Splunk Search

Community Activity

What does "stats sum(count) by" do? Hey, a really basic question, but I'm unsure of the answer. What does stats sum(count) by do? I'm fairly sure that t... by Justin1224 Communicator in Splunk Search 09-21-2016 0 4	0	4
How to edit this search to remove the time for maintenance windows using a CSV file? We've got a search that displays our web monitor logs, and would like to add a function that allows us to remove time... by banderson7 Communicator in Splunk Search 09-21-2016 0 6	0	6
How to use the result from one search in another search? I have a set of fields like Servername, type, Country, desc,_time. These fields have been indexed and I already have ... by sushmitha_mj Communicator in Splunk Search 09-21-2016 0 16	0	16
How to get a transaction command to work with a combination of indexTime and another field? Good Afternoon Splunk, I have a question about some data that I am trying to evaluate for the transaction command. B... by dmacgillivray Communicator in Splunk Search 09-21-2016 0 3	0	3
How do I formulate the rex command to remove unnecessary spaces in the middle of my field values? I have field values that are coming in with unnecessary spaces. I'm trying to remove them and from another post, I f... by tmaltizo Path Finder in Splunk Search 09-21-2016 1 4	1	4
show unique values from yesterday Hello, please help! I want to display only the unique names from yesterday that are not in today's list Initial sea... by splunkapprentic Explorer in Splunk Search 09-21-2016 0 6	0	6
How to check if new hosts get added to instance & get alerted? The number to hosts have increased in our instance & we want to check which ones are the new ones added. Also we want... by abhijit_mhatre Path Finder in Splunk Search 09-21-2016 0 3	0	3
How to list count of Error messages I have multiple error messages in the logs and I do count by ErrorMessage. The error messages gets listed as below. ... by AravindSridhara New Member in Splunk Search 09-21-2016 0 7	0	7
show value in case of no results found hello, I'm trying to do a stats count command and to show "0" (for single value chart) instead of N/A in case the que... by avivn Explorer in Splunk Search 09-21-2016 0 2	0	2
Searching the latest event quickly Hello I would like to check if my firewall rules are used or not. For that, I'm doing something like that : index=fi... by laberthelemy Engager in Splunk Search 09-21-2016 0 9	0	9
How to use drilldown and selection in the same chart at the same time? Hi, I'm trying to use both drilldown and selection in a timechart to limit the events shown in an events view (note ... by krdo Communicator in Splunk Search 09-20-2016 0 10	0	10
Searching the _introspection index, why are PerProcess events missing? Hi, While checking the introspection index, the search index=_introspection \| dedup component \| table component ret... by dvmrp New Member in Splunk Search 09-20-2016 0 2	0	2
How to revise my search in order to convert my cluster map into a choropleth map? Hi, I have a query that supplies IP address and a status code and I have created a cluster map from the results hos... by dbcase Motivator in Splunk Search 09-20-2016 0 2	0	2
How to edit my search to categorize User Agent by Mobile OS? Hello Splunk Masters, I'm working on a radial gauge that will show successful IIS requests. I need to be able to bui... by evanleair Explorer in Splunk Search 09-20-2016 1 1	1	1
Why don't I see the real time option in time range picker? I don't see the real time option in the time range picker. I do have queries to search in real time. by ankithreddy777 Contributor in Splunk Search 09-20-2016 0 4	0	4
How can I use rex to extract the time stamp of a used search? I am attempting to create a search that would pull information about search usage. I have an index generated off of t... by ECovell Path Finder in Splunk Search 09-20-2016 0 6	0	6
Need help normalizing a field's contents for display I'm extracting a piece of a filename to create a field using makemv and a rex command. The extracted field should be... by DaClyde Contributor in Splunk Search 09-20-2016 0 4	0	4
How can i search what all indexes are into splunk ESS app? please let me know via CLI or Splunkweb.? by rajksplunk New Member in Splunk Search 09-20-2016 0 4	0	4
How to edit my stats search to calculate a percentage based on a custom range? I have a search from web logs that I need to calculate a percentage based on a custom range. Search example: index... by justx001 Explorer in Splunk Search 09-20-2016 0 3	0	3
Can this query be written more efficiently? It's a query for a staked column chart. index=myCompIn source="/locatedin/mySrc.log" "Reply Back" "CAT-IN " "SOME ST... by dfexsplunk New Member in Splunk Search 09-20-2016 0 9	0	9
Can I get clarification on what my search string is doing? I have this search string, and I'm unsure of what some of it does. This is the search: \| inputlookup append=T malwar... by Justin1224 Communicator in Splunk Search 09-20-2016 0 6	0	6
Is there a way to limit how long real-time searches run? Hi, Is there a way to limit how long a real-time search can run? I have customers firing them up (legitimately) and... by a212830 Champion in Splunk Search 09-20-2016 0 4	0	4
Do users need some capability to use search commands based on Python scripts like xmlkv? We have users with somewhat limited capabilities using custom search home apps. They are able to search the data they... by ivarny Path Finder in Splunk Search 09-20-2016 0 5	0	5
Splunk to capture data rather than receive hi all, I am working on a PCI environment and need to get audit logs from Linux RHEL machines into Splunk. LAN Segm... by rb51 Explorer in Splunk Search 09-20-2016 0 2	0	2
Compare date in search I have events containing field "Agent_Local_Time="9/19/2016 1:36:19 PM", I use EVAL to format the time "eval final_ti... by twtyj New Member in Splunk Search 09-19-2016 0 2	0	2