Splunk Search

Community Activity

How to edit my stats search to calculate a percentage based on a custom range? I have a search from web logs that I need to calculate a percentage based on a custom range. Search example: index... by justx001 Explorer in Splunk Search 09-20-2016 0 3	0	3
Can this query be written more efficiently? It's a query for a staked column chart. index=myCompIn source="/locatedin/mySrc.log" "Reply Back" "CAT-IN " "SOME ST... by dfexsplunk New Member in Splunk Search 09-20-2016 0 9	0	9
Can I get clarification on what my search string is doing? I have this search string, and I'm unsure of what some of it does. This is the search: \| inputlookup append=T malwar... by Justin1224 Communicator in Splunk Search 09-20-2016 0 6	0	6
Is there a way to limit how long real-time searches run? Hi, Is there a way to limit how long a real-time search can run? I have customers firing them up (legitimately) and... by a212830 Champion in Splunk Search 09-20-2016 0 4	0	4
Do users need some capability to use search commands based on Python scripts like xmlkv? We have users with somewhat limited capabilities using custom search home apps. They are able to search the data they... by ivarny Path Finder in Splunk Search 09-20-2016 0 5	0	5
Splunk to capture data rather than receive hi all, I am working on a PCI environment and need to get audit logs from Linux RHEL machines into Splunk. LAN Segm... by rb51 Explorer in Splunk Search 09-20-2016 0 2	0	2
Compare date in search I have events containing field "Agent_Local_Time="9/19/2016 1:36:19 PM", I use EVAL to format the time "eval final_ti... by twtyj New Member in Splunk Search 09-19-2016 0 2	0	2
How can I edit my search so if my subsearch returns no results, my main search returns all events from index="test"? index="test" [search index="test_summary" key_field="y" \| head 1 \| eval search = "_time>" . _time \| fields search] \|... by rmuraly Explorer in Splunk Search 09-19-2016 0 2	0	2
What is the meaning of my regular expression? Hi, I used splunk to extract a new field and it has used this regular expression, rex "^(?:[^\\|\n]*\\|){6}(?P<error... by namritha Path Finder in Splunk Search 09-19-2016 0 6	0	6
How to add a clientip field to data sources for the iplocation command? I have a general question and I am more of a power user than admin level here (but I'm in the process of becoming one... by brian1_tate Path Finder in Splunk Search 09-19-2016 0 2	0	2
Why is my tstats including other counts? Hi, I am querying an accelerated data model for active directory, using the search below. However, the results are ... by a212830 Champion in Splunk Search 09-19-2016 0 3	0	3
How to exclude events with null fields in a search? Hello Splunkers, I've got a search built thats working properly but I'm not able to get the events with a particular ... by lbogle Contributor in Splunk Search 09-19-2016 10 8	10	8
How to search multiple sources within my search? How do I search multiple source files within my search? I want to do something like: source="/foo/bar/2016/09/{08,15... by andreacorrie Explorer in Splunk Search 09-19-2016 0 8	0	8
Is there an easy way to create a drilldown for an area chart? I have a dashboard panel that shows the sum of outbound data where I want to click on a value and display the raw eve... by pgort New Member in Splunk Search 09-19-2016 0 3	0	3
Extracting Fields from Structured HL7 Data I am trying to figure out how to extract structured data from an HL7 2.x message The entire message is wrapped in a... by dmbreton New Member in Splunk Search 09-19-2016 0 3	0	3
Graph the same time period but from 1 week previous Hi, I have a query that looks like this <chart depends="$tableurlerror$"> <title>URL Errors by Host Detail... by dbcase Motivator in Splunk Search 09-19-2016 0 12	0	12
Extra conditional search based on eval result Hi, I've a periodic anomaly detection search (alert) query that results like this in inline mail result table; AVER... by ozirus Path Finder in Splunk Search 09-19-2016 0 3	0	3
Why can't I get my search results to sort properly? Hi, I have this search index=main \| rex "(?i)\".*? /(?P<URL_HEADER>\w+/\w+)"\| rex "(?i) UCT\-(?P<URL_MICRO_SECONDS>... by dbcase Motivator in Splunk Search 09-19-2016 0 2	0	2
How to create a single value panel that changes based on weighted values? I want to create a single value panel that starts at 100, and when a specific alert goes off with an assigned weight,... by JoshuaJohn Contributor in Splunk Search 09-19-2016 0 15	0	15
Is there a way in splunk to get the Custom sql query execution time ? I am writing a custom sql dbxquery. When this custom query executes I want to know when it gets started and when its ... by JBNB007 New Member in Splunk Search 09-19-2016 0 1	0	1
How can I improve my active directory data search so that it does not take a long time to load? Hi, I have a search that is taking waaaaaaaaayyyyyyyyy too long and am looking for idea on how to improve it, be it ... by a212830 Champion in Splunk Search 09-19-2016 0 2	0	2
How to count events that are common or existing among multiple sourcetypes? Seeking help of Splunk Gurus. I have three sourcetypes : TICKET_OPENED, TICKET_ACTIVITY & TICKET_CLOSED. A common fi... by christopheryu Communicator in Splunk Search 09-19-2016 0 6	0	6
Getting the time that maximum count occurs every hour I have a search that finds the maximum number of events that occur in a single second on any given hour during the da... by klodian90 New Member in Splunk Search 09-19-2016 0 1	0	1
Variable earliest and latest? Hey, This forum has been so very helpful... I really cannot thank the posters here enough! However, I have a quest... by stevensa Explorer in Splunk Search 09-19-2016 3 4	3	4
subtract previous results with current result Hi All, I have a result which shows the total user directory count for every 1hr, but I want to how many user got cr... by kpavan Path Finder in Splunk Search 09-19-2016 1 4	1	4