Splunk Search

Community Activity

What is the way to exclude ports from a single search? Silly question here. I am trying to search against my WAN for traffic flows NOT equal to certain ports. I seem to hav... by brian1_tate Path Finder in Splunk Search 01-29-2017 0 4	0	4
How to get the distinct count of the number of "Errors" or "Exceptions"? I have used this following Splunk search, but the output result is not correct. I am using OR operator for either Err... by jw44250 New Member in Splunk Search 01-28-2017 0 2	0	2
How to get all indexes and sourcetypes? After browsing through Splunk Answers, the closest I could get is the following SPL to list all Indexes and Sourcetyp... by jagadeeshm Contributor in Splunk Search 01-28-2017 0 3	0	3
How to edit my search to get a count and time chart of unique status codes by URL? Hi all -- I'm having some trouble wrapping my mind around a problem I'd like to measure. I would like to perform a ... by smutherbavaro New Member in Splunk Search 01-28-2017 0 3	0	3
Convert saved search to inline search I have a dashboard with 10 graphs all pointing to one saved search each. what is the easiest way to convert all of th... by ma_anand1984 Contributor in Splunk Search 01-28-2017 0 3	0	3
How to write a search to find the the 90th and 99th percentile for response time? hi, I have some fields extracted from Splunk and it has application name, response time, and response code. By usin... by rajgowd1 Communicator in Splunk Search 01-27-2017 0 2	0	2
How to create a dashboard search to output these specific fields in results? What I'm trying to do is when I give input as index=sftp USER=gradydftsftp and it gives output as: Jan 27 10:15:01 w... by sujith0311 New Member in Splunk Search 01-27-2017 0 2	0	2
How to write a search to compare results from two tables, and show the results that only exist in the first table? Background: I'm trying to create a search that will let me know if something about a user is true within the last 7 d... by jpringle03 Path Finder in Splunk Search 01-27-2017 1 2	1	2
How do I extract these fields from my sample json event? I have data being fed into Splunk from a log file in json format. Currently it is not extracting any of the fields fr... by ch1221 Path Finder in Splunk Search 01-27-2017 0 1	0	1
How to create a time chart with milestones? Hi, I'm trying to get some sort of timechart with milestones. Something like the attached pic (example) . I know S... by dbcase Motivator in Splunk Search 01-27-2017 0 9	0	9
How to run a certain eval statement in a search based on the date range? Creating a table for time zones, which will be used to keep track of our universal forwarders and their settings. Ne... by tlmayes Contributor in Splunk Search 01-27-2017 0 2	0	2
Lookup latest value in CSV or datasource Hi, I am currently tracking my electricity usage and would like to calculate the current cost using the kWh value in ... by Greenwell01 New Member in Splunk Search 01-27-2017 0 2	0	2
use eval to change field vale I have this logs: URI: tttplitmr_78 METHOD: POST BODY: {"s_data": {"System.ProcessorName": "Intel(R) Xeon(R) CPU E5-... by guillecasco Path Finder in Splunk Search 01-27-2017 0 3	0	3
"Duplicate" events: Without using "dedup", how can I remove all but one of the events that occur within a 1 second time frame? Hi, I have events that are sorta kinda duplicated. Sorta kinda means that everything is the same EXCEPT there is a ... by dbcase Motivator in Splunk Search 01-27-2017 0 3	0	3
How to create a search for moving average for email sent per user Thx to DalJeanis I have the following search that establishes a baseline of email sent per user by subject then looks... by jwalzerpitt Influencer in Splunk Search 01-27-2017 0 18	0	18
How to edit my search to find total emails sent per user on a daily basis? I am trying to pull stats that shows the average emails sent per user per day and I have the following search below, ... by jwalzerpitt Influencer in Splunk Search 01-27-2017 0 8	0	8
How to edit my search to alert once per result for multiple hosts? We are using Splunk 6.4.2 and I have alerting setup on a specific search as follows: index = wineventlogs sourcety... by CaptainHook Communicator in Splunk Search 01-27-2017 1 24	1	24
Regex with forward slash character Hi, I'm trying to extract to fields from a precalculated field and so far I've trouble with the forward slash charac... by Keyrl Explorer in Splunk Search 01-27-2017 0 7	0	7
sort based on 2 values Hi, I'm new to Splunk and I'm struggling to find a solution for the requirement I have. Here is my requirement: I ha... by snam New Member in Splunk Search 01-27-2017 0 2	0	2
Time without errors Hi, I'm trying to calculate the time without errors in the system. To do that I'm doing something like \| eval now ... by vgaltes Explorer in Splunk Search 01-27-2017 0 2	0	2
Is anyone else having timeline issues in Chrome using Splunk 6.3.3? I am running 6.3.3, and I recently noticed some problems manipulating the Timeline in Chrome 53.0.2785.101 m. When I ... by _smp_ Builder in Splunk Search 01-27-2017 2 6	2	6
How to get to grips with SPL. Hi guys, I'm new to splunk, and we have recently implemented splunk enterprise in our environment. We are primarily ... by JPurdham Engager in Splunk Search 01-27-2017 0 3	0	3
Why am I unable to add my search to a dashboard panel? I am using the following search to get all indexes and sourcetypes. But I am unable to add the search to a dashboard ... by jagadeeshm Contributor in Splunk Search 01-27-2017 0 12	0	12
How can we show or display application response time based on session id? hi, we running load test on 6 of the micro services and each has different API. we are indexing those logs into Splun... by rajgowd1 Communicator in Splunk Search 01-26-2017 0 4	0	4
How to remove numbers from events at search time? Hi, i have endpoints which are extracted from the log message and some end points are with numbers at the end. can we... by rajgowd1 Communicator in Splunk Search 01-26-2017 0 7	0	7