Splunk Search

Community Activity

How do I extract these fields from my sample json event? I have data being fed into Splunk from a log file in json format. Currently it is not extracting any of the fields fr... by ch1221 Path Finder in Splunk Search 01-27-2017 0 1	0	1
How to create a time chart with milestones? Hi, I'm trying to get some sort of timechart with milestones. Something like the attached pic (example) . I know S... by dbcase Motivator in Splunk Search 01-27-2017 0 9	0	9
How to run a certain eval statement in a search based on the date range? Creating a table for time zones, which will be used to keep track of our universal forwarders and their settings. Ne... by tlmayes Contributor in Splunk Search 01-27-2017 0 2	0	2
Lookup latest value in CSV or datasource Hi, I am currently tracking my electricity usage and would like to calculate the current cost using the kWh value in ... by Greenwell01 New Member in Splunk Search 01-27-2017 0 2	0	2
use eval to change field vale I have this logs: URI: tttplitmr_78 METHOD: POST BODY: {"s_data": {"System.ProcessorName": "Intel(R) Xeon(R) CPU E5-... by guillecasco Path Finder in Splunk Search 01-27-2017 0 3	0	3
"Duplicate" events: Without using "dedup", how can I remove all but one of the events that occur within a 1 second time frame? Hi, I have events that are sorta kinda duplicated. Sorta kinda means that everything is the same EXCEPT there is a ... by dbcase Motivator in Splunk Search 01-27-2017 0 3	0	3
How to create a search for moving average for email sent per user Thx to DalJeanis I have the following search that establishes a baseline of email sent per user by subject then looks... by jwalzerpitt Influencer in Splunk Search 01-27-2017 0 18	0	18
How to edit my search to find total emails sent per user on a daily basis? I am trying to pull stats that shows the average emails sent per user per day and I have the following search below, ... by jwalzerpitt Influencer in Splunk Search 01-27-2017 0 8	0	8
How to edit my search to alert once per result for multiple hosts? We are using Splunk 6.4.2 and I have alerting setup on a specific search as follows: index = wineventlogs sourcety... by CaptainHook Communicator in Splunk Search 01-27-2017 1 24	1	24
Regex with forward slash character Hi, I'm trying to extract to fields from a precalculated field and so far I've trouble with the forward slash charac... by Keyrl Explorer in Splunk Search 01-27-2017 0 7	0	7
sort based on 2 values Hi, I'm new to Splunk and I'm struggling to find a solution for the requirement I have. Here is my requirement: I ha... by snam New Member in Splunk Search 01-27-2017 0 2	0	2
Time without errors Hi, I'm trying to calculate the time without errors in the system. To do that I'm doing something like \| eval now ... by vgaltes Explorer in Splunk Search 01-27-2017 0 2	0	2
Is anyone else having timeline issues in Chrome using Splunk 6.3.3? I am running 6.3.3, and I recently noticed some problems manipulating the Timeline in Chrome 53.0.2785.101 m. When I ... by _smp_ Builder in Splunk Search 01-27-2017 2 6	2	6
How to get to grips with SPL. Hi guys, I'm new to splunk, and we have recently implemented splunk enterprise in our environment. We are primarily ... by JPurdham Engager in Splunk Search 01-27-2017 0 3	0	3
Why am I unable to add my search to a dashboard panel? I am using the following search to get all indexes and sourcetypes. But I am unable to add the search to a dashboard ... by jagadeeshm Contributor in Splunk Search 01-27-2017 0 12	0	12
How can we show or display application response time based on session id? hi, we running load test on 6 of the micro services and each has different API. we are indexing those logs into Splun... by rajgowd1 Communicator in Splunk Search 01-26-2017 0 4	0	4
How to remove numbers from events at search time? Hi, i have endpoints which are extracted from the log message and some end points are with numbers at the end. can we... by rajgowd1 Communicator in Splunk Search 01-26-2017 0 7	0	7
timechart span=60m snaps to hour whereas I want it to snap to minute I'm trying to get hourly averages and compare the last to the previous one. ...some search \| timechart span=60m av... by nabeel652 Builder in Splunk Search 01-26-2017 0 3	0	3
How to edit my regular expression for a multivalue field extraction with new lines? Hello, I need REGEX help. I've wasted almost all day trying to do this and only came up with this which is very slop... by johnmvang Path Finder in Splunk Search 01-26-2017 0 3	0	3
How to edit my search to create an overlay on a time chart with two CSV files using the date as the common field? Hi, I have two CSV files File 1=bbOrCellOffline . index=betadb Contents look like this 1004876,1004574,TCA301,Y,... by dbcase Motivator in Splunk Search 01-26-2017 0 1	0	1
issue querying events in quotes Seeing issue with tabling results inside quotes and wondering if this is know issue with work around? query: index=p... by smudge797 Path Finder in Splunk Search 01-26-2017 0 6	0	6
How do write a search to list all indexes associated with a sourcetype? I have no trouble listing all the sourcetypes associated with an index, but I need to go the other way - What are all... by hkj2332 New Member in Splunk Search 01-26-2017 0 8	0	8
How to edit my transforms.conf xml field extraction? Hi, I am not finding any previous posts that answer my question so here it is. I have a security appliance that send... by packet_hunter Contributor in Splunk Search 01-26-2017 0 2	0	2
How to use a conditional variable in a stats count command? Given the following search logic index=* (Action=Search OR Action=CreateOrder OR Action=FindItinerary OR Action=Conf... by Cuyose Builder in Splunk Search 01-26-2017 1 2	1	2
How to chart and compare memory usage of my JSON data? I've got an interesting JSON: {"timeStamp":"2017-01-26 23:59","name":"myVM1","counter":"mem.usage.average","descript... by suarezry Builder in Splunk Search 01-26-2017 0 6	0	6