Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
ivar9692

What is the best way to track URLs visited for a user?

Hi, I want to know what url user visited after going to a particular url. Suppose this is the url user visited (www...
by ivar9692 Explorer in Splunk Search 10-23-2016
0 4
0
4
moaf13

In Extract Fields: how can you extract Multivalue Field using Regex Code?

So I have this: 01010101 01/02/2015 4200000 U-55555555-0000 1.00 Q CC ...
by moaf13 Path Finder in Splunk Search 10-23-2016
0 1
0
1
bowesmana

How to display Y axis as HH:MM duration instead of seconds in timechart

I have race data for a regular monthly race, where race time is given as elapsed time in the format MM:SS, e.g. 42:56...
by SplunkTrust SplunkTrust in Splunk Search 10-23-2016
0 1
0
1
plucas_splunk

How to chart vehicle layover time?

Suppose I have vehicle data of the form: 2016-10-18 17:37:05 GMT vehicle_id="1011" vehicle_distance=185 stop_tag="52...
by plucas_splunk Splunk Employee Splunk Employee in Splunk Search 10-22-2016
0 2
0
2
smolcj

The maximum number of historical concurrent system-wide searches has been reached. current=8 maximum=8

HI , Even if i just started my splunk instance, my views are loading with this error. I am sure that only one search ...
by smolcj Builder in Splunk Search 10-22-2016
2 14
2
14
kholleran

DOWN! Error: skipped indexing of internal audit event will keep dropping events until indexer congestion is remedied. Check disk space and other issues that may cause indexer to block

Good morning, I am suddenly receiving this error and not able to index: skipped indexing of internal audit event wi...
by kholleran Communicator in Splunk Search 10-22-2016
4 10
4
10
samsingnok

How to write a search that has two conditions?

i have two conditions which has to be put in a same search. conditon no 1: if the Source address is in bad_ips.csv (...
by samsingnok Engager in Splunk Search 10-22-2016
0 1
0
1
guarisma

My muilti-line regex won't work after saving it for field extractions in a HPUX audit log

Hello, This is my regex, it works well using the rex command on the search bar of my app like this: index=hpux tag=...
by guarisma Contributor in Splunk Search 10-21-2016
0 2
0
2
kiran331

How to search for User logon time duration?

Hi How to search for user logon duration in a aday starting with first 4624 event and last 4634 event in the day?
by kiran331 Builder in Splunk Search 10-21-2016
0 1
0
1
jpaulovich

How to use rex to extract a named field within a named field?

Greetings, The event that I'm working with is below. The problem is that our platform (in this case) has a field ...
by jpaulovich Explorer in Splunk Search 10-21-2016
0 3
0
3
desmondpigott

How to detect a new host used by a user?

Summary: We want to trigger an alert/email when a user logs on to a new system for the first time. Event ID 4624 is ...
by desmondpigott Explorer in Splunk Search 10-21-2016
0 2
0
2
JDukeSplunk

How to edit my regular expression to match multiples of the same type (Java Mother and Daughters exception)?

I'll start with a raw event. This is basically a Java stack dump. 2016-10-20 13:23:20,828 [p-bio-8001-exec-1866] [T...
by JDukeSplunk Builder in Splunk Search 10-21-2016
0 1
0
1
wweiland

How to compare search results from 2 dates without using subsearch?

Hi, I'm trying to compare stats from 2 different dates (sometimes not back to back) and I'm running into a wall bec...
by wweiland Contributor in Splunk Search 10-21-2016
0 9
0
9
rdominy

In Splunk versions after 6.4.3, chart using span=log no longer works. Is there a workaround?

I was successfully using the following query with Splunk 6.4.3: index="pixelscoredata"| chart count by imps_budget b...
by rdominy Engager in Splunk Search 10-21-2016
0 2
0
2
torndorff

Why is the regular expression for my whitelist in serverclass.conf not matching as expected?

I'm working to simplify a serverclass.conf and am struggling to get regex working. For example: [serverClass:Conf...
by torndorff Explorer in Splunk Search 10-21-2016
0 5
0
5
TMazurek

How to combine results of two stats searches into one so summary information can be displayed in one pie-chart

I have two searches: 1st search: index=main sourcetype=ab_alerts | rename ab_alerts.AlertID as AlertID, ab_alerts....
by TMazurek New Member in Splunk Search 10-21-2016
0 7
0
7
vxsplunk

In what phase are discovered fields available (automatic field extraction)?

I want to add a field to my events that is derived from a discovered field at search time. The new field wil be a pri...
by vxsplunk Explorer in Splunk Search 10-21-2016
1 4
1
4
HeinzWaescher

How to use a date format as a filter in the base search

Hi, I have events with a timestamp_value=1477043785561 We can filter like this: index=a sourcetype=logins timestam...
by HeinzWaescher Motivator in Splunk Search 10-21-2016
0 8
0
8
MattQ

query to return multiple user login attempts from same IP

Trying to build a query that will return values in the event of multiple userIDs attempting to login from a single IP...
by MattQ Explorer in Splunk Search 10-21-2016
0 4
0
4
dustinhartje

How to create a status time chart based on only change events with splits?

I have what seems like a fairly simple analytical problem that I'm having real trouble wrapping into Splunk commands....
by dustinhartje Explorer in Splunk Search 10-21-2016
0 4
0
4
runiyal

How to search the count of two strings in two separate lines in our sample log files?

I need to search two strings within the set of rows of the log file. I have a process running for the new webscript -...
by runiyal Path Finder in Splunk Search 10-20-2016
0 2
0
2
rdownie

How to run a dashboard search in verbose mode through Simple XML?

I am trying to run a dashboard search in verbose mode. I am using workflow actions from within the events, but the re...
by rdownie Communicator in Splunk Search 10-20-2016
1 4
1
4
Runals

How to return a list of field names vs field values?

I'm trying to have Splunk build a list of field names where the values in the fields meet some criteria - note though...
by Runals Motivator in Splunk Search 10-20-2016
0 3
0
3
Justin1224

Why is values(foo) here?

Why is values(Authentication.user_category) here when further down there is "where Authentication.user_category=defau...
by Justin1224 Communicator in Splunk Search 10-20-2016
0 2
0
2
jaxjohnny

How can I make this nested search faster?

This search works, but it's slow. I know nested searches are no longer recommended. Can anyone help me re-write thi...
by jaxjohnny Path Finder in Splunk Search 10-20-2016
0 4
0
4
Top Labels
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...
Top Solution Authors
View All