Splunk Search

Community Activity

compare two fields value for equality in two different indexes HI I want to know why this code is not working index="malecious_url" OR index="surikata" \|fields http2,http \| wh... by simin67rose New Member in Splunk Search 02-08-2017 0 1	0	1
How do I use a regular expression to extract all 22 entries of a Message field in a multiline JSON data? How do I use a regular expression to extract all 22 entries of Message field with left boundry = "Messages": [ righ... by ash2l Path Finder in Splunk Search 02-08-2017 0 6	0	6
append search to different sources Hi, I want to combine to searches: index=bla \| stats count(al_responsecode) as "Total per responseCode al" by al_re... by arjangoos Path Finder in Splunk Search 02-08-2017 0 1	0	1
Trying to get a range of dates right based on a last Saturday of the month hi there, the 1st and 3rd statement is wrong and the 2nd might be correct. Here is what I am trying to do: Current M... by maximusdm Communicator in Splunk Search 02-08-2017 0 5	0	5
How to write a search to find out the average dashboard runtime? hi there, i would like to write a search to find out dashboard runtime. index=_internal source=*splunkd_ui_access.... by srinivasup Explorer in Splunk Search 02-08-2017 0 3	0	3
I need a single value after dividing 2 results which we obtain as a result of stats dc. As of now, I see 3 values. The query I use is- sourcetype=iis URL_root=abc "https://www.abc.com"\|stats dc(SessionId) as TotalVisits, dc(userid)... by prateedshetty Path Finder in Splunk Search 02-08-2017 0 2	0	2
How to plot a bar graph based on date in a csv file? Hi All, I am new to the Splunk world and pls help me to explore. I have a product.csv files which contains 6 fields ... by ibmrakesh Explorer in Splunk Search 02-08-2017 0 2	0	2
Is my (big) csv lookup file indexed in memory by Splunk? Hi, I have a quite big csv file (~20Mb) and I changed the max_memtable_bytes to 100Mb in my limits.conf file. My sear... by RiccardoV Communicator in Splunk Search 02-08-2017 2 4	2	4
Split multiline value field into separate lines I have a field which have multilines, how to split this field delimited by timestamp into separate lines 2017/02/06 ... by srinathd Contributor in Splunk Search 02-07-2017 0 3	0	3
How do I get the mid point of the specified time range? I have a query where I need to break up the provided time range into 2 period so I can see the delta between the peri... by Hung_Nguyen Path Finder in Splunk Search 02-07-2017 1 3	1	3
Are there any examples of an actual use case of dispatch.data_format for fields earliest time and latest time? Hi, I am looking for any sample code in any language/script that shows an actual use case of dispatch.data_format fo... by meduriphani New Member in Splunk Search 02-07-2017 0 2	0	2
Get Distinct Count of Success & Total based on UserID I'm trying to make one search that will accomplish the following: Total Login Attempts: DC(USERID) WHERE ACTIVITY = ... by SplotchySplunkS Engager in Splunk Search 02-07-2017 0 14	0	14
How to get List of realtime searches and the macro/savedSearch that runs on it I am new to splunk... How to get List of realtime searches and the macro/savedSearch that runs on it? Is there any s... by paramagurukarth Builder in Splunk Search 02-07-2017 0 6	0	6
How to group events by a common directory prefix I want to group events describing backup job status with other events describing the volumes being backed up. The da... by lee_melvin Path Finder in Splunk Search 02-07-2017 0 3	0	3
How to remove all numbers at the beginning of all values for a field? Hi I have a search with a field called "Apps". I would like to be able to remove the leading numeric values. I woul... by ajdyer2000 Path Finder in Splunk Search 02-07-2017 0 6	0	6
Optomise large search string We are using Splunk to alert when we see specific events in our logs. There are hundreds of different log events we m... by arrowecssupport Communicator in Splunk Search 02-07-2017 0 3	0	3
Extract the 2nd event time in a transaction When using transaction, SPLUNK always use _time of the 1st event I need to extract the time of the second event in a... by ICAP_RND Engager in Splunk Search 02-07-2017 0 4	0	4
CIDR in a lookup table - no access to transforms.conf? I know it's possible to put CIDR ip ranges in a lookup table. However, my question is, what if I do not have access ... by mbolostk Explorer in Splunk Search 02-07-2017 3 1	3	1
How to build a timechart that shows overall (n+1) capacity and per site visibility? I'm attempting to develop a chart for one of my engineering teams that shows peak utilization across multiple sites o... by burras Communicator in Splunk Search 02-07-2017 0 5	0	5
Why would a bucket/bin be set to a one day span on the License Master? Looking at the Daily License Usage panel on the "Previous 30 Days" tab under Licensing, I see that the base search is... by pkeller Contributor in Splunk Search 02-07-2017 0 1	0	1
How to add new column to chart with success rate of other columns I'm using the following search to generate the table below: rex "<status>(?<status>.*?)<"\| search status=Incomplete ... by gsolomon11 New Member in Splunk Search 02-07-2017 0 2	0	2
Simple daily volume tracking? If I go into the License Manager, it shows me a simple progress bar of "Volume used today". For pool "auto generated... by gowen Path Finder in Splunk Search 02-07-2017 2 11	2	11
How to improve my current search to count how many times EventB is preceded by EventA within the same transaction? I have a working query, but since this is the first time I used stats as a replacement for join / transaction so I wo... by pm771 Communicator in Splunk Search 02-07-2017 0 7	0	7
How to generate a search that finds the time difference? i want to find the difference b/w starttime and _time. "StartTime":"2017-02-03 09:51:54.595" (String) End... by sravankaripe Communicator in Splunk Search 02-07-2017 0 4	0	4
How to generate a search for my sample data? i have logs like this for each req..... 2016-11-09 12:57:18,855 CorrelationID=2469bae9-fe14-4e67-b345-95d652f4a868,... by prashanthberam Explorer in Splunk Search 02-07-2017 0 2	0	2