 02-21-2017 0 5	0	5
Why does expanding time range on search cause results to disappear? When I run the following search with a time range restricted to a single day (9th of January) index=main sourcetype=... by fvegdom Path Finder in Splunk Search 02-21-2017 0 7	0	7
Popup window from drilldown link Hi, I have a summary dashboard with drilldown links and once the user clicks on the link, the page is redirected t... by shangshin Builder in Splunk Search 02-21-2017 2 2	2	2
Rex - Extract till first set of numbers Hi, I have following values in field - DATA for which I want to extract text from start till the first set of number... by harshal_chakran Builder in Splunk Search 02-21-2017 0 4	0	4
Generic search to pull Job Name 20170221/032119.169 - U0020408 UC4ALERT: External Dependency inside jobplan NEWREL.JOBPLAN.X. CLEAN.SET_PARA.RTH_FOR_... by harsush Path Finder in Splunk Search 02-21-2017 0 1	0	1
How to wait for the SearchManager job to finish? Currently, I run the search query and get the last 3 records, basic on these records and generate the charts. However... by chrismok Path Finder in Splunk Search 02-21-2017 5 6	5	6
Do we have to write fields .conf file for every indexed field extraction Hi I have extracted ipaddress during indextime. Do I have to use fields.conf for every time I during the Index time ... by ankithreddy777 Contributor in Splunk Search 02-21-2017 0 1	0	1
Passing results from subsearch to a field in parent search Hello! I'm interested in passing a result or results (a list of users from proxy logs) from a subsearch into a field... by Splunkquish Explorer in Splunk Search 02-21-2017 1 8	1	8
Regex assistance We have a field such as - activity="POST->/cirrus/v1.0/providers" We would like to extract everything after the POST-... by ddrillic Ultra Champion in Splunk Search 02-20-2017 0 8	0	8