Splunk Search

Community Activity

How do I rename and extract multiple data from a search? I have log lines of the form (relevant excerpt only, they contain also hostname, timestamp, etc): data_name: A B C D... by virgilg Explorer in Splunk Search 09-30-2016 0 1	0	1
Join two queries by nearby event times Hi, can't seem to get what I'm looking for working. Here is what I want to do. Issue a main search of events. Find e... by chrisboy68 Contributor in Splunk Search 09-30-2016 1 5	1	5
CSV Lookup not matching double quotes I have created a csv file mapping a field from my raw index to a more readable version. Some of the values for that f... by keerthana_k Communicator in Splunk Search 09-30-2016 1 2	1	2
Regex Help! How can I change the format of the filed values using regex. what it is now: 0xBCDDADAF7BSS What I need: remove 0x ... by kiran331 Builder in Splunk Search 09-30-2016 0 3	0	3
erex command not working for URL fields I am using Splunk 6.4. I am able to extract many fields from my data using erex comand. However, for URL fields, the... by Upas02 Path Finder in Splunk Search 09-30-2016 0 1	0	1
chart time based Hi , I want a chart exactly like the image attached. My data is input lookup csv file . My time filed name is "Ope... by surekhasplunk Communicator in Splunk Search 09-30-2016 1 4	1	4
pie chart color with eval condition Am using query "index=level3 host=Test \| stats count by Age \| sort Age" and visualizing it in a pie chart. Now my r... by surekhasplunk Communicator in Splunk Search 09-30-2016 0 1	0	1
Why was the maximum number of real time concurrent searches not increased? Hi fellow splunkers, I have multiple search heads on which I want to increase the maximum number of (historical and)... by DonaldvdHoogenb Path Finder in Splunk Search 09-30-2016 0 2	0	2
groupby and ends with value andcount I have one field with values xyz_onprem abc_onprem gghf_onprem abc_aws gfd_aws I want to see the count of values end... by chvnc Explorer in Splunk Search 09-30-2016 0 2	0	2
What is the rex command to extract the last value from a source field? Hi .. I need to extract back123 from the source field. pls provide the entire rex command needed to fetch back123 to ... by simona2121 Path Finder in Splunk Search 09-29-2016 0 7	0	7
How to display search DEBUG messages in Job Inspector UI? Looking to how to enable the message block starting with "The following messages were returned by the search subsyste... by tsunamii Path Finder in Splunk Search 09-29-2016 3 4	3	4
How to develop a table based on my CSV log format? I have the following log format and I'm trying to create a table that will have the following format: "Device","Obje... by balleste Engager in Splunk Search 09-29-2016 0 2	0	2
AND \| OR Rex field Hello. I have a few servers: a,b,c and 1,2,3 Servers a,b,c work with this - base search \| rex field=cs_uri_stem "... by patelpin New Member in Splunk Search 09-29-2016 0 6	0	6
Making a where statement that checks run time? I have this query index=nitro_prod earliest=-30d ESK** (job_class=* OR NOT job_class=) compl_code= \| fields app_... by JoshuaJohn Contributor in Splunk Search 09-29-2016 0 1	0	1
Lookup of DNS from proxy logs to enrich firewall traffic search I'm looking to enrich a search of firewall IP data with DNS host data from proxy logs. To be clear, I don't want to d... by alandeandrea Explorer in Splunk Search 09-29-2016 0 4	0	4
How to rename multiple fields in a chart? When i run the following query, my legend has the values as values(fieldname): index=main source=daily_report sourc... by zhatsispgx Path Finder in Splunk Search 09-29-2016 0 3	0	3
How can I end a long running search job using the Splunk API? If I make a POST request to "services/search/jobs", it will return a job-id. Let's say the job is taking too long, an... by bensonqiu Engager in Splunk Search 09-29-2016 0 1	0	1
How to get a count of daily active users in the last 3 days? Hi All, I'm new to Splunk and new to get a count of the daily active users in the last 3 days. Users in our system a... by rob9mcneil9 Engager in Splunk Search 09-29-2016 0 2	0	2
Search generated too much data... Has anyone run into this message? "Search generated too much data for the current display configuration, results hav... by terryloar Path Finder in Splunk Search 09-29-2016 2 4	2	4
How to consolidate events into one event by using a multi-value field to lookup values? Trying to take a multi-value field using that to lookup values then placing the return information into the correct f... by jdschmitz New Member in Splunk Search 09-29-2016 0 1	0	1
How to increase truncation limit to display all results in a chart? Hello Splunkers, These results may be truncated. This visualization is configured to display a maximum of 1000 resul... by lbogle Contributor in Splunk Search 09-29-2016 4 10	4	10
How to prevent my timechart search results from being truncated to display all data points? I am attempting to generate an area chart for the past 15 days using the following search: index=test sourcetype=abc... by avisram Path Finder in Splunk Search 09-29-2016 3 3	3	3
Undocumented Search Operator TERM() It seems that the undocumented TERM() operator can give quite a performance boost to searches. E.g. I ran a search o... by my2ndhead SplunkTrust in Splunk Search 09-29-2016 5 5	5	5
How to modify my search to get result shown in a visualization chart? Am using this search index=level3 host=Test \| chart count over "Opened" by "Assignment group" I am getting the de... by surekhasplunk Communicator in Splunk Search 09-29-2016 0 2	0	2
Stats count with lookups Hello, I have to get the individual count of three lookups A,B,C. How can I show the count of each lookup n Dashboar... by kiran331 Builder in Splunk Search 09-29-2016 1 1	1	1