Splunk Search

Community Activity

After upgrading Splunk from 6.4 to 6.5.1, why is the "search" command not working? I have upgraded my Splunk version to 6.5.1 from 6.4. After this, I observed the "search" command is not working. Is ... by sivapuvvada Path Finder in Splunk Search 01-05-2017 0 5	0	5
filed Extraction using regex in a query? Hi Team, I have data like below: \launching VM Initializing Wed 2017-01-04 02:22:48 Going-stop Wed ... by kalyanilandge New Member in Splunk Search 01-05-2017 0 4	0	4
How to use join with data model? I have tried using join to detect the common field from lookup but i need not find the fields that are not present us... by prajesh New Member in Splunk Search 01-05-2017 0 1	0	1
How does Splunk reconstruct events when using forceTimebasedAutoLB? According to this blog post: http://blogs.splunk.com/2014/03/18/time-based-load-balancing/ Using this setting Splu... by the_wolverine Champion in Splunk Search 01-05-2017 1 4	1	4
TimeFormat conversion to millisecond Hello, I have extracted field which contains application response time in below format. Format: 00:00:00.000 00:00... by hemendralodhi Contributor in Splunk Search 01-05-2017 0 6	0	6
Use Lookup To Filter Events Hi, in my searches I want to filter my events when the field "Version" has specific values. The list of values I wan... by HeinzWaescher Motivator in Splunk Search 01-05-2017 3 5	3	5
Error in 'eval' command: The expression is malformed. An unexpected character is reached at ',0)' Hi, for a SLA project, I'm using Splunk to read Nagios the availability status of some services. Using the condit... by antoniofacchi New Member in Splunk Search 01-04-2017 0 7	0	7
The same sql but different searche result The SPL below was ran in search bar and table in panel, but the search result are different. Why the same SPL made d... by kavana Explorer in Splunk Search 01-04-2017 0 1	0	1
Alternative to join command to do a summation on date_hour I need to sum up the time differential for two events on a date_hour, date_wday, and date_month basis. Originally I u... by byu168 Path Finder in Splunk Search 01-04-2017 0 3	0	3
is there a way to get metadata about a search result with loadjob Hi, I am trying to get the metadata info of the search artefact that is returned by loadjob (when loading the lates... by alecools Engager in Splunk Search 01-04-2017 0 4	0	4
Save Button Grayed Out When Editing Regex (Field Extraction) I am trying to extract a new field from an event using regex in Splunk 6.5. I've progressed through the "Extract a Ne... by jlemoine Path Finder in Splunk Search 01-04-2017 2 3	2	3
How to import files that change names when they roll over to a new daily file Hi, I have a system which logs data into a file, once about 24 hours of logging occurs the file is renamed and a new... by tonyparreiro Explorer in Splunk Search 01-04-2017 0 6	0	6
How to edit our props.conf to assign a time field in our sample JSON event as the event timestamp? Can you please tell us how to assign event log time (ALERT_TIMESTAMP fields value ) as the event timestamp (_time)? S... by dhavamanis Builder in Splunk Search 01-04-2017 0 3	0	3
How to change my sample timestamp to a different time format? Hi, I have time entries like 2017-01-04T19:12:33.0117979+00:00 in the logs. How can I change this to 2017-01-04 19:1... by siddharthmis Explorer in Splunk Search 01-04-2017 0 3	0	3
How to edit this search to exclude some servers from the metadata? \| metadata index=Test_app type=hosts \| eval age = now()-lastTime \| where age > (60) \| sort age d \| convert ctime(l... by kirankotla New Member in Splunk Search 01-04-2017 0 2	0	2
Why is regex not returning any results when used in a tstats search? I have a correlation search that triggers on users accessing too many URLs categorized as unknown. \| tstats allow_ol... by pgort New Member in Splunk Search 01-04-2017 0 1	0	1
Lookup Definition Not Replicating Across Search Head Cluster I have pushed a static lookup file via the Deployer to all of my Search Heads. I then configure the lookup definitio... by aferone Builder in Splunk Search 01-04-2017 0 1	0	1
What should I do, if anything, when approaching the max number of searches? Sometimes I see this message in Splunk Web: You are approaching the maximum number of searches that can be run concu... by hulahoop Splunk Employee in Splunk Search 01-04-2017 3 5	3	5
Indexed Events Per Minute Hi, is it possible to write a search, that shows the total count of events by indextime (span=1m)? Best Heinz by HeinzWaescher Motivator in Splunk Search 01-04-2017 0 14	0	14
How to dedup a combination of two fields and get the count of unique values per host? We have devices that generate thousands of a particular entry. I created a daily search to summarize. I combined the ... by mvasquez2 New Member in Splunk Search 01-04-2017 0 7	0	7
Why is my search stuck in "Finalizing job..." status and does not return any results with Internet Explorer (IE11)? Hello. I just finished upgrading from 6.3.3 to 6.5.1 last night. This morning, I am able to reproduce a problem where... by _smp_ Builder in Splunk Search 01-04-2017 0 6	0	6
How to search multiple field values from a table? I have a lot of details in my table, so I want to search values from some of the fields IN THOSE FIELDS There is one ... by prashanthberam Explorer in Splunk Search 01-04-2017 0 8	0	8
how to set default count=0 when the search result is null When the search result is null with the special filter, how to show it with count =0 instead of no record? index=app... by Freya_X New Member in Splunk Search 01-04-2017 0 4	0	4
Can I make a trendline that overlays my area chart? eventtype=cv "Source Client"=* "Destination Client"=slc-p-res* OR dab* Duration=* \| convert dur2sec(Duration) AS Dura... by HCadmins Communicator in Splunk Search 01-04-2017 0 4	0	4
Why does having multiple values for mvlist produce unexpected results for my transaction search? I am still not able to get 2 fields in the mvlist list. Here is my transaction line now: \| transaction visitID mvlis... by gt_dev Explorer in Splunk Search 01-04-2017 0 3	0	3