Splunk Search

Community Activity

How to edit my search to categorize User Agent by Mobile OS? Hello Splunk Masters, I'm working on a radial gauge that will show successful IIS requests. I need to be able to bui... by evanleair Explorer in Splunk Search 09-20-2016 1 1	1	1
Why don't I see the real time option in time range picker? I don't see the real time option in the time range picker. I do have queries to search in real time. by ankithreddy777 Contributor in Splunk Search 09-20-2016 0 4	0	4
How can I use rex to extract the time stamp of a used search? I am attempting to create a search that would pull information about search usage. I have an index generated off of t... by ECovell Path Finder in Splunk Search 09-20-2016 0 6	0	6
Need help normalizing a field's contents for display I'm extracting a piece of a filename to create a field using makemv and a rex command. The extracted field should be... by DaClyde Contributor in Splunk Search 09-20-2016 0 4	0	4
How can i search what all indexes are into splunk ESS app? please let me know via CLI or Splunkweb.? by rajksplunk New Member in Splunk Search 09-20-2016 0 4	0	4
How to edit my stats search to calculate a percentage based on a custom range? I have a search from web logs that I need to calculate a percentage based on a custom range. Search example: index... by justx001 Explorer in Splunk Search 09-20-2016 0 3	0	3
Can this query be written more efficiently? It's a query for a staked column chart. index=myCompIn source="/locatedin/mySrc.log" "Reply Back" "CAT-IN " "SOME ST... by dfexsplunk New Member in Splunk Search 09-20-2016 0 9	0	9
Can I get clarification on what my search string is doing? I have this search string, and I'm unsure of what some of it does. This is the search: \| inputlookup append=T malwar... by Justin1224 Communicator in Splunk Search 09-20-2016 0 6	0	6
Is there a way to limit how long real-time searches run? Hi, Is there a way to limit how long a real-time search can run? I have customers firing them up (legitimately) and... by a212830 Champion in Splunk Search 09-20-2016 0 4	0	4
Do users need some capability to use search commands based on Python scripts like xmlkv? We have users with somewhat limited capabilities using custom search home apps. They are able to search the data they... by ivarny Path Finder in Splunk Search 09-20-2016 0 5	0	5
Splunk to capture data rather than receive hi all, I am working on a PCI environment and need to get audit logs from Linux RHEL machines into Splunk. LAN Segm... by rb51 Explorer in Splunk Search 09-20-2016 0 2	0	2
Compare date in search I have events containing field "Agent_Local_Time="9/19/2016 1:36:19 PM", I use EVAL to format the time "eval final_ti... by twtyj New Member in Splunk Search 09-19-2016 0 2	0	2
How can I edit my search so if my subsearch returns no results, my main search returns all events from index="test"? index="test" [search index="test_summary" key_field="y" \| head 1 \| eval search = "_time>" . _time \| fields search] \|... by rmuraly Explorer in Splunk Search 09-19-2016 0 2	0	2
What is the meaning of my regular expression? Hi, I used splunk to extract a new field and it has used this regular expression, rex "^(?:[^\\|\n]*\\|){6}(?P<error... by namritha Path Finder in Splunk Search 09-19-2016 0 6	0	6
How to add a clientip field to data sources for the iplocation command? I have a general question and I am more of a power user than admin level here (but I'm in the process of becoming one... by brian1_tate Path Finder in Splunk Search 09-19-2016 0 2	0	2
Why is my tstats including other counts? Hi, I am querying an accelerated data model for active directory, using the search below. However, the results are ... by a212830 Champion in Splunk Search 09-19-2016 0 3	0	3
How to exclude events with null fields in a search? Hello Splunkers, I've got a search built thats working properly but I'm not able to get the events with a particular ... by lbogle Contributor in Splunk Search 09-19-2016 10 8	10	8
How to search multiple sources within my search? How do I search multiple source files within my search? I want to do something like: source="/foo/bar/2016/09/{08,15... by andreacorrie Explorer in Splunk Search 09-19-2016 0 8	0	8
Is there an easy way to create a drilldown for an area chart? I have a dashboard panel that shows the sum of outbound data where I want to click on a value and display the raw eve... by pgort New Member in Splunk Search 09-19-2016 0 3	0	3
Extracting Fields from Structured HL7 Data I am trying to figure out how to extract structured data from an HL7 2.x message The entire message is wrapped in a... by dmbreton New Member in Splunk Search 09-19-2016 0 3	0	3
Graph the same time period but from 1 week previous Hi, I have a query that looks like this <chart depends="$tableurlerror$"> <title>URL Errors by Host Detail... by dbcase Motivator in Splunk Search 09-19-2016 0 12	0	12
Extra conditional search based on eval result Hi, I've a periodic anomaly detection search (alert) query that results like this in inline mail result table; AVER... by ozirus Path Finder in Splunk Search 09-19-2016 0 3	0	3
Why can't I get my search results to sort properly? Hi, I have this search index=main \| rex "(?i)\".*? /(?P<URL_HEADER>\w+/\w+)"\| rex "(?i) UCT\-(?P<URL_MICRO_SECONDS>... by dbcase Motivator in Splunk Search 09-19-2016 0 2	0	2
How to create a single value panel that changes based on weighted values? I want to create a single value panel that starts at 100, and when a specific alert goes off with an assigned weight,... by JoshuaJohn Contributor in Splunk Search 09-19-2016 0 15	0	15
Is there a way in splunk to get the Custom sql query execution time ? I am writing a custom sql dbxquery. When this custom query executes I want to know when it gets started and when its ... by JBNB007 New Member in Splunk Search 09-19-2016 0 1	0	1