Splunk Search

Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
mfietz

Multiple stats for multiple key-values with a common prefix

We have log entries with multiple key-value pairs. All of the keys I'm interested in have a common prefix and all of ...
by mfietz New Member in Splunk Search 09-22-2016
0 3
0
3
torustad

What does yellow boxes/triangles in the search-app and panels with the text "Eventtype 'wineventlog-dns' does not exist or is disabled" (ditto for 'wineventlog-ds') mean?

Hi all, We have the following setup: Splunk Enterprise Server 6.4.1 Windows2008R2, 16 GB Physical Memory, 4 CPU Cor...
by torustad Path Finder in Splunk Search 09-22-2016
2 6
2
6
kuja

Why would a command via CLI that exports to a CSV re-order the columns? Looks like the columns get re-ordered alphanumerically.

Splunk Web search ran: sourcetype=vmstat |head 10| table _time source sourcetype mem_free OUTPUT is as listed abov...
by kuja Splunk Employee Splunk Employee in Splunk Search 09-22-2016
1 3
1
3
gowthamkb

How to join customer ID data from different sources and create a time-based report where x-axis is total time and y-axis is total events?

I want to correlate data from 2 sources. First data source contains store_events (source1=store_events) and second so...
by gowthamkb Explorer in Splunk Search 09-22-2016
1 6
1
6
jambraun

How to use rex command to extract value from the end of an event?

I know this type of question has been asked many times before, but I haven't been able to get results from using REX....
by jambraun Explorer in Splunk Search 09-22-2016
0 4
0
4
changux

How to consolidate events that have an ID field with different names across multiple sourcetypes?

Hi all. I have almost 20 different sourcetypes. Field names in sourcetypes are different and I don't have the same i...
by changux Builder in Splunk Search 09-22-2016
1 3
1
3
andynieto

How to add up the hourly number of transactions per day, and create a chart to show the total per day over X days?

Hello community, So I'm looking for some help here on how to build a search that will add up the total number of tra...
by andynieto Engager in Splunk Search 09-22-2016
1 1
1
1
prathikpisplunk

Is a JOIN clause in SQL equal to an OR operator in Splunk?

SQL JOIN clause gets intersection of two tables. In Splunk search, if I use OR on two different sources, I am not g...
by prathikpisplunk Explorer in Splunk Search 09-22-2016
0 6
0
6
phil_dupree

dedup with total counts

I have been tasked with building a dashboard which shows the total number of transactions today for each server. I c...
by phil_dupree New Member in Splunk Search 09-22-2016
0 3
0
3
christopheryu

How to count the number of times an event in one sourcetype is occuring in another sourcetype?

I have two sourcetypes, TICKET_OPENED & TICKET_ACTIVITY, both of which have a common field TICKET_NUMBER. I am able t...
by christopheryu Communicator in Splunk Search 09-22-2016
0 12
0
12
dbcase

Timechart, last value is always 0

Hi, I have this query index=os sourcetype=vmstat OR sourcetype=cpu OR sourcetype=df host=betamax-admin Filesyst...
by dbcase Motivator in Splunk Search 09-22-2016
1 2
1
2
srikanth1213

What search string can I use to find a list of indexers, their source, and sourcetype?

Can someone help me with a Splunk search string to find list of indexers, their source and sourcetype?
by srikanth1213 Path Finder in Splunk Search 09-22-2016
0 3
0
3
AverageMale

How can I join two searches on a common field?

This is my sample logs in [bowlers]: "doYouBowl":"YES", "pin":"123", "name":"Billy" "doYouBowl":"NO", "pin":"456", ...
by AverageMale Engager in Splunk Search 09-22-2016
0 7
0
7
j4adam

Why isn't calculated field working when trying to override an extracted value into a Network Resolution (DNS) data model's expected field?

Hi all, I have some MSAD:NT6:DNS logs I'm trying to massage into the Network Resolution data model. I have a field e...
by j4adam Communicator in Splunk Search 09-22-2016
1 5
1
5
kiran331

What regular expression should I use to eliminate a character in the field value?

Hi What Regex do I have to use to eliminate a character in the field value? eg: G0:1K:BF:04:12:2C expected: G01KBF...
by kiran331 Builder in Splunk Search 09-22-2016
0 3
0
3
friscos

How to include Field Extraction name in Splunk search?

Hi, I have extracted a transaction id using field extraction. Field Extraction Name: BANK_APPLOG : EXTRACT-TransID...
by friscos Explorer in Splunk Search 09-22-2016
0 4
0
4
gokool2u

Split graph based on two conditions of same field

Hi Splunkers, I want a graph that contains two columns, one should represent data for 1st half and 2nd half of a yea...
by gokool2u Explorer in Splunk Search 09-22-2016
0 1
0
1
changux

Field delimitation using character position

Hi all. I have some log files like this: 265964455 00000000000000028000000002Fuerza R 1 00000...
by changux Builder in Splunk Search 09-22-2016
0 13
0
13
natefly5

Comparing two time periods with the diff command, how to display only new errors from the last 24 hours that have NOT happened in the last 7 days?

I am trying to display errors from the last 24 hours that have NOT happened in the last 7 days. I only want to see th...
by natefly5 Explorer in Splunk Search 09-22-2016
2 7
2
7
gokool2u

How to combine two charts?

I have made two charts based on two different search queries. One is a column chart and another one is a line chart....
by gokool2u Explorer in Splunk Search 09-22-2016
0 2
0
2
pasokkum

Read only fieldset

I am using drilldown in dashboard.. It will redirect to the new view with selected parameters.. I want the input fiel...
by pasokkum Path Finder in Splunk Search 09-22-2016
0 1
0
1
JeremyHagan

Splunk maxing out at 11 realtime searches despit having 16 CPUs

Hi, I have a single-server instance of Splunk with 16 cores. According to my research the maximum number of realtime...
by JeremyHagan Communicator in Splunk Search 09-21-2016
0 17
0
17
Alan_Bradley

How do I pipe splunk query output to a file?

How do I take output (say . . . "View Sources") and pipe it to a file?
by Alan_Bradley Path Finder in Splunk Search 09-21-2016
3 4
3
4
bhaskardaivala

How to create an alert to trigger a happy birthday email based on a date field in a CSV file?

Hello all I have data in a CSV file like: Name. dob gender Xxx 02/08/1995 m Abc 12/0...
by bhaskardaivala New Member in Splunk Search 09-21-2016
0 2
0
2
adtetech

How do I create a dashboard to show count roll up by location and billing system?

Planning to create a dashboard from the information as below. Can we see count roll up by location and billing system...
by adtetech Explorer in Splunk Search 09-21-2016
0 2
0
2
Claim a $25 Cisco Store Gift Card
Help us improve the Splunk Community and complete our survey today!
Top Labels
Get Updates on the Splunk Community!

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Hi friends!    At Splunk, your product success is our top priority. With Enterprise Security (ES), we're here ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk, and empower your SOC to reach new heights! Duration: 1 hour  Prepare to ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...