Splunk Search

Community Activity

Timechart aggregation with 2 fields for a count over time I have events of this form: fooKey="abc", fooLoc="5", fooCount="1" fooKey="def", fooLoc="10", fooCount="1" fooKey="a... by seanawilliams New Member in Splunk Search 08-27-2016 0 3	0	3
Automatic lookup failing I have a lookup working when I use "lookup" manually in my search. I cannot seem to get this working as an automatic ... by ipops Path Finder in Splunk Search 08-27-2016 0 1	0	1
Log file rotation with date in file name Hi, I have to get all (and ONLY) tomcat std out files in D:/Program Files/Apache Software Foundation/Tomcat 6.0/logs.... by 1234testtest Path Finder in Splunk Search 08-27-2016 0 5	0	5
Searching against an mvappend generated field We created in props.confthe following - EVAL-mod_code = mvappend(modifier_code, modifier_code2, modifier_code3, modi... by ddrillic Ultra Champion in Splunk Search 08-26-2016 0 1	0	1
Make splunk return latest results first Hi, I have a dashboard with search queries which take tens of seconds to run. The results are displayed as charts, ... by godouet New Member in Splunk Search 08-26-2016 0 6	0	6
How to include a distinct count in an eval statement? I am currenlty trying to make a search a little more dynamic based off scanned devices rather than a static number i... by trevorr2004 Engager in Splunk Search 08-26-2016 0 4	0	4
Best way to use multipe searchs to get shared result that can be used for percentage. Trying to use multiple searches to get a percentage of total servers to be restored and total currently restored but ... by cbright Explorer in Splunk Search 08-26-2016 1 2	1	2
regex statement I am trying to extract the response time from this statement (Just the number, not the words response time or the ms ... by JoshuaJohn Contributor in Splunk Search 08-26-2016 0 2	0	2
How to convert time into the Epoch format Hi I have a timestamp field with values as below "2016-08-25T13:30:36.82" "2016-08-25T13:13:38.737" "2016-08-25T1... by samarkumar Path Finder in Splunk Search 08-26-2016 0 2	0	2
How to combine two different columns in a table into a single column? I have table as below generated from splunk C:x D:x E:x F:x C:y D:y E:y F:y A 2 1 0 3 5 ... by Rukmani_Splunk Path Finder in Splunk Search 08-26-2016 0 1	0	1
Lookup issues Having issues getting the NANP app to work (https://splunkbase.splunk.com/app/1515/) I have the following search but... by ipops Path Finder in Splunk Search 08-26-2016 0 1	0	1
Can't fillnull on fields in REST generated table? Why doesn't fillnull work here? \| rest /servicesNS/-/-/saved/searches splunk_server=local \| search disabled=0 is_sch... by the_wolverine Champion in Splunk Search 08-26-2016 0 3	0	3
Multiple where count > in the same string We always see some failures in our logs. But when we have an issue, the number of failures goes thru the roof. I'm tr... by sanorthrup Path Finder in Splunk Search 08-26-2016 0 3	0	3
Difficulty to get the time difference between two event time I am using the below query search\|eval 3CMStartTime = _time\|table Corr 3CMStartTime\|join Corr [search XXXXX\|eval 3CM... by samarkumar Path Finder in Splunk Search 08-26-2016 0 4	0	4
How to extract kv from a variable format field using kvform? I need to extract some keys/values from a certain field, however it doesn't have a fixed format. Actually this field ... by tcmarquesi Explorer in Splunk Search 08-26-2016 0 2	0	2
How do I join/combine my two search searches to get my expected result in a single table? join/combine two searches into single table, duplicate records override with the first value. Search1: host=test* s... by Bhanus1 New Member in Splunk Search 08-26-2016 0 5	0	5
how to get the first(_raw) when i have split my pattern which were separated by pipe "\|" using eval and split command. unique_exception= pattern1\|pattern2\|pattern3 all these three patterns(1,2,3) are tagged to unique number 111. eval te... by annamareddi New Member in Splunk Search 08-26-2016 0 2	0	2
How to search a log file based on the field value extracted from another log file? I need to read content from a second log file based on the field value which is extracted from the first log file. I ... by vrvasantharaj New Member in Splunk Search 08-26-2016 0 3	0	3
I want to delete duplicates from the splunk index which have same _raw and same _time Tried using the already answered question on splunk answer on the same topic they say do it using lookup or sub searc... by ashutoshsharma1 Path Finder in Splunk Search 08-26-2016 0 7	0	7
Fast mode in html view Hi, We are using html views to run slpunk queries.. Is there any way to make the search run in fast mode in views fo... by pasokkum Path Finder in Splunk Search 08-26-2016 0 2	0	2
How do I solve adding data inputs into DB Connect? I have successfully made an identity and connection. And have successfully validated that I am able to connect. ATM I... by napoleon_bing New Member in Splunk Search 08-26-2016 0 5	0	5
How can I display unique values of a field from a single event? Here's my input: .... .... TradeDetailsDTO [ShortName=ABCD, allocated=600], TradeDetailsDTO [ShortName=EFGH, alloca... by vikramphilar New Member in Splunk Search 08-25-2016 0 3	0	3
extract JSON from a field Hi, I have data that looks like this I'd like to extract the json out of the message field. I see the spath comm... by dbcase Motivator in Splunk Search 08-25-2016 0 16	0	16
Filtering Unwanted Events I've been trying to filter unwanted events on a heavy forwarder from being sent to indexers. I followed the instructi... by daniel_augustyn Contributor in Splunk Search 08-25-2016 0 2	0	2
After creating field extractions using the field extractor in Splunk Web, why are none of the fields returned in search results? Hi, First time trying this. I have the below data. Using the \| character as a delimiter, then going thru the field... by dbcase Motivator in Splunk Search 08-25-2016 0 1	0	1