Splunk Search

Community Activity

Set earliest and latest time using a variable Hi! I'm trying to set the earliest and latest for a sub-search using a variable from the main search. The code below... by zamberetta New Member in Splunk Search 09-05-2016 0 1	0	1
Group events that occur continuously and contain a common name I would like to group continuous events that occur in order over time, and have a common name. For example: _time ... by ollie920049 Path Finder in Splunk Search 09-05-2016 0 2	0	2
how we can identify peoples region in Splunk ? Hello Team, We have use case where we need to map/identify people's region in Splunk and create dashboard. Can we ... by nikhilagrawal Path Finder in Splunk Search 09-05-2016 0 6	0	6
How to count events with specified id, if there are three events successively Hello I would like to make a search for a SLA who does the following: (id 700 is ok, 702 is nok) Count number of ev... by tgdvopab Path Finder in Splunk Search 09-05-2016 0 3	0	3
split multi value fields my dear friends, I'm running the below search string that give me the following result: index=qualys IP="" DNS="" cv... by aliroumani Explorer in Splunk Search 09-04-2016 0 2	0	2
Remove duplicate keywords (values) returned from field Hi All, I am splitting a Description field with "space" using Split command and generating list of keywords ( doing ... by pgadhari Builder in Splunk Search 09-04-2016 0 8	0	8
Add a new field at index time and rewrite values from another field Hi All, I am facing an issue with logs from juniper SRX and ES. I am pretty new to splunk, i am hoping the answer wo... by saadmalik83 New Member in Splunk Search 09-04-2016 0 1	0	1
compare results of two searches i have to searches : 1) index=symantec_sep sourcetype="symantec:ep:scan:file" \| dedup dest \|table dest \| sort dest 2... by aliroumani Explorer in Splunk Search 09-03-2016 1 7	1	7
stats count issue, mismatch with search query results Hello, i'm using a query to find all traffic hitting a singe firewall rule. it's something like this: host=fw_host_n... by delalegro Engager in Splunk Search 09-03-2016 0 3	0	3
How to edit my search to chart the count of how many sources were indexed in the last hour? I want to create a scheduled report that would count how many log files we’ve received in last hour. This is what I’v... by shahzadarif Path Finder in Splunk Search 09-03-2016 0 3	0	3
How to find the most matching result? Dear all Splunkers I'm a newbie for splunk and quite frustrated any method can do somekind of compare/find the most ... by CcCcCcCcCc1 New Member in Splunk Search 09-03-2016 0 2	0	2
Change TableElement option in Javascript Hi, I would like to create a "results per page" dropdown in a table I display in a dashboard. First I create a dropd... by MaryvonneMB Path Finder in Splunk Search 09-03-2016 0 1	0	1
Average Count doesn't show? Hi, I have this query earliest=-4d index=wls OR index=main "ServletRequestImpl.java:2768" OR "rest path:/rest spe... by dbcase Motivator in Splunk Search 09-02-2016 0 5	0	5
How to create a time chart on response times for multiple services? I want to display the response time of 2 different transactions (or 2 events). Let's say, first transaction/event is ... by abc_ New Member in Splunk Search 09-02-2016 0 4	0	4
How do I run a search dynamically when specific inputs are received by splunk? Hello fellow splunkers, A few static files are generated within my environment, and when they do they are collected ... by JWBailey Communicator in Splunk Search 09-02-2016 1 2	1	2
Where are the tsidx files generated by tscollect command written to? I can't seem to find information in the documentation as to where I can locate the generated tsidx files from my tsco... by the_wolverine Champion in Splunk Search 09-02-2016 0 7	0	7
Why does searching "index=cisco_ios sourcetype=cisco:ios" return results, but "sourcetype=cisco:ios" does not? Hi I'm not able to search only with sourcetype=cisco:ios, When I do index=cisco_ios sourcetype=cisco:ios, it's worki... by kiran331 Builder in Splunk Search 09-02-2016 0 1	0	1
Simple math and string concatenation Hi I have this dashboard: <form> <label>Prova_selettore_dinamico Clona v1</label> <fieldset submitButton="false"... by andreafebbo Communicator in Splunk Search 09-02-2016 1 12	1	12
fetch between 2000 to 3000 events in query Hi, In splunk query 'head' command is used to get the first 'particular' number of events. I want to get the events ... by pasokkum Path Finder in Splunk Search 09-02-2016 1 4	1	4
Splunk query to list the events without date ? Also it would be great if anyone can lgive a search query to list out the top 10 hosts with those events? Thanks in ... by pavanae Builder in Splunk Search 09-02-2016 0 2	0	2
Some splunk events indexing without any date in them which makes manually insert the date in search query to search? Some splunk events indexing without any date in them which makes manually insert the date in search query to search..... by pavanae Builder in Splunk Search 09-02-2016 0 1	0	1
How do I get separate count for one field and then show total count in the other column Hi : I want a table something like : API Code Count Total API1 404 2 11 500 3 ... by mehwishw New Member in Splunk Search 09-01-2016 0 5	0	5
How to create a text input box in a dashboard that populates to all panels? Is this possible? Just an input box at the top of the dashboard where I can pass on a search item to all panels? Lo... by clintla Contributor in Splunk Search 09-01-2016 0 4	0	4
How do I search for the Errored Transaction_IDs ONLY, then take those Errored TIDs and search for each entry related to them? index=my_server sourcetype=server1_log NOT "status=SUCCESS" "client_id=my_client" returns TID=0101010101 client_id... by shariefc New Member in Splunk Search 09-01-2016 0 6	0	6
Map command returning limited results I am running a query that uses the map command to take the values of one search for use in another (in my case Policy... by ahogbin Communicator in Splunk Search 09-01-2016 0 8	0	8