Splunk Search

Community Activity

Table drilldown: Disable link conditionally I have a table with cell drilldown enabled. However, in certain conditions I want to disable the drilldown, for examp... by enexwhy Explorer in Splunk Search 01-25-2017 0 4	0	4
How to extract a field in my sample event log? here is a small piece of an event in my log: ;GET.SVC.INFO 01-25-17 404< it starts with a semi-colon and contains ... by rileyken Explorer in Splunk Search 01-25-2017 1 1	1	1
What regular expression do I use to create a new field from a portion of existing field results? New to regular expression.... I'm trying to create a new field called Application that is populated from a part of ... by jward6004 Explorer in Splunk Search 01-25-2017 0 4	0	4
How to generate a search to check forwarder thruput and internal logs? Can anyone please help me with the search to check for forwarder thruput and forwarder internal logs ( to see if ther... by kteng2024 Path Finder in Splunk Search 01-25-2017 0 2	0	2
How to search and display all files or folders on a Windows drive that might have been hidden by a user? Hi all, I'm relatively new to Splunk and its syntax, so pardon if there is an obvious answer... I'm trying to find a... by drojasmanh New Member in Splunk Search 01-25-2017 0 3	0	3
Correlate STUCK and UNSTUCK weblogic threads Hi, I have the below events. What I need to do is correlate the execute thread (the 2nd one) with a STUCK message. ... by dbcase Motivator in Splunk Search 01-25-2017 0 5	0	5
How to apply a top/limit for each bucket in my search results? For each request made to our app, we collect a log event that contains a uri and a response_time property. I want t... by pedroreys New Member in Splunk Search 01-25-2017 0 3	0	3
How do I simplify the regular expression in my field extraction to improve search performance? Apparently the field extraction I built using Splunk Web has caused other searches on the same datasets to be horribl... by kmaron Motivator in Splunk Search 01-25-2017 0 2	0	2
In the top 10 values of the "http_referrer" field, why is the first value empty? I'm in the process of analyzing events in some of our download logs. When I click on "http_referrer" it brings up the... by mistydennis Communicator in Splunk Search 01-25-2017 0 3	0	3
Using "bucket" command, how to add the last bucket that counts all remaining values? I am creating a chart using bucket command ( span 4 ) How can I add the last bucket that count all remaining values >... by andrewpagans Path Finder in Splunk Search 01-25-2017 0 1	0	1
Why am I getting error "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)" running a search through the Splunk Java SDK? I am getting the following error when I am running a search through the Splunk Java SDK: java.lang.RuntimeException:... by maximus_reborn Path Finder in Splunk Search 01-25-2017 0 7	0	7
Fields & Transforming Search Results Hello all, I am using the follow string: SEARCH TERM/MACROS HERE \| eval over = if (ttm_transaction_time>ttm_thres... by srw46 Path Finder in Splunk Search 01-25-2017 0 7	0	7
How do I find out how many times an offensive search ran in the past day/week? We have, what we believe to be an offensive search. How can we find out how many times it ran recently and by whom? by ddrillic Ultra Champion in Splunk Search 01-25-2017 0 2	0	2
How to search non-header CSV format data with Hunk? I am using Hunk 6.2.1 and I have some csv format data saved in my hadoop cluster which doesn't have csv header. By de... by cwl Contributor in Splunk Search 01-25-2017 1 2	1	2
Search without index not working I installed latest Splunk and added splunkforwarder to index log data. Everything looks fine except that search doesn... by aupadhya New Member in Splunk Search 01-25-2017 0 4	0	4
If two events occur X seconds apart ignore the first one Hi, I have a log file that reports an event twice. It is the exact same event except it is repeated 1 or 2 or 3 or ... by dbcase Motivator in Splunk Search 01-25-2017 0 5	0	5
how to Transform/regex on already extracted field within same app? We have a ready made app with the configs in "default" (props & transforms). The existing content is [organisational... by koshyk Super Champion in Splunk Search 01-25-2017 0 5	0	5
Can one search trigger another? Hi, Is there a way for one search, once it's complete, to trigger another search? by a212830 Champion in Splunk Search 01-25-2017 2 8	2	8
How to generate a search to compare license usage for an index? Hi, We want to track our Top N users of license by index, and then compare it to yesterday (and possibly alert on ma... by a212830 Champion in Splunk Search 01-25-2017 0 14	0	14
How exclude lists of hosts from search using lookup table? Good morning, I've looked at some search topics here and haven't been successful in finding a working solution. I h... by SplunkLunk Path Finder in Splunk Search 01-25-2017 0 7	0	7
Is there a limit on the number of selected or interesting fields in Splunk? Hi, I have a log statement with almost 100 fields. When searched, it doesn't show all the fields in Selected fields... by Kukkadapu Path Finder in Splunk Search 01-25-2017 0 10	0	10
Table message when No results found. How to print a custom message in a table when No results found, when no logs? example search: index=test \| eval msg... by mewtwo Explorer in Splunk Search 01-25-2017 2 11	2	11
How to list non common fields of two table Hi Team, I am looking to find out a solution where in i have two tables and i am interested in listing out only thos... by ashish9433 Communicator in Splunk Search 01-25-2017 0 4	0	4
How to build a dashboard for SM9 Incident Reports (CSV File Dump)? Hi Team, I am very new to Splunk and don't have any development knowledge in building the dashboard. We want to do t... by kranthi83 New Member in Splunk Search 01-24-2017 0 1	0	1
how to create each key as a separate field and with value? Hi, i have an output something like below, how can we create each key as a separate field and with value? IFACE rxpck... by rajgowd1 Communicator in Splunk Search 01-24-2017 0 11	0	11