Splunk Search

Community Activity

How to extract these fields from my sample data? Hello Experts, Below is the sample event event_type: LogMessage ip: xx.x.xx.xx job: router_z1 jo... by vrmandadi Builder in Splunk Search 01-05-2017 0 7	0	7
Clarification on Estimated Distinct Count (estdc) Within a search I was given at work, this line was included in the search: estdc(Threat_Activity.threat_key) I found... by Justin1224 Communicator in Splunk Search 01-05-2017 1 3	1	3
Is using count over streamstats time_window not timechart span possible? Hello splunkfans, i'm kind of running out of ideas and this is my first contact to streamstats.  I am working on a ... by RayLio New Member in Splunk Search 01-05-2017 0 3	0	3
How to show stats sum for a field using a value produced from an eval statement? Hi, I have one field with values for each month, and this eval gives me the current month name(current February); e... by franksteinar New Member in Splunk Search 01-05-2017 0 8	0	8
Splunk ES - Notification when a suppression is created Hello, Is there a way to get a RSS or email notification when a new notable suppression is created or enabled in ES... by daniel333 Builder in Splunk Search 01-05-2017 0 2	0	2
How to extract fields from Oracle Diagnostic logs (ODL) format I am trying to extract fields from Oracle Diagnostic logs for Hyperion Essbase as each event will have values in diff... by vchinnadurai New Member in Splunk Search 01-05-2017 0 6	0	6
Splunk query to add commas on calculated fields by date Can you help suggesting options to add commas to the calculated fields Example : chart count as TotalCnt, people OVE... by Mathanjey Explorer in Splunk Search 01-05-2017 0 4	0	4
How do I create a sparkline for each day in a chart? I am trying to summarize network traffic to or from an IP address. I would like to look for daily patterns and thoug... by MonkeyK Builder in Splunk Search 01-05-2017 0 6	0	6
How to edit my subsearch to find a particular SessionID and phrase? I have multiple events that are related by a similar sessionID. One event contains an employerCode, which is what I w... by DanielWick New Member in Splunk Search 01-05-2017 0 1	0	1
How to build a search macro for multiple client run times? Looking to build a macro on an ugly search for some of our clients. Multiple clients use this same search, therefore... by fisuser1 Contributor in Splunk Search 01-05-2017 0 2	0	2
Please help me write a macro for the following eval search command eval range=case( start_time=="ZERO_TIME","All Time", start_time!="ZERO_TIME" AND ctime - strptime(start_time, "%a %b... by smruti13 Observer in Splunk Search 01-05-2017 0 4	0	4
How to set up a conditional search on my application logs to find whether the last start message was recent? I need help on setting up the conditional search on my application logs for stop (Application Stopped) & start (Appli... by mani2004_maddy New Member in Splunk Search 01-05-2017 0 3	0	3
How to add a column of averages to a timechart? Similar to how timechart sum() by ip \| addtotals which adds a "Totals" Column to a timechart, how can you add an aver... by JLIVE101 Engager in Splunk Search 01-05-2017 0 2	0	2
After upgrading Splunk from 6.4 to 6.5.1, why is the "search" command not working? I have upgraded my Splunk version to 6.5.1 from 6.4. After this, I observed the "search" command is not working. Is ... by sivapuvvada Path Finder in Splunk Search 01-05-2017 0 5	0	5
filed Extraction using regex in a query? Hi Team, I have data like below: \launching VM Initializing Wed 2017-01-04 02:22:48 Going-stop Wed ... by kalyanilandge New Member in Splunk Search 01-05-2017 0 4	0	4
How to use join with data model? I have tried using join to detect the common field from lookup but i need not find the fields that are not present us... by prajesh New Member in Splunk Search 01-05-2017 0 1	0	1
How does Splunk reconstruct events when using forceTimebasedAutoLB? According to this blog post: http://blogs.splunk.com/2014/03/18/time-based-load-balancing/ Using this setting Splu... by the_wolverine Champion in Splunk Search 01-05-2017 1 4	1	4
TimeFormat conversion to millisecond Hello, I have extracted field which contains application response time in below format. Format: 00:00:00.000 00:00... by hemendralodhi Contributor in Splunk Search 01-05-2017 0 6	0	6
Use Lookup To Filter Events Hi, in my searches I want to filter my events when the field "Version" has specific values. The list of values I wan... by HeinzWaescher Motivator in Splunk Search 01-05-2017 3 5	3	5
Error in 'eval' command: The expression is malformed. An unexpected character is reached at ',0)' Hi, for a SLA project, I'm using Splunk to read Nagios the availability status of some services. Using the condit... by antoniofacchi New Member in Splunk Search 01-04-2017 0 7	0	7
The same sql but different searche result The SPL below was ran in search bar and table in panel, but the search result are different. Why the same SPL made d... by kavana Explorer in Splunk Search 01-04-2017 0 1	0	1
Alternative to join command to do a summation on date_hour I need to sum up the time differential for two events on a date_hour, date_wday, and date_month basis. Originally I u... by byu168 Path Finder in Splunk Search 01-04-2017 0 3	0	3
is there a way to get metadata about a search result with loadjob Hi, I am trying to get the metadata info of the search artefact that is returned by loadjob (when loading the lates... by alecools Engager in Splunk Search 01-04-2017 0 4	0	4
Save Button Grayed Out When Editing Regex (Field Extraction) I am trying to extract a new field from an event using regex in Splunk 6.5. I've progressed through the "Extract a Ne... by jlemoine Path Finder in Splunk Search 01-04-2017 2 3	2	3
How to import files that change names when they roll over to a new daily file Hi, I have a system which logs data into a file, once about 24 hours of logging occurs the file is renamed and a new... by tonyparreiro Explorer in Splunk Search 01-04-2017 0 6	0	6