Splunk Search

Community Activity

Set earliest and latest using a variable depending on the current day Hey, I want to display the results on a table. it works depending on the timeRange picker when I want it to display ... by sweetlile Explorer in Splunk Search 09-26-2016 0 3	0	3
merge two events which have different fields but they have the same values Hello, i have the following logs ( 4 events): 1) Sep 21 15:36:11 test.infra : Info: Start UID 306825245 ICID 1112... by sieutruc Contributor in Splunk Search 09-26-2016 0 22	0	22
How to extract fields with differing lengths from cs-uri-stem entries? Hello, I am trying to pull certain criteria out of cs-uri-stem that contain different lengths for cs-uri-stem. I am ... by patelpin New Member in Splunk Search 09-26-2016 0 2	0	2
Exclude an Event Based on Value From Another Event Hi All, I have a set of log that contains events something similar to this: Event A [09-23-16 16:03:35:972] Transac... by jepoyyyy Explorer in Splunk Search 09-26-2016 0 4	0	4
Parsing at search time variable white spaces Hello, I am new in Splunk parsing and I am facing some problems with this. I am trying to parse, at Search Time, a ... by FrancoiseMathy New Member in Splunk Search 09-26-2016 0 2	0	2
JOIN two table using time as a common key from tow different searches Hi , I have two searches withing same index but different sources and sourcetypes index=XXX source=XXX \|XMLKV \|sear... by deepthi5 Path Finder in Splunk Search 09-26-2016 0 1	0	1
How to use Timechart count by a subsearch field Hello, I'm trying to use "timechart count by" a field from a subsearch. Bellow, my query that is not working. inde... by rafasalo Engager in Splunk Search 09-26-2016 0 11	0	11
Help with Auditing the Auditors? (How can i identify from a list what matches aren't met?) I have a requirement to check to see if our auditors have run specific dashboards every week. I would like to build ... by voninski New Member in Splunk Search 09-25-2016 0 3	0	3
Tweaking a timechart Hi, I have a 20 servers that belong to cluster A (servers 1-10) and cluster B (servers 11-20). My requirement is as... by namritha Path Finder in Splunk Search 09-25-2016 0 4	0	4
Categorise overlapping events Hi, I have a certain field extracted from my events called "Error_description". They are as follows. Error_Descript... by namritha Path Finder in Splunk Search 09-25-2016 0 3	0	3
Compare values of two fields from different field value Hi All, This is a ticket data. I have a field called "Team" having 2 values "SAP" and "Non-SAP" and the respective t... by pgadhari Builder in Splunk Search 09-25-2016 0 4	0	4
Search to only include Business Hours and Exclude weekends Hi All I am trying to generate a search that only includes Business hours and also excludes weekends. I have tried a... by wellsajs Explorer in Splunk Search 09-24-2016 2 7	2	7
How to search for transactions with an ordered sequence, BUT with non-specific events in the middle? We have several problems that we weren't able to resolve with Splunk's SPL. Problems are listed below. Any suggestion... by mikenagra Explorer in Splunk Search 09-23-2016 1 7	1	7
How to generate a search for users that have clicked or visited a URL, how many times, and display results in a table? How to search for users that have clicked/visited a url, how many times, and display results in a table with two colu... by SplunkHe4d New Member in Splunk Search 09-23-2016 0 2	0	2
How to select distinct rows from a lookup table? How to select only distinct rows from the lookup table? I am selecting student details but I have duplicates in the l... by kdoma Explorer in Splunk Search 09-23-2016 0 2	0	2
Issue with strptime Hey guys, So I've used strptime before but for some reason this isn't working properly. I have a column with differe... by singhh4 Path Finder in Splunk Search 09-23-2016 0 6	0	6
Query to display average cpu usage for all splunk search heads & indexers I'm building reporting for capacity planning to improve the performance across our splunk environment. During my com... by jward6004 Explorer in Splunk Search 09-23-2016 0 2	0	2
How to subtract 30 minutes from now() using eval I would like to know how to subtract 30 minutes from the call to the now() function and set the value of a field call... by adoshi Explorer in Splunk Search 09-23-2016 2 7	2	7
Best approach for using a sub-search to compare time frames I am looking for the most efficient way to do a sub search to see if vulnerabilities still exist now vs 90 days. Cu... by trevorQmulos New Member in Splunk Search 09-23-2016 0 14	0	14
Field extraction I am trying to extract the field starting with C ending with I from following strings. Can anyone pls suggest the ap... by Navanitha Path Finder in Splunk Search 09-23-2016 0 6	0	6
Clarification regarding search command and stats command Hey everyone, I'm confused about what the second command in my search does. Here is the whole search: \| useraccount... by Justin1224 Communicator in Splunk Search 09-23-2016 0 2	0	2
find the duplicate files from particular source in splunk search query Hello All, I need to find from particular source how many we have duplicate files in last 7 days. I have used thi... by snehalk Communicator in Splunk Search 09-23-2016 1 9	1	9
Why does my search with "stats count" return more events than the actual events present? Stats count returns nine events for Points-1 & 2. But as shown in the point-3 below, the actual events count is three... by email2vamsi Explorer in Splunk Search 09-23-2016 1 8	1	8
How to split the following status="Deny" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name="" user_gp="" iap=0 Hi All, I have the following search result, but how to split it in a nice view e.g. like row names and values. Sep ... by rolfiee New Member in Splunk Search 09-23-2016 0 1	0	1
Rex for Source My source filed has value such as, /Folder1/Folder2/Folder3/Folder4/Folder5/LoadABCDEF_20160921.log I would like t... by priyankamundarg Explorer in Splunk Search 09-23-2016 0 16	0	16