Splunk Search

Community Activity

Is it possible to display a table (similar to Excel's pivot table) with multiple values under one column? In Splunk, is there a way to format data that normally contains user, month-year, hits, clicks to display multiple v... by spammenot66 Contributor in Splunk Search 02-15-2017 0 2	0	2
How to generate a search to see which users have signed in from a different country other than the U.S. in the last 24 hours? Good afternoon all I'm just looking for a search that will search for anyone that has logged in to a web site, from ... by rodiers01 New Member in Splunk Search 02-15-2017 0 6	0	6
show table results in descending count order Hi, I'm thinking this has a simple solution..Is there anyway to show a table in descending order by count? Currentl... by bcusick Communicator in Splunk Search 02-15-2017 0 5	0	5
rex command help Help me with Rex "keys":"values" "SSOUSERDATA":"INDV=12345678\|ONE\|testd44\|ABCD,ABCD_ABCDABCD" "X-comGlobalSessionI... by sravankaripe Communicator in Splunk Search 02-15-2017 0 5	0	5
Is the search with eval with match in case statement elegible to report acceleration? Hello everyone!!! This is a search that I was used to setting up a report with acceleration. But in the Report Accel... by aselios Engager in Splunk Search 02-15-2017 0 2	0	2
How to see search bundle or knowledge bundle activity on Splunk Search Head? I am trying to figure out if the Splunk is sending Search Bundles very often and if these are full or delta? by rbal_splunk Splunk Employee in Splunk Search 02-15-2017 1 1	1	1
Formatting log data question Hi, I have the below log data. It appears to be all one line. What I'd like to do is: Have a separate event every... by dbcase Motivator in Splunk Search 02-15-2017 0 4	0	4
How to edit my search to display the highest count per company? I have a data set that gives me an entry for each time a company runs a report in my system. I can easily put togethe... by dfenko Explorer in Splunk Search 02-15-2017 0 2	0	2
calculating the truncate value for props.conf ? Hi, How to calculate the truncate value ? is it calculated based on the log size and max_events ? if yes , can anyo... by kteng2024 Path Finder in Splunk Search 02-15-2017 0 1	0	1
Adding Characters to the beginning of a field only when field starts with "\" Hi I have a search that returns a field called "Administrators" Administrators \DomainAdmins \Backup Group \Eventl... by ajdyer2000 Path Finder in Splunk Search 02-15-2017 0 8	0	8
Large lookup caused the bundle replication to fail. What are my options? My searches are failing with the following errors in splunkd.log. I have one Search Head and 26 indexers. In the Sear... by rbal_splunk Splunk Employee in Splunk Search 02-15-2017 13 5	13	5
help me with join condition i have two indexes i have Sid common in both i want to display Sid and Did in a table. Please help me with join con... by sravankaripe Communicator in Splunk Search 02-15-2017 0 5	0	5
New field from search results Hi, I have a field called "OrgCode" with data like "L6" "L9" "G6" "K6" "K4", which is departments L G and K. I nee... by nburgess1 Explorer in Splunk Search 02-15-2017 0 4	0	4
rex help plz "sessionID":"ABCDFE-112451x55-3734-4601-82a9-7ab6c5151d85" "sessionID":"123456789012" "sessionID":"12dsfvvxv3" Pleas... by sravankaripe Communicator in Splunk Search 02-15-2017 0 2	0	2
REX command for the logline I need to write a rex command for the below log, Please help me out. log: xxx,xxx, D_Name="sag01 "TCC - QA - ORAA cv... by nivethainspire_ Explorer in Splunk Search 02-15-2017 0 4	0	4
How to pass regular expression in variable to the match? HI All, How to pass regular expression to the variable to match command? Please help.. in Following search qu... by rsathish47 Contributor in Splunk Search 02-15-2017 0 3	0	3
Host override at search time I want to override the Host value at search time, not at index time because I need to override it just in the context... by giorgio_adami_m Path Finder in Splunk Search 02-15-2017 2 6	2	6
Joining accelerated data models using tstats Hi guys - I have 3 data models, all accelerated, that I would like to join for a simple count of all events (dm1 + d... by himynamesdave Contributor in Splunk Search 02-15-2017 0 13	0	13
Searching a URL for file name that may contain spaces Have a record in a log that looks like the following: Wed Oct 26 10:41:14 2016 0 10.40.112.27 437434 /dirlevel1/dirl... by Mkaz New Member in Splunk Search 02-15-2017 0 12	0	12
how to convert the for loop in to splunk search i have a for loop statement need to get converted to splunk query .. i am not aware how to store the variable and use... by beenagulzar New Member in Splunk Search 02-15-2017 0 1	0	1
Writing rex to grep a value from the field I have 3 different values to be extracted. Please help me in writing rex command here is the field values name="ascd... by nivethainspire_ Explorer in Splunk Search 02-15-2017 0 1	0	1
Splitting Entries into 2 columns for same field I need AD auth events and some have multiple entries for Account Name field. One entry is a hyphen (-). Can someone h... by sharadkapurala New Member in Splunk Search 02-15-2017 0 1	0	1
split fields upon indexing/ use regex to split fields Hi, I have source data comma delimited like this from JMeter: timeStamp,elapsed,label,responseCode,responseMessage,... by mhornste Path Finder in Splunk Search 02-15-2017 0 9	0	9
Query to find the license usage by a particular host or index on a daily basis I need to know the license usage of 5 indexes on a daily basis. All the options I have been trying gives me the licen... by mintughosh Path Finder in Splunk Search 02-14-2017 0 2	0	2
How to extract particular value using regular expression? In the below event "status" key has the value either "1" or "0" . I am looking out to extract those "status" having t... by chetanhonnavile Explorer in Splunk Search 02-14-2017 0 8	0	8