Splunk Search

Community Activity

Do users need some capability to use search commands based on Python scripts like xmlkv? We have users with somewhat limited capabilities using custom search home apps. They are able to search the data they... by ivarny Path Finder in Splunk Search 09-20-2016 0 5	0	5
Splunk to capture data rather than receive hi all, I am working on a PCI environment and need to get audit logs from Linux RHEL machines into Splunk. LAN Segm... by rb51 Explorer in Splunk Search 09-20-2016 0 2	0	2
Compare date in search I have events containing field "Agent_Local_Time="9/19/2016 1:36:19 PM", I use EVAL to format the time "eval final_ti... by twtyj New Member in Splunk Search 09-19-2016 0 2	0	2
How can I edit my search so if my subsearch returns no results, my main search returns all events from index="test"? index="test" [search index="test_summary" key_field="y" \| head 1 \| eval search = "_time>" . _time \| fields search] \|... by rmuraly Explorer in Splunk Search 09-19-2016 0 2	0	2
What is the meaning of my regular expression? Hi, I used splunk to extract a new field and it has used this regular expression, rex "^(?:[^\\|\n]*\\|){6}(?P<error... by namritha Path Finder in Splunk Search 09-19-2016 0 6	0	6
How to add a clientip field to data sources for the iplocation command? I have a general question and I am more of a power user than admin level here (but I'm in the process of becoming one... by brian1_tate Path Finder in Splunk Search 09-19-2016 0 2	0	2
Why is my tstats including other counts? Hi, I am querying an accelerated data model for active directory, using the search below. However, the results are ... by a212830 Champion in Splunk Search 09-19-2016 0 3	0	3
How to exclude events with null fields in a search? Hello Splunkers, I've got a search built thats working properly but I'm not able to get the events with a particular ... by lbogle Contributor in Splunk Search 09-19-2016 10 8	10	8
How to search multiple sources within my search? How do I search multiple source files within my search? I want to do something like: source="/foo/bar/2016/09/{08,15... by andreacorrie Explorer in Splunk Search 09-19-2016 0 8	0	8
Is there an easy way to create a drilldown for an area chart? I have a dashboard panel that shows the sum of outbound data where I want to click on a value and display the raw eve... by pgort New Member in Splunk Search 09-19-2016 0 3	0	3
Extracting Fields from Structured HL7 Data I am trying to figure out how to extract structured data from an HL7 2.x message The entire message is wrapped in a... by dmbreton New Member in Splunk Search 09-19-2016 0 3	0	3
Graph the same time period but from 1 week previous Hi, I have a query that looks like this <chart depends="$tableurlerror$"> <title>URL Errors by Host Detail... by dbcase Motivator in Splunk Search 09-19-2016 0 12	0	12
Extra conditional search based on eval result Hi, I've a periodic anomaly detection search (alert) query that results like this in inline mail result table; AVER... by ozirus Path Finder in Splunk Search 09-19-2016 0 3	0	3
Why can't I get my search results to sort properly? Hi, I have this search index=main \| rex "(?i)\".*? /(?P<URL_HEADER>\w+/\w+)"\| rex "(?i) UCT\-(?P<URL_MICRO_SECONDS>... by dbcase Motivator in Splunk Search 09-19-2016 0 2	0	2
How to create a single value panel that changes based on weighted values? I want to create a single value panel that starts at 100, and when a specific alert goes off with an assigned weight,... by JoshuaJohn Contributor in Splunk Search 09-19-2016 0 15	0	15
Is there a way in splunk to get the Custom sql query execution time ? I am writing a custom sql dbxquery. When this custom query executes I want to know when it gets started and when its ... by JBNB007 New Member in Splunk Search 09-19-2016 0 1	0	1
How can I improve my active directory data search so that it does not take a long time to load? Hi, I have a search that is taking waaaaaaaaayyyyyyyyy too long and am looking for idea on how to improve it, be it ... by a212830 Champion in Splunk Search 09-19-2016 0 2	0	2
How to count events that are common or existing among multiple sourcetypes? Seeking help of Splunk Gurus. I have three sourcetypes : TICKET_OPENED, TICKET_ACTIVITY & TICKET_CLOSED. A common fi... by christopheryu Communicator in Splunk Search 09-19-2016 0 6	0	6
Getting the time that maximum count occurs every hour I have a search that finds the maximum number of events that occur in a single second on any given hour during the da... by klodian90 New Member in Splunk Search 09-19-2016 0 1	0	1
Variable earliest and latest? Hey, This forum has been so very helpful... I really cannot thank the posters here enough! However, I have a quest... by stevensa Explorer in Splunk Search 09-19-2016 3 4	3	4
subtract previous results with current result Hi All, I have a result which shows the total user directory count for every 1hr, but I want to how many user got cr... by kpavan Path Finder in Splunk Search 09-19-2016 1 4	1	4
Can't use rex extracted value in new search because value isn't an extracted field Hi all, I've written the following query: sourcetype=mysourcetype DA-bericht [search sourcetype=mysourcetype "Beri... by Whistler Engager in Splunk Search 09-19-2016 0 6	0	6
How to fix my time-based lookup? Hi at all, I'm trying to use time based lookups and I found the following problem: I created a Time Based Lookup and ... by gcusello SplunkTrust in Splunk Search 09-19-2016 0 2	0	2
Show a result even if no events match As part of a larger project, one of the things we want to do is to let the user build tables with one search criteria... by DaleFRice Explorer in Splunk Search 09-18-2016 2 5	2	5
How to compare two counts from a single stats search, and alert if there is a large difference between the results? I have searched a lot and haven't found a straight answer to this, yet. I want to create an alert on spikes of load ... by Xarian Explorer in Splunk Search 09-18-2016 0 4	0	4