Splunk Search

Community Activity

Is my (big) csv lookup file indexed in memory by Splunk? Hi, I have a quite big csv file (~20Mb) and I changed the max_memtable_bytes to 100Mb in my limits.conf file. My sear... by RiccardoV Communicator in Splunk Search 02-08-2017 2 4	2	4
Split multiline value field into separate lines I have a field which have multilines, how to split this field delimited by timestamp into separate lines 2017/02/06 ... by srinathd Contributor in Splunk Search 02-07-2017 0 3	0	3
How do I get the mid point of the specified time range? I have a query where I need to break up the provided time range into 2 period so I can see the delta between the peri... by Hung_Nguyen Path Finder in Splunk Search 02-07-2017 1 3	1	3
Are there any examples of an actual use case of dispatch.data_format for fields earliest time and latest time? Hi, I am looking for any sample code in any language/script that shows an actual use case of dispatch.data_format fo... by meduriphani New Member in Splunk Search 02-07-2017 0 2	0	2
Get Distinct Count of Success & Total based on UserID I'm trying to make one search that will accomplish the following: Total Login Attempts: DC(USERID) WHERE ACTIVITY = ... by SplotchySplunkS Engager in Splunk Search 02-07-2017 0 14	0	14
How to get List of realtime searches and the macro/savedSearch that runs on it I am new to splunk... How to get List of realtime searches and the macro/savedSearch that runs on it? Is there any s... by paramagurukarth Builder in Splunk Search 02-07-2017 0 6	0	6
How to group events by a common directory prefix I want to group events describing backup job status with other events describing the volumes being backed up. The da... by lee_melvin Path Finder in Splunk Search 02-07-2017 0 3	0	3
How to remove all numbers at the beginning of all values for a field? Hi I have a search with a field called "Apps". I would like to be able to remove the leading numeric values. I woul... by ajdyer2000 Path Finder in Splunk Search 02-07-2017 0 6	0	6
Optomise large search string We are using Splunk to alert when we see specific events in our logs. There are hundreds of different log events we m... by arrowecssupport Communicator in Splunk Search 02-07-2017 0 3	0	3
Extract the 2nd event time in a transaction When using transaction, SPLUNK always use _time of the 1st event I need to extract the time of the second event in a... by ICAP_RND Engager in Splunk Search 02-07-2017 0 4	0	4
CIDR in a lookup table - no access to transforms.conf? I know it's possible to put CIDR ip ranges in a lookup table. However, my question is, what if I do not have access ... by mbolostk Explorer in Splunk Search 02-07-2017 3 1	3	1
How to build a timechart that shows overall (n+1) capacity and per site visibility? I'm attempting to develop a chart for one of my engineering teams that shows peak utilization across multiple sites o... by burras Communicator in Splunk Search 02-07-2017 0 5	0	5
Why would a bucket/bin be set to a one day span on the License Master? Looking at the Daily License Usage panel on the "Previous 30 Days" tab under Licensing, I see that the base search is... by pkeller Contributor in Splunk Search 02-07-2017 0 1	0	1
How to add new column to chart with success rate of other columns I'm using the following search to generate the table below: rex "<status>(?<status>.*?)<"\| search status=Incomplete ... by gsolomon11 New Member in Splunk Search 02-07-2017 0 2	0	2
Simple daily volume tracking? If I go into the License Manager, it shows me a simple progress bar of "Volume used today". For pool "auto generated... by gowen Path Finder in Splunk Search 02-07-2017 2 11	2	11
How to improve my current search to count how many times EventB is preceded by EventA within the same transaction? I have a working query, but since this is the first time I used stats as a replacement for join / transaction so I wo... by pm771 Communicator in Splunk Search 02-07-2017 0 7	0	7
How to generate a search that finds the time difference? i want to find the difference b/w starttime and _time. "StartTime":"2017-02-03 09:51:54.595" (String) End... by sravankaripe Communicator in Splunk Search 02-07-2017 0 4	0	4
How to generate a search for my sample data? i have logs like this for each req..... 2016-11-09 12:57:18,855 CorrelationID=2469bae9-fe14-4e67-b345-95d652f4a868,... by prashanthberam Explorer in Splunk Search 02-07-2017 0 2	0	2
How to merge my data? My raw data looks like this: Timestamp Field1 Field2 Field3 2017-01-01 AAA Key1 Key1val 2017-01-... by kbarker302 Communicator in Splunk Search 02-07-2017 0 2	0	2
My lookup in a macro works in a search, but why does it not work using savedsearch command? We are on Splunk 6.2.1. This is all in Splunk search... I have a macro with lookup which works fine in a simple sea... by rgsage Path Finder in Splunk Search 02-07-2017 0 10	0	10
How to trim output using eval in a data model to remove spaces? I tried this in eval expression for removing spaces... trim(SWFT_TRN) but it's not working fine.. by ruchigpt527 New Member in Splunk Search 02-07-2017 0 1	0	1
Indexer not responding.. Replication status is 'Failed' A reboot cured the above issue( In title), which is far from ideal. See the below lines logged in 'Splunkd.log' on t... by nairri New Member in Splunk Search 02-07-2017 0 3	0	3
How can I convert string of numbers to date format? I have a list of dates like below: 20170201 20171201 20171225 How can I convert this into a time value that i can s... by smcdonald20 Path Finder in Splunk Search 02-07-2017 0 2	0	2
How to find top events contributing to a total of X% of the events? Hi, I can find the top events but I want to see all those events that are contributing say 80% of the total. e.g. the... by dkikan Engager in Splunk Search 02-07-2017 0 1	0	1
How to calculate max of transaction from sum of 2 fields? Currently I am trying to find the max of field (which is already a sum of 2 different fields). The problem unfolds as... by sundarrajan Path Finder in Splunk Search 02-07-2017 0 5	0	5