Splunk Search

Community Activity

How to see search bundle or knowledge bundle activity on Splunk Search Head? I am trying to figure out if the Splunk is sending Search Bundles very often and if these are full or delta? by rbal_splunk Splunk Employee in Splunk Search 02-15-2017 1 1	1	1
Formatting log data question Hi, I have the below log data. It appears to be all one line. What I'd like to do is: Have a separate event every... by dbcase Motivator in Splunk Search 02-15-2017 0 4	0	4
How to edit my search to display the highest count per company? I have a data set that gives me an entry for each time a company runs a report in my system. I can easily put togethe... by dfenko Explorer in Splunk Search 02-15-2017 0 2	0	2
calculating the truncate value for props.conf ? Hi, How to calculate the truncate value ? is it calculated based on the log size and max_events ? if yes , can anyo... by kteng2024 Path Finder in Splunk Search 02-15-2017 0 1	0	1
Adding Characters to the beginning of a field only when field starts with "\" Hi I have a search that returns a field called "Administrators" Administrators \DomainAdmins \Backup Group \Eventl... by ajdyer2000 Path Finder in Splunk Search 02-15-2017 0 8	0	8
Large lookup caused the bundle replication to fail. What are my options? My searches are failing with the following errors in splunkd.log. I have one Search Head and 26 indexers. In the Sear... by rbal_splunk Splunk Employee in Splunk Search 02-15-2017 13 5	13	5
help me with join condition i have two indexes i have Sid common in both i want to display Sid and Did in a table. Please help me with join con... by sravankaripe Communicator in Splunk Search 02-15-2017 0 5	0	5
New field from search results Hi, I have a field called "OrgCode" with data like "L6" "L9" "G6" "K6" "K4", which is departments L G and K. I nee... by nburgess1 Explorer in Splunk Search 02-15-2017 0 4	0	4
rex help plz "sessionID":"ABCDFE-112451x55-3734-4601-82a9-7ab6c5151d85" "sessionID":"123456789012" "sessionID":"12dsfvvxv3" Pleas... by sravankaripe Communicator in Splunk Search 02-15-2017 0 2	0	2
REX command for the logline I need to write a rex command for the below log, Please help me out. log: xxx,xxx, D_Name="sag01 "TCC - QA - ORAA cv... by nivethainspire_ Explorer in Splunk Search 02-15-2017 0 4	0	4
How to pass regular expression in variable to the match? HI All, How to pass regular expression to the variable to match command? Please help.. in Following search qu... by rsathish47 Contributor in Splunk Search 02-15-2017 0 3	0	3
Host override at search time I want to override the Host value at search time, not at index time because I need to override it just in the context... by giorgio_adami_m Path Finder in Splunk Search 02-15-2017 2 6	2	6
Joining accelerated data models using tstats Hi guys - I have 3 data models, all accelerated, that I would like to join for a simple count of all events (dm1 + d... by himynamesdave Contributor in Splunk Search 02-15-2017 0 13	0	13
Searching a URL for file name that may contain spaces Have a record in a log that looks like the following: Wed Oct 26 10:41:14 2016 0 10.40.112.27 437434 /dirlevel1/dirl... by Mkaz New Member in Splunk Search 02-15-2017 0 12	0	12
how to convert the for loop in to splunk search i have a for loop statement need to get converted to splunk query .. i am not aware how to store the variable and use... by beenagulzar New Member in Splunk Search 02-15-2017 0 1	0	1
Writing rex to grep a value from the field I have 3 different values to be extracted. Please help me in writing rex command here is the field values name="ascd... by nivethainspire_ Explorer in Splunk Search 02-15-2017 0 1	0	1
Splitting Entries into 2 columns for same field I need AD auth events and some have multiple entries for Account Name field. One entry is a hyphen (-). Can someone h... by sharadkapurala New Member in Splunk Search 02-15-2017 0 1	0	1
split fields upon indexing/ use regex to split fields Hi, I have source data comma delimited like this from JMeter: timeStamp,elapsed,label,responseCode,responseMessage,... by mhornste Path Finder in Splunk Search 02-15-2017 0 9	0	9
Query to find the license usage by a particular host or index on a daily basis I need to know the license usage of 5 indexes on a daily basis. All the options I have been trying gives me the licen... by mintughosh Path Finder in Splunk Search 02-14-2017 0 2	0	2
How to extract particular value using regular expression? In the below event "status" key has the value either "1" or "0" . I am looking out to extract those "status" having t... by chetanhonnavile Explorer in Splunk Search 02-14-2017 0 8	0	8
Search Time Range Hi, I have a simple question, what is the difference between earliest=-15m with earliest=-15m@s? I could not find a... by dellytaniasetia Explorer in Splunk Search 02-14-2017 0 1	0	1
How to search currently active VPN sessions? So my data has, for example, code 001 for connected and 002 for disconnected. Also, each VPN session has a unique ses... by mattbirk Explorer in Splunk Search 02-14-2017 1 5	1	5
Why does my regular expression work in search, but it does not work in transforms.conf? I'm having trouble converting a search string into a working regular expression in transforms.conf to send events to ... by murhammr Path Finder in Splunk Search 02-14-2017 0 7	0	7
How to find thrput of data being searched in Splunk? We are planning to for a F5 load-balancer to be placed in front of the search heads. For sizing, how can I find out t... by nravichandran Communicator in Splunk Search 02-14-2017 0 2	0	2
Why does the timechart command display inconsistent results when the time range is changed? When I use the following search (some criteria obfuscated for security): index=main sourcetype=transaction applicat... by fvegdom Path Finder in Splunk Search 02-14-2017 1 19	1	19