Splunk Search

Community Activity

How do i get a list of all these concurrent searches? I am trying to setup a summary and schedule it to run daily at 03.05a.m. as a cron job. But I get this error Your max... by HattrickNZ Motivator in Splunk Search 10-05-2016 0 2	0	2
How to extract fields from XML data at search-time? I have a .log file that I need to analyse using Splunk. The structure of the log data is as below <root> <ns0:Lo... by yostwal_synechr New Member in Splunk Search 10-05-2016 0 10	0	10
Concurrent users per time bucket from transactions The objective is take events that indicate user activity, breakdown the data into segments of time, and then figure o... by rjthibod Champion in Splunk Search 10-05-2016 1 17	1	17
Issue with JSON event break regex I've been asked to ingest some JSON logs for auditing purposes but I can't get the event breaking right. I'm pretty ... by stepheneardley Path Finder in Splunk Search 10-05-2016 0 12	0	12
How do I my get one search to populate multiple panels in a dashboard? So I saw the documentation for global searches, but for the life of me, I can't get it to work. As you can see, each... by adepasquale Path Finder in Splunk Search 10-05-2016 0 5	0	5
Data not coming in JSON format from Splunk Javascript sdk I am querying Splunk using javascript SDK. In the searchParams, i have given the output mode as "json_rows". var sea... by tikoonikhil Explorer in Splunk Search 10-05-2016 0 1	0	1
How to extract a particular field from a URI in Splunk? My data is coming like below in splunk method=PUT uri=/AppA/USA/comp1/Refrence/20160120A123456/price query= httpstat... by jagdeepgupta813 Explorer in Splunk Search 10-04-2016 0 4	0	4
REX SED Help, need to replace namespaces from xml field Hi, I have a xml field which holds values like below. It contains namespaces for each element which I want to remove... by somesoni2 Revered Legend in Splunk Search 10-04-2016 1 6	1	6
How to create a table using dedup to show one entry for each application name and create a multivalue field? I have events that include an application name field and a uservalue field. When i table the data by application an... by stuart338 New Member in Splunk Search 10-04-2016 0 2	0	2
Reformat Date represented by string One of the fields of my data is a date, represented as a string like 20120215. I need to reformat this date to m/d/y... by atornes Path Finder in Splunk Search 10-04-2016 0 2	0	2
Querying a Real Time search I am trying to make an external dashboard for splunk that needs to be real time. At the moment, all we can do is make... by atreece Path Finder in Splunk Search 10-04-2016 0 11	0	11
How can we re-direct the URL in a new blank page using re-direct function ?? Hi All, I am using the following code snippnet in my HTML dashboard to re-direct the page to the defined URL on clic... by rakesh_498115 Motivator in Splunk Search 10-04-2016 0 2	0	2
adding descriptive text to a chart on a dashboard Can I add descriptive text to a chart on a dashboard. If yes - how. The only way I can get this work is by adding a... by mcbradford Contributor in Splunk Search 10-04-2016 4 7	4	7
Regex for multi-value field in which some values are listed and then aren't I am trying to create a regex for a multivalue field (Message) in which some values are listed and sometimes aren't l... by jwalzerpitt Influencer in Splunk Search 10-04-2016 0 7	0	7
Question regarding my search string Hi, here is my search string: \| rest splunk_server=local count=0 /services/alerts/correlationsearches \| fields title... by Justin1224 Communicator in Splunk Search 10-04-2016 0 9	0	9
Advanced queries: Group by with conditions. Summarizing values. Hi, I'm a novice to more advanced Splunk usage, but I understand that a lot is possible. Here is an example of a lo... by splunkent2 New Member in Splunk Search 10-04-2016 0 1	0	1
What is the "acl_tag" field that appears under Interesting Fields in the fields sidebar? Dear All, Splunk shows acl_tag in search and it was in Interesting Fields. As I'm new to Splunk, I want to know abou... by Vettaiyan New Member in Splunk Search 10-04-2016 0 1	0	1
mvzip with fillnull for converting json to table Hi, I want to convert a json file to table format.. JSON structure is "Settings": {<!-- --> "Employee": [ {<!-- --> ... by pasokkum Path Finder in Splunk Search 10-04-2016 0 1	0	1
These results may be truncated. This visualization is configured to display a maximum of 1000 results per series, and that limit has been reached Hi, I have results about 3333 rows. when am generating the query as sourcetype="Churn Data_CSV" \| table Churn "tota... by SanthoshSreshta Contributor in Splunk Search 10-04-2016 1 5	1	5
Does tstats always specify a datamodel? Basically my problem is that I'm switching Splunk queries that I have into queries for a different search language. I... by Justin1224 Communicator in Splunk Search 10-04-2016 0 6	0	6
What are manifest files used for in Splunk home directory? splunk-6.1.4-233537-darwin-64-manifest These files only list out the directory of Splunk. When upgrading from versio... by ben_leung Builder in Splunk Search 10-04-2016 0 3	0	3
Search Advanced Nested query many line Hello, I have lot of line with expression like this : code=1 executionTime=n ident=XXX and lot of line with expre... by mclane1 Path Finder in Splunk Search 10-03-2016 0 5	0	5
Is there a way to list all the available REST endpoints via search query ? When I search for : \| rest /services/server it lists below endpoints available for server: https://127.0.0.1:8089... by splunker12er Motivator in Splunk Search 10-03-2016 1 4	1	4
Why does Splunk auto fillnull my timechart? Did this change occur recently? Why would timechart auto fillnull my field in a timechart? Example: index=main \| ti... by the_wolverine Champion in Splunk Search 10-03-2016 0 7	0	7
How to include additional field from inputlookup in results? Currently i am populating my summary index with a list of malware listed ips with index=blah OR index=blah2 OR index... by sonicZ Contributor in Splunk Search 10-03-2016 2 5	2	5