Splunk Search

Community Activity

How to incorporate metadata command in my lookup table to be able to view time offline? I have a few searches I have added a lookup table to. All of them work, but one. The one below uses metadata and I'... by chadman Path Finder in Splunk Search 09-26-2016 0 1	0	1
Calculate percentage of multiple values, different events I am trying to display the percentage of Total Modems against Total Modems on Card 0. The XML I am given unfortunate... by evan_roggenkamp Path Finder in Splunk Search 09-26-2016 0 2	0	2
How do I modify this regular expression syntax? I have a field with value like this (R14760) 16.5.2 - FRI, 27 MAY 2016 13:46:07 EDT I want to extract 16.5.2 into a ... by msachdeva3 Explorer in Splunk Search 09-26-2016 0 1	0	1
What does the "percent" column of top limit search represents? This is a pretty basic question but seems like something is amiss with the result I am getting. My search is as follo... by christopheryu Communicator in Splunk Search 09-26-2016 0 2	0	2
How to modify my search to calculate availability of multiple applications? I'm looking into creating equal availability across the board for different applications that are all being tested by... by MattLingwood Engager in Splunk Search 09-26-2016 0 8	0	8
How to convert time from file to timestamp Hello I have a extracted field from the raw data including time data like: 16.09.23;11:05:11:652 Now I want to con... by tgdvopab Path Finder in Splunk Search 09-26-2016 0 1	0	1
Set earliest and latest using a variable depending on the current day Hey, I want to display the results on a table. it works depending on the timeRange picker when I want it to display ... by sweetlile Explorer in Splunk Search 09-26-2016 0 3	0	3
merge two events which have different fields but they have the same values Hello, i have the following logs ( 4 events): 1) Sep 21 15:36:11 test.infra : Info: Start UID 306825245 ICID 1112... by sieutruc Contributor in Splunk Search 09-26-2016 0 22	0	22
How to extract fields with differing lengths from cs-uri-stem entries? Hello, I am trying to pull certain criteria out of cs-uri-stem that contain different lengths for cs-uri-stem. I am ... by patelpin New Member in Splunk Search 09-26-2016 0 2	0	2
Exclude an Event Based on Value From Another Event Hi All, I have a set of log that contains events something similar to this: Event A [09-23-16 16:03:35:972] Transac... by jepoyyyy Explorer in Splunk Search 09-26-2016 0 4	0	4
Parsing at search time variable white spaces Hello, I am new in Splunk parsing and I am facing some problems with this. I am trying to parse, at Search Time, a ... by FrancoiseMathy New Member in Splunk Search 09-26-2016 0 2	0	2
JOIN two table using time as a common key from tow different searches Hi , I have two searches withing same index but different sources and sourcetypes index=XXX source=XXX \|XMLKV \|sear... by deepthi5 Path Finder in Splunk Search 09-26-2016 0 1	0	1
How to use Timechart count by a subsearch field Hello, I'm trying to use "timechart count by" a field from a subsearch. Bellow, my query that is not working. inde... by rafasalo Engager in Splunk Search 09-26-2016 0 11	0	11
Help with Auditing the Auditors? (How can i identify from a list what matches aren't met?) I have a requirement to check to see if our auditors have run specific dashboards every week. I would like to build ... by voninski New Member in Splunk Search 09-25-2016 0 3	0	3
Tweaking a timechart Hi, I have a 20 servers that belong to cluster A (servers 1-10) and cluster B (servers 11-20). My requirement is as... by namritha Path Finder in Splunk Search 09-25-2016 0 4	0	4
Categorise overlapping events Hi, I have a certain field extracted from my events called "Error_description". They are as follows. Error_Descript... by namritha Path Finder in Splunk Search 09-25-2016 0 3	0	3
Compare values of two fields from different field value Hi All, This is a ticket data. I have a field called "Team" having 2 values "SAP" and "Non-SAP" and the respective t... by pgadhari Builder in Splunk Search 09-25-2016 0 4	0	4
Search to only include Business Hours and Exclude weekends Hi All I am trying to generate a search that only includes Business hours and also excludes weekends. I have tried a... by wellsajs Explorer in Splunk Search 09-24-2016 2 7	2	7
How to search for transactions with an ordered sequence, BUT with non-specific events in the middle? We have several problems that we weren't able to resolve with Splunk's SPL. Problems are listed below. Any suggestion... by mikenagra Explorer in Splunk Search 09-23-2016 1 7	1	7
How to generate a search for users that have clicked or visited a URL, how many times, and display results in a table? How to search for users that have clicked/visited a url, how many times, and display results in a table with two colu... by SplunkHe4d New Member in Splunk Search 09-23-2016 0 2	0	2
How to select distinct rows from a lookup table? How to select only distinct rows from the lookup table? I am selecting student details but I have duplicates in the l... by kdoma Explorer in Splunk Search 09-23-2016 0 2	0	2
Issue with strptime Hey guys, So I've used strptime before but for some reason this isn't working properly. I have a column with differe... by singhh4 Path Finder in Splunk Search 09-23-2016 0 6	0	6
Query to display average cpu usage for all splunk search heads & indexers I'm building reporting for capacity planning to improve the performance across our splunk environment. During my com... by jward6004 Explorer in Splunk Search 09-23-2016 0 2	0	2
How to subtract 30 minutes from now() using eval I would like to know how to subtract 30 minutes from the call to the now() function and set the value of a field call... by adoshi Explorer in Splunk Search 09-23-2016 2 7	2	7
Best approach for using a sub-search to compare time frames I am looking for the most efficient way to do a sub search to see if vulnerabilities still exist now vs 90 days. Cu... by trevorQmulos New Member in Splunk Search 09-23-2016 0 14	0	14