Splunk Search

Community Activity

What privileges are needed to use tstats summariesonly=t? We have accelerations turned on and at 100% for a number of our datamodels. I like the speed obtained by using \|tstat... by reed_kelly Contributor in Splunk Search 10-26-2016 1 3	1	3
dbinspect fields names and format changed in 6.* I was using dbinpect to calculates the first and last events in my buckets. In splunk 4.* and 5.*, it was returning 2... by mataharry Communicator in Splunk Search 10-26-2016 1 3	1	3
Why is the metadata command showing the wrong firstTime? \| metadata type=sourcetypes index=* My time range picker is set to today (Today is July 30, 2015). I analyzed my da... by david_halbeisen New Member in Splunk Search 10-26-2016 0 2	0	2
how to write _time function to take the data for all 7 days ( i mean in between days too ) Hi, I have scenario like having timechart to show spikes for different dates(ex for 7 days).But now it shows same va... by umsundar2015 Path Finder in Splunk Search 10-26-2016 0 5	0	5
How to edit my regular expression to extract the last IP from my sample string using rex? Hey Guys, I have the following output: Server: abc-ij-qwerty88.asdf.xyz.com Address: 10.10.254.97 DNS request timed... by bakalon Explorer in Splunk Search 10-26-2016 0 9	0	9
Few parts of JSON logs as separate fields and remaining as events Hi All, I have JSON Logs like below: SAMPLE EVENT: { [-] line: 2016-10-21 19:16:00 INFO [CollectorAccess] Updat... by sarnagar Contributor in Splunk Search 10-26-2016 0 3	0	3
the function sum(count) by xx field is not working For me the below stats sum(count) by Asset_status provies no results . eval Asset_status= if(Asset_Class=Server OR A... by umsundar2015 Path Finder in Splunk Search 10-26-2016 0 3	0	3
How to remove real-time searches from Search and Home Page UI? I would like to remove real time searches from the Home Page and Search Panel on Splunk UI. I came across someone's o... by OMohi Path Finder in Splunk Search 10-26-2016 1 3	1	3
multivalued OUTPUT field for my automatic lookup Is it possible to configure an automatic lookup to use a multivalued OUTPUT field? I should add that the lookups mat... by carmackd Communicator in Splunk Search 10-26-2016 2 7	2	7
field fillnull with values from correlated events by fedyshynyuriy New Member in Splunk Search 10-25-2016 0 3	0	3
Is sparkline adding any new information to my search results? Is sparkline adding any new information to the results of this search, or is it just presenting the same information ... by Justin1224 Communicator in Splunk Search 10-25-2016 0 3	0	3
transforms with SOURCE_KEY using FIELDS Dataset 10.24.11.102 - user1 [10/Sep/2016:02:46:12 -0400] "GET http://www.foo.org:80/lib/stone/csrf/token.json HTTP/... by willamwar Path Finder in Splunk Search 10-25-2016 0 1	0	1
How to edit my search to combine multiple rows into one output row in my results? I am taking numerous log entries and trying to produce an output report that shows the earliest logon time and the la... by szimmer661 Explorer in Splunk Search 10-25-2016 0 6	0	6
Regex Source and Destination files with path, filename, extension I need some help with this one since it is beyond my regex skills which are not the best. I would have used the fiel... by kent_farries Path Finder in Splunk Search 10-25-2016 0 6	0	6
How to count numbers of records per category from a table? Hi. I have a search result returned as the following: name type col_1 col_2 col3 ==== ==== ===== ====... by splunkrocks2014 Communicator in Splunk Search 10-25-2016 0 2	0	2
How to calculate concurrency using value in event? Hi all, I have the following type of data with session information: starttime=1477419810 endtime=1477419818 count=5... by pasito Explorer in Splunk Search 10-25-2016 0 1	0	1
How to edit my search to append a total average column for a chart? I can't seem to find a solution for this. I've created a chart over a given time span. I've been able to add a column... by splunkin11 Path Finder in Splunk Search 10-25-2016 0 14	0	14
How to sum a set of values for similar fields from JSON data to calculate a percentage? I am trying to sum a set of values from some JSON files. The structure of the response is identical, but I want to gr... by echeren Engager in Splunk Search 10-25-2016 0 1	0	1
How to create a regex to capture information from an indexing sourcetype? Hi, I'm struggling to create a regex to capture all the information correctly from a sourcetype we have and make the... by lukeandrews New Member in Splunk Search 10-25-2016 0 7	0	7
How to accelerate the searches for a dynamic dashboard? Hi, I have a dynamic dashboard which contains multiple panels and it takes a lot of time for displaying the data. Is ... by chintan_shah Path Finder in Splunk Search 10-25-2016 0 3	0	3
What's the order of search time field extraction I have data like whrchan-ros,FirstName,LastName,End User,Activated,Major Account,Group,Direct sales I want to creat... by bowesmana SplunkTrust in Splunk Search 10-25-2016 0 5	0	5
How to convert partial rows into columns? Hi. I have a search query returning the result as the following format: Application Service Owner Location ... by splunkrocks2014 Communicator in Splunk Search 10-25-2016 0 2	0	2
How to split a string into 2 separate fields in Splunk 6.5.0? Hi, before Splunk 6.5.0 I used commands like this to split strings into separate fields. For fields like productId=... by HeinzWaescher Motivator in Splunk Search 10-25-2016 0 2	0	2
Why does dedup count and dc return a different number of values? Doing separate searches with dc doesn't match numbers returned by a dedup count, except for the total. This is for th... by tmaltizo Path Finder in Splunk Search 10-25-2016 0 5	0	5
Is it possible to create one graph that has lines for each field and a timechart average for each field as additional lines? So, I have a simple search index="prod1" source="/opt/apps/logs/my.log" Performance Timing foobar adapter resulti... by pcorchary Explorer in Splunk Search 10-25-2016 0 3	0	3