Splunk Search

Community Activity

Basic Search with Sourcetype Filter Issue Hi all, I'm not sure whether this is a bug or a 'holiday hangover'! I used props.conf and transform.conf to re-sour... by markwymer Path Finder in Splunk Search 01-09-2017 0 5	0	5
Cannot find remote data using timechart Here is my test environment, I got two VMs, PC1 and PC2, and PC1 works as a server end and PC2 as a client end. I try... by huangyingleo New Member in Splunk Search 01-08-2017 0 13	0	13
Creating a bar chart with multiple fields I am trying to create a bar chart displaying the amount of active users the past 1 hour, 24 hour, and 1 week. How w... by andrwbn Engager in Splunk Search 01-08-2017 0 3	0	3
Comparing performance data from last week to today, using lookup table?? I have a report that returns method Avg(timing) perc90(timing) that I would like to create as a baseline each week. ... by danoconnl Explorer in Splunk Search 01-08-2017 0 4	0	4
Count total number of male or female in given country Gender . About Right . Oveight . underweight country f . 560 ... by jw44250 New Member in Splunk Search 01-08-2017 0 1	0	1
how to get DNS resolution for public source IP ? Hi All, I have written a search which shows which all countries are trying to access our servers from outside. It wo... by seetharamanPr New Member in Splunk Search 01-07-2017 0 3	0	3
Image Overlay with Icons based on value Hello Splunkers. I know that I can have some single values over an image, as follows: (example from Dashboards for S... by guimilare Communicator in Splunk Search 01-07-2017 1 14	1	14
Chart Font -- Increase Font Size I know that the css files can be modified to change the appearance of various Splunk views, but I cannot locate which... by vragosta Path Finder in Splunk Search 01-07-2017 4 1	4	1
Why is the streamstats command not returning all events when used with a "by" clause on a large dataset? I'm using streamstats to pair up events by username so that timestamps, IP's, latitudes, and longitudes can be analyz... by kcnolan13 Communicator in Splunk Search 01-06-2017 2 6	2	6
How to create a visualization for different event structures? Have events that have 10+ variables in each. I want to be able to show correlations for one seed value and 1 to 10+ ... by donaldwayne1975 Path Finder in Splunk Search 01-06-2017 0 1	0	1
Is there a way to add Sparklines within my timechart search? Is there a way to implement sparklines into the following query in the last column here? table Name SystemRole OS Si... by jhayIV Engager in Splunk Search 01-06-2017 0 3	0	3
how to sort rows result in descending order Happy New Year!!! my splunk query --> search command \| timechart sum(quantity) as total span=1week by user limit=5 \|... by mmouse88 Path Finder in Splunk Search 01-06-2017 1 7	1	7
Has anyone ran into Indexer CPU spiking when changes to lookup files occur? I've been troubleshooting an issue for some time now that is proving pretty difficult to resolve. My goal is to chan... by briancronrath Contributor in Splunk Search 01-06-2017 0 1	0	1
How to edit my search to use left "join" against mvexpanded stats values() data? Hi folks, I have log data which looks something like this (essentially, it's a historical log of client events): 20... by chrisfankhauser Explorer in Splunk Search 01-06-2017 0 6	0	6
How can I top results from a search when using list(field) Heres my current search: index=akamai src_ip!=xxx.xx.xx.xx AND src_ip!=xxx.xx.xx.xx \| lookup whitelistip.csv src_ip ... by tkwaller Builder in Splunk Search 01-06-2017 0 6	0	6
External lookup - Splunk UI can't see all binaries in the folder I have two python scripts for external lookup. Both of them use two different binaries under location /home/xxx/bin64... by nquba Explorer in Splunk Search 01-06-2017 2 5	2	5
Why do I receive error "system wide historical concurrent searches quota has been reached"? we have 10 indexers with 16 CPU cores each. Our replication is 4 base_searches=6 and max_searches_per_cpu =1. I am... by ankithreddy777 Contributor in Splunk Search 01-06-2017 0 6	0	6
How can we join two sourcetypes together that have a common field? How can we join fields of two source types, when one field is the same in both source types? by Hema_Nithya Explorer in Splunk Search 01-06-2017 0 8	0	8
How to edit my search so the eval function to work in a timechart? I am looking to find the errorpercentage of ERROR_CODES vs the number of "ACTIVITY="logins" per division (we have 4 o... by mtrochym Observer in Splunk Search 01-06-2017 0 2	0	2
How to extract fields in Splunk Hi , Can anyone let me know how to extract fields in Splunk ? I have one sourcetype file that contains data of Atta... by sanyam New Member in Splunk Search 01-06-2017 0 2	0	2
Post search stucks Hi, I tried to use post search to populate list options: <search id="baseSearch"> <query> <![... by stwong Communicator in Splunk Search 01-06-2017 0 5	0	5
splunk lookup like match i have a lookup csv with say 2 columns colA colB sb12121 800 sb879898 1000 ax61565 680 ax7688 ... by VARWIZ New Member in Splunk Search 01-06-2017 0 2	0	2
How to locate a specific SHA1SUM value on the entire Redhat file system via Splunk search? How locate specific SHA1SUM value on the entire redhat file system via splunk search? by abidewan New Member in Splunk Search 01-06-2017 0 3	0	3
field "punct" meaning Hi everyone, I am seeing "punct" field against almost all indexes. what does that mean. by rashid47010 Communicator in Splunk Search 01-06-2017 0 4	0	4
Aliasing and Graphing events at search Hi All, Apologies if this is too simple question and has been asked 100 times, But i can't seem to find the answer I... by craigwilkinson Path Finder in Splunk Search 01-06-2017 0 6	0	6