Splunk Search

Community Activity

DoD CAC enable for Splunk Web Splunk Support, As a DoD entity we are required to have Web applications, including Splunk, to be DoD CAC enabled fo... by gjackson3 Engager in Splunk Search 10-03-2016 3 10	3	10
How would I count by a most recent event value? The value that I need to count can be in multiple events. I just want to count it one time, but it will need to be th... by splunkingjh Engager in Splunk Search 10-03-2016 0 4	0	4
Any way to use _time with a bubble or scatter chart? I need to show changes of a numeric state over time, of multiple series. Several state changes may happen very quickl... by vbumgarner Contributor in Splunk Search 10-03-2016 3 10	3	10
Search and display surrounding context Hi, I am able to perform a search of some logs, but I would like to see the context surrounding a specific event. ... by d3vino Engager in Splunk Search 10-03-2016 4 5	4	5
Why does the subsearch example in the Splunk Search Tutorial seems to repeat itself? I'm stepping through the main Splunk Search Tutorial. I'm at the "subsearch" section: https://docs.splunk.com/Docume... by davidmichaelkar New Member in Splunk Search 10-03-2016 0 2	0	2
inputlook up query I have an xls input lookup, I'm trying to find members in inputlook in my source type. Thanks eg file - with attrib... by msachdeva3 Explorer in Splunk Search 10-03-2016 0 1	0	1
How do I prevent my chart results from being truncated? Hello all, I've seen a few similar discussions, but neither solution works for me - sorry for raising this again. I... by akazarov Path Finder in Splunk Search 10-03-2016 1 3	1	3
Timechart: How to sum up all earlier values? Hi, I want to create a timechart that shows the sum of all ealier values from another timechart. As an example, I ha... by f_d Engager in Splunk Search 10-03-2016 0 2	0	2
How to search for and extract Email IDs with dot trend patterns? I would like to know whether there is any possibility of extracting or getting the Email IDs with dot trend patterns.... by kamaleshwar Explorer in Splunk Search 10-02-2016 0 14	0	14
how to calculate the results of a particular search in terms of MB or GB? I have a search string "xyz" now how can i calculate how much amount of date got generated with that particular searc... by pavanae Builder in Splunk Search 10-02-2016 0 1	0	1
Create search time custom fields It seems that it is best to create fields at search time as opposed to index time.!?!? I need to make a field named s... by brent_weaver Builder in Splunk Search 10-02-2016 0 1	0	1
Port scan search I am searching for a method to take the ip address port records from traffic coming from the internet onto our networ... by landen99 Motivator in Splunk Search 10-02-2016 0 5	0	5
How can I show lookups in the Stacked bar graph ? Hello, I have 6 lookups, I have to show the stacked bar graph of three types a,b,c with showing active and inactive ... by kiran331 Builder in Splunk Search 10-02-2016 0 3	0	3
How to develop a timechart by host with eval command? Hi, I have the below search to find the SLA of my application by host in the specific time span. But I don't know wh... by kualo Explorer in Splunk Search 10-01-2016 0 3	0	3
Need help with Dedup while extracting fields Base String is ----------------- OfferRedeemedRequest [partnerID=1234, partnerName=MCenter, messagePriority=9, userI... by arunsubram Explorer in Splunk Search 10-01-2016 0 1	0	1
Searching "%" with in a search string My logfile contains a rows like - ...........&pic=pic%231.pdf&description=....... ...........&pic=pic.pdf&descriptio... by runiyal Path Finder in Splunk Search 10-01-2016 0 5	0	5
How to edit my subsearch to look up a predefined field comprised of rex in my main search? My subsearch contains this predefined field, and I'm trying to use it to search my main search that gets the field us... by jjmel Explorer in Splunk Search 09-30-2016 0 2	0	2
How to pull data into Splunk from Simple Event Correlator (SEC)? All, We need to pull data from a platform called "SEC", Simple Event Correlator into Splunk. Any one familiar with... by daniel333 Builder in Splunk Search 09-30-2016 0 1	0	1
Why would data show up in _raw but not in search results after SEDCMD? Hi there, I have several multivalue fields that are sometimes uneven. To make up for this, I'm trying to use SEDCMD t... by danfein New Member in Splunk Search 09-30-2016 0 5	0	5
How to force all x-axis labels to display on a timechart? Hello. I am trying to create a dashboard with a simple timechart showing the number of log entries per day. I am int... by jeffland SplunkTrust in Splunk Search 09-30-2016 1 10	1	10
How to graph a (non-cumulative) total of fields? If I have a number of storage devices, each with a number of volumes, and every hour I am querying the used capacity ... by lee_melvin Path Finder in Splunk Search 09-30-2016 0 4	0	4
Is there a way to extract/show the first and last events in a transaction? I have a transaction query that returns groups of logs that are typically 5-10 events clumped together. The query us... by DEAD_BEEF Builder in Splunk Search 09-30-2016 1 8	1	8
Can I with one search, graph two different time chart spans? I have a simple search only to count the events per timelapse. I am trying to graph that in only one graph with two ... by omarlira Explorer in Splunk Search 09-30-2016 0 5	0	5
eval and coalesce return unicode list. How to separate each item into a new row? So when I run the following search, 'event_name' returns a list of all event_name values which match the coalesce(src... by zhatsispgx Path Finder in Splunk Search 09-30-2016 1 1	1	1
How to match my search with a lookup? Hi I want to match the search with lookup file. I have a lookup with host names. i have to match with windows data ... by kiran331 Builder in Splunk Search 09-30-2016 0 4	0	4