Splunk Search

Community Activity

Using "stats max(foo)", is it possible to get the whole line of the log that contains the max value of foo? When I use \| stats max(foo) I get the largest value of foo. Is it possible to get the whole line of the log which co... by viggor Path Finder in Splunk Search 10-17-2016 0 1	0	1
How to figure out what fields our Splunk users are searching for in their reports or dashboards? Hi, I need to figure out what fields our Splunk users are searching for, either in their reports or dashboards. Is ... by shahzadarif Path Finder in Splunk Search 10-17-2016 0 7	0	7
How to write a search to alert if indexers are not receiving data from forwarders? Hi Team, How do I write a search to alert me when one of the critical indexers is not receiving the data from the s... by srikanth1213 Path Finder in Splunk Search 10-17-2016 1 5	1	5
Can anyone explain what is a Splunk Base Search? Hello Splunkers Can anyone explain in simple terms what is a Splunk Base Search? by splgeek Explorer in Splunk Search 10-17-2016 0 4	0	4
Top N results in table The intermediate result of a query is Machine \| ErrorType \|ErrorCount A \| ErrorA \| 4 A ... by ponsakthi Engager in Splunk Search 10-17-2016 0 1	0	1
how to pass parameters to search command i am trying to search some strings like Error OR WARNING and IPADDRESS or HOSTNAME from /var/log/messages file and d... by rajgowd1 Communicator in Splunk Search 10-17-2016 0 6	0	6
Extract a field/or a single value from a scheduled alert table So I am generating an alert everyday at 2am, the alert is basically a table with several fields, now I would like the... by smhsplunk Communicator in Splunk Search 10-17-2016 0 6	0	6
What is being counted in this query? What is being counted in this query? Here it is: \| `tstats` count from datamodel=Authentication by _time span=10m \| ... by Justin1224 Communicator in Splunk Search 10-17-2016 0 5	0	5
Custom Eval Command or Custom Search Command as Calculated Field? Is it possible to include a custom search command in your app as a calculated field? One that would automatically app... by snoobzilla Builder in Splunk Search 10-17-2016 1 3	1	3
Turn stats search into chart Trying to find a way to put the results of this search into a chart. I know the issue is that there are 2 fields Im t... by tkwaller Builder in Splunk Search 10-17-2016 0 12	0	12
Using tstats to generate list of unique users logged in over time I'm trying to create a simple report that shows the number of unique users logged into our Cisco ASA over the course ... by jmaple Communicator in Splunk Search 10-17-2016 0 3	0	3
Error when extracting multivalue field from xml data via rex command Hi I need to extract multivalue field from an event structured in xml. <job> <nameJob>Job1</nameJob> <execut... by jurbain New Member in Splunk Search 10-17-2016 0 4	0	4
How to best combine 2 eval searches and use timechart? I know this is fairly simple question. I am trying to do a couple evals on userAgent fields, as I am trying not to us... by tkwaller Builder in Splunk Search 10-17-2016 0 5	0	5
sort show wrong result Hello, I hope anyone can help me. My search eval epochtime=strptime(DATUM,"%d.%m.%Y") \| eval datefield=strftime(ep... by Paul1896 Path Finder in Splunk Search 10-17-2016 0 16	0	16
Field extraction using Field Extractor Hi at all, I would extract a field as a part of source field and I know how to do this using rex command \| rex field... by gcusello SplunkTrust in Splunk Search 10-17-2016 0 4	0	4
_audit - see users behavior - users searches by sourcetypes Hi guys, hope you can help me. I want to have a statistic of my users. The most of the users access the search&repo... by egreibl Engager in Splunk Search 10-17-2016 0 4	0	4
how to configure field extractor for a single source file only Hi, I am configuring Field Extractor to extract fields from a single files directly from events>action>extract field... by sumituv New Member in Splunk Search 10-16-2016 0 2	0	2
Stumped on this regex Hi, I'm trying to pull the user ID from the below data? The userids are: mspeer2, ddaniel, mirella, jcrews I have... by dbcase Motivator in Splunk Search 10-16-2016 0 7	0	7
Exclude a Country with geoip Hello, I have the following search index=collaboration sourcetype="mail-2" Auth \| geoip simta_client_ip \| dedup simt... by brywilk_umich Path Finder in Splunk Search 10-16-2016 0 2	0	2
How do I find the unique elements between two columns? If I have a search that returns a table with multi-values in two different columns, how can I find the unique element... by mbintz Explorer in Splunk Search 10-15-2016 0 5	0	5
Compare Results From Two Searches Hi, I wonder whether someone may be able to help me please. I'm using the following subqueries: The first extracts ... by IRHM73 Motivator in Splunk Search 10-15-2016 0 9	0	9
Restrict Time Range by User Role and index / SourceType We have different indexes with varied retention and volumes. We would like to be able to restrict some roles to searc... by VidhyaR New Member in Splunk Search 10-14-2016 0 3	0	3
How to display values in xyseries format? How to display values in xyseries format? i have log like below tcp 0 0 12b8-splfwd02.nam.nsro:7171 poc-... by rajgowd1 Communicator in Splunk Search 10-14-2016 0 15	0	15
Field Extraction issue HI Experts, i am able to exact 4th and 5th fields from below log but i am able to exact get the value if the 4th or 5... by rajgowd1 Communicator in Splunk Search 10-14-2016 0 8	0	8
Filtering on lookup field values using multiple values on a few field Searching for events which match any of multiple values for the same field times several fields in a lookup using the... by landen99 Motivator in Splunk Search 10-14-2016 0 1	0	1