Splunk Search

Community Activity

chart time based Hi , I want a chart exactly like the image attached. My data is input lookup csv file . My time filed name is "Ope... by surekhasplunk Communicator in Splunk Search 09-30-2016 1 4	1	4
pie chart color with eval condition Am using query "index=level3 host=Test \| stats count by Age \| sort Age" and visualizing it in a pie chart. Now my r... by surekhasplunk Communicator in Splunk Search 09-30-2016 0 1	0	1
Why was the maximum number of real time concurrent searches not increased? Hi fellow splunkers, I have multiple search heads on which I want to increase the maximum number of (historical and)... by DonaldvdHoogenb Path Finder in Splunk Search 09-30-2016 0 2	0	2
groupby and ends with value andcount I have one field with values xyz_onprem abc_onprem gghf_onprem abc_aws gfd_aws I want to see the count of values end... by chvnc Explorer in Splunk Search 09-30-2016 0 2	0	2
What is the rex command to extract the last value from a source field? Hi .. I need to extract back123 from the source field. pls provide the entire rex command needed to fetch back123 to ... by simona2121 Path Finder in Splunk Search 09-29-2016 0 7	0	7
How to display search DEBUG messages in Job Inspector UI? Looking to how to enable the message block starting with "The following messages were returned by the search subsyste... by tsunamii Path Finder in Splunk Search 09-29-2016 3 4	3	4
How to develop a table based on my CSV log format? I have the following log format and I'm trying to create a table that will have the following format: "Device","Obje... by balleste Engager in Splunk Search 09-29-2016 0 2	0	2
AND \| OR Rex field Hello. I have a few servers: a,b,c and 1,2,3 Servers a,b,c work with this - base search \| rex field=cs_uri_stem "... by patelpin New Member in Splunk Search 09-29-2016 0 6	0	6
Making a where statement that checks run time? I have this query index=nitro_prod earliest=-30d ESK** (job_class=* OR NOT job_class=) compl_code= \| fields app_... by JoshuaJohn Contributor in Splunk Search 09-29-2016 0 1	0	1
Lookup of DNS from proxy logs to enrich firewall traffic search I'm looking to enrich a search of firewall IP data with DNS host data from proxy logs. To be clear, I don't want to d... by alandeandrea Explorer in Splunk Search 09-29-2016 0 4	0	4
How to rename multiple fields in a chart? When i run the following query, my legend has the values as values(fieldname): index=main source=daily_report sourc... by zhatsispgx Path Finder in Splunk Search 09-29-2016 0 3	0	3
How can I end a long running search job using the Splunk API? If I make a POST request to "services/search/jobs", it will return a job-id. Let's say the job is taking too long, an... by bensonqiu Engager in Splunk Search 09-29-2016 0 1	0	1
How to get a count of daily active users in the last 3 days? Hi All, I'm new to Splunk and new to get a count of the daily active users in the last 3 days. Users in our system a... by rob9mcneil9 Engager in Splunk Search 09-29-2016 0 2	0	2
Search generated too much data... Has anyone run into this message? "Search generated too much data for the current display configuration, results hav... by terryloar Path Finder in Splunk Search 09-29-2016 2 4	2	4
How to consolidate events into one event by using a multi-value field to lookup values? Trying to take a multi-value field using that to lookup values then placing the return information into the correct f... by jdschmitz New Member in Splunk Search 09-29-2016 0 1	0	1
How to increase truncation limit to display all results in a chart? Hello Splunkers, These results may be truncated. This visualization is configured to display a maximum of 1000 resul... by lbogle Contributor in Splunk Search 09-29-2016 4 10	4	10
How to prevent my timechart search results from being truncated to display all data points? I am attempting to generate an area chart for the past 15 days using the following search: index=test sourcetype=abc... by avisram Path Finder in Splunk Search 09-29-2016 3 3	3	3
Undocumented Search Operator TERM() It seems that the undocumented TERM() operator can give quite a performance boost to searches. E.g. I ran a search o... by my2ndhead SplunkTrust in Splunk Search 09-29-2016 5 5	5	5
How to modify my search to get result shown in a visualization chart? Am using this search index=level3 host=Test \| chart count over "Opened" by "Assignment group" I am getting the de... by surekhasplunk Communicator in Splunk Search 09-29-2016 0 2	0	2
Stats count with lookups Hello, I have to get the individual count of three lookups A,B,C. How can I show the count of each lookup n Dashboar... by kiran331 Builder in Splunk Search 09-29-2016 1 1	1	1
How to modify my search to find IP addresses that hit exactly one URL? I'm trying to find IP addresses that hit a specific url and no other. I tried to use set diff but it's not returning ... by sfrazer Explorer in Splunk Search 09-29-2016 0 4	0	4
How to assign index of an app to another. Hi, I have an app called ngcdn and an index (we_accesslog_extsqu) for that app which is looking to a directory. Now ... by KarunK Contributor in Splunk Search 09-29-2016 1 3	1	3
How to merge a search result with multiple fields and a dbquery with multiple columns matching on one (or more) fields or columns? I have a table in Oracle that monitors user logins to web apps. When a user accesses the webpage, I see the following... by rrax619 Engager in Splunk Search 09-29-2016 0 2	0	2
How to combine multiple transactions and still see the events grouped by transaction? I've created two transaction types, one named mail that finds all of the postfix events with the same queue_id; and s... by swimboy New Member in Splunk Search 09-29-2016 0 2	0	2
I'm trying to find the top 50 email senders. Is my search correct? index=mail sourcetype="symantec:mail:syslog" sender "ML-DELIVERY" \| stats values(sender) as sender by msg_id \| events... by seetharamanPr New Member in Splunk Search 09-29-2016 0 3	0	3