Splunk Search

Community Activity

Splunk Query to list top CPU consuming process when utilisation is greater than 70% Hello I have 2 queries, one to find top 10 CPU utilising process and 1 more for finding the avg CPU utilisation but ... by aparnaa Path Finder in Splunk Search 11-04-2016 0 5	0	5
How to restrict license report to slaves via lookup? Hi, I want to run reports against certain slaves reporting into the license manager, and filter them via a lookup. ... by a212830 Champion in Splunk Search 11-04-2016 0 3	0	3
How to change timezone from CST to EST during search time? Hi, Can you please help us in changing time from central to EST during search time? We have our server in central zo... by splunker9999 Path Finder in Splunk Search 11-04-2016 0 5	0	5
How to use field name as the value passed into a lookup table? \| foreach p* [eval val='<>' \| lookup wkst_risk_control asset_risk_position AS 'val'] I have 19 separate p extractio... by TobiasBoone Communicator in Splunk Search 11-04-2016 0 1	0	1
streamfwd ingestion of data from the pcap searching Hi, Following the Documentation provided by splunk I triggered streamfwd from the command line for my pcap. http://d... by ekremikizoglu Explorer in Splunk Search 11-04-2016 0 3	0	3
How to add line break in the eval function? Hi How to add the line break in the eval function base search\|eval new = src_host+","+"Event Code="+EventCode+","... by kiran331 Builder in Splunk Search 11-04-2016 0 3	0	3
Extracting a string from the search result INFO : Start Outputing Report: Project ID:c_exactworld_17121, Format:EXCEL Above is my search result, and I wanna ex... by zeewagon Engager in Splunk Search 11-04-2016 0 9	0	9
How does this search work? I am using the tag name in search query to filter down the app specific index, followed by "index=index1" to filter d... by jnithya Engager in Splunk Search 11-04-2016 0 1	0	1
How to set a field as the token to use in a dashboard? I have a search which will return me field email id. index=snow description=CPU \|table number sys_created_by nu... by surekhasplunk Communicator in Splunk Search 11-04-2016 2 4	2	4
How to generate a search for an exact word pattern? Hi All, I want to search a word in Splunk in a certain field for example "foo" and will return the following: foo b... by danielcmarcosjr Explorer in Splunk Search 11-04-2016 1 23	1	23
How to edit my REGEX in transforms.conf to allow certain data to get indexed in Splunk? Hi, I have a regex to allow certain data into Splunk via a transforms, and now I need to update it. I made some chan... by a212830 Champion in Splunk Search 11-04-2016 0 10	0	10
My first summary index - what am I doing wrong with the stats command? Dear Splunk gurus, I am trying to use Summary Indexing to improve reporting times for a Print Analytics dashboard. T... by alexoldman Explorer in Splunk Search 11-04-2016 3 3	3	3
([^\/]+)\/ REGEX meaning? Can someone explain me wht that simple regex means?? Sorry for this simple question but this is very new to me. I und... by Harishma Communicator in Splunk Search 11-04-2016 0 7	0	7
Why are my search results are not matching the lookup table? I am performing a search where I am making use of a CSV lookup and only get those results that match one of the field... by raghav130593 Explorer in Splunk Search 11-04-2016 0 2	0	2
How do I do SQL-like MINUS? All OrderId This query gives all distinct orderID basesearch \| dedup orderID \| table orderID This query gives all... by chatsai New Member in Splunk Search 11-03-2016 0 5	0	5
How do I sort my results from my sample data into different columns? I have the below data that I want to sort and show up in different columns as 1. Device (that shows the different rp... by bharpur183 Explorer in Splunk Search 11-03-2016 0 12	0	12
Why does my search only give strptime output for one of three time values? I have a field DATE_OF_BIRTH and the values are like 1962-09-30 00:00:00.0 1955-10-21 00:00:00.0 1988-10-31 00:00:00... by ppanchal Path Finder in Splunk Search 11-03-2016 0 3	0	3
Which of these field extractions defined in props.conf will Splunk consider for this field? I'd extracted 2 fields in props.conf as below: [abc_xml_v1] EXTRACT-abc_rac_cd_instance = ^/(cs\|app)/abc/.*/adump/(?... by pavanae Builder in Splunk Search 11-03-2016 0 1	0	1
How to parse my sample JSON data to get a stats count grouped by a certain value? For the json below: {"key5":"Thu Nov 03 08:34:19 CDT 2016","key1":"123456","key2":"{\"key21\":\"(123)-456-7890\",\"k... by splunk_skr Explorer in Splunk Search 11-03-2016 0 7	0	7
Results of two searches displayed on one chart I'm trying to take the results of 2 searches that are each searching a different index and display on one table to co... by rlautman Path Finder in Splunk Search 11-03-2016 2 5	2	5
-1 value at _time field using timechart Hello Splunkers. I'm having an issue with timechart; Scenario: I have a index that contains summarized data. I wa... by guimilare Communicator in Splunk Search 11-03-2016 0 9	0	9
Concatenate fields into a single string I have four fields: Signature_Name, Vendor_Signature, Incident_Detail_URL, Analyst_Assessment that I need to concaten... by efelder0 Communicator in Splunk Search 11-03-2016 6 6	6	6
Why is my alert not triggered even though there are results that meet the criteria? Hi All, We have a search which checks for a total count of failures in system in the last 24 hours: index=mydata ea... by kotig Path Finder in Splunk Search 11-03-2016 0 6	0	6
Distinct Count Where... Hey people, I'm trying to get multiple "distinct count where..." working but don't know where to start. The idea is... by singhh4 Path Finder in Splunk Search 11-03-2016 0 7	0	7
Timechart x-axis customized time I am getting date from my device in search date field like date=20140408045219. So i wanted to show the time chart ac... by abhi144 New Member in Splunk Search 11-03-2016 0 4	0	4