Splunk Search

Community Activity

I want to delete duplicates from the splunk index which have same _raw and same _time Tried using the already answered question on splunk answer on the same topic they say do it using lookup or sub searc... by ashutoshsharma1 Path Finder in Splunk Search 08-26-2016 0 7	0	7
Fast mode in html view Hi, We are using html views to run slpunk queries.. Is there any way to make the search run in fast mode in views fo... by pasokkum Path Finder in Splunk Search 08-26-2016 0 2	0	2
How do I solve adding data inputs into DB Connect? I have successfully made an identity and connection. And have successfully validated that I am able to connect. ATM I... by napoleon_bing New Member in Splunk Search 08-26-2016 0 5	0	5
How can I display unique values of a field from a single event? Here's my input: .... .... TradeDetailsDTO [ShortName=ABCD, allocated=600], TradeDetailsDTO [ShortName=EFGH, alloca... by vikramphilar New Member in Splunk Search 08-25-2016 0 3	0	3
extract JSON from a field Hi, I have data that looks like this I'd like to extract the json out of the message field. I see the spath comm... by dbcase Motivator in Splunk Search 08-25-2016 0 16	0	16
Filtering Unwanted Events I've been trying to filter unwanted events on a heavy forwarder from being sent to indexers. I followed the instructi... by daniel_augustyn Contributor in Splunk Search 08-25-2016 0 2	0	2
After creating field extractions using the field extractor in Splunk Web, why are none of the fields returned in search results? Hi, First time trying this. I have the below data. Using the \| character as a delimiter, then going thru the field... by dbcase Motivator in Splunk Search 08-25-2016 0 1	0	1
How to edit my search to use a custom field created with eval in my time chart search? I have a search that comes up with a score based off a custom formula from nessus scan results. I want to plot that v... by trevorr2004 Engager in Splunk Search 08-25-2016 0 6	0	6
search command Here is my search query. index=parmed-stage\|eval _time=_time+14400\|table _time OrderId OrderDetailID _raw\|search NOT... by uhkc777 Explorer in Splunk Search 08-25-2016 0 12	0	12
How to edit my search to get results to display volume as BYTES, KB, MB, GB, and TB? Hello, I have search and currently the results show in MB. For example: Current Search: Vol in MB 112435 9734 298... by elijahputnam New Member in Splunk Search 08-25-2016 0 3	0	3
How to populate a dynamic drop-down with an eval case statement? Hi! So I have two drop-downs on my dashboard: one with a static list of options (dd1), and a second one which will ... by myungjaeyi Engager in Splunk Search 08-25-2016 0 4	0	4
create timechart using a string date field I found a few answers here on this forum on how to use a date string field as the datetime for a timechart. I tried t... by jdepp Path Finder in Splunk Search 08-25-2016 0 2	0	2
Selecting log entry having smallest field value Suppose I have log data like this: 2016-08-24 03:46:15 GMT vehicle_id="1075" vehicle_distance=145 stop_tag="5687" ..... by plucas_splunk Splunk Employee in Splunk Search 08-25-2016 1 10	1	10
How do we migrate from single instance to an index and search head cluster We are trying to move from a single instance of splunk to a clustered environment. We created the cluster as per the ... by ritsma Engager in Splunk Search 08-25-2016 0 2	0	2
IP location not displaying city lat lon country etc Hi all, IP location is not displaying any of the fields it should return when used in search app. But the iplocation... by Venkat_16 Contributor in Splunk Search 08-25-2016 0 3	0	3
Can you do conditionals in searches where the action is to add/change the search string? I did a lot of reading last night about eval ifs and read several posts that danced around the edge of being relevant... by j4adam Communicator in Splunk Search 08-25-2016 0 3	0	3
Why am I unable to save my search as a query in a dashboard panel? I have search that works fine when run manually: sourcetype=WinHostMonTest \| rex field=_raw "CommandLine=(?.+[^\n])"... by smudge797 Path Finder in Splunk Search 08-25-2016 0 8	0	8
Unable to start splunkd service I am first time user and i am unable to start splunkd service, i tried different credentials under log on but i am st... by zaheerc786 Engager in Splunk Search 08-25-2016 1 3	1	3
how to exclude some values from results returned by makemv My data has a field FooBar, and \| stats count by FooBar returns: FooBar count ------------------- foo,bar,... by nickrallysplunk New Member in Splunk Search 08-25-2016 0 1	0	1
How to handle no results from sub-search when using 'format' or 'return' We would like to use a sub-search to query an input and re-write the search query to alter the search used in the mai... by jonfrancais Explorer in Splunk Search 08-25-2016 0 1	0	1
Is a Splunk heavy forwarder able to keep track of non indexed file size? Hello Team, I have heavy forwarder where am filtering 1GB file to 4MB and indexing, and now I want to get the actual... by snehalquintiles New Member in Splunk Search 08-25-2016 0 1	0	1
Unable to use stats on summary index I've created a summary index to keep track of my customer IDs and what their last IP address was, however I'm getting... by 606866581 Path Finder in Splunk Search 08-25-2016 0 5	0	5
How do I filter out results of a search AFTER the search? Basically I have a search from multiple different sources with lots of raw rex field extractions and transactions and... by ZacEsa Communicator in Splunk Search 08-24-2016 0 12	0	12
How to search for total number of buckets for an index and total sizeOnDiskMB for a specific state? Hello, I am looking for a go-to search that will give me total number of buckets for an index for a specific state o... by jcspigler2010 Path Finder in Splunk Search 08-24-2016 0 1	0	1
How to use "AND" and "OR" operations in a text panel search? I made a text panel in a Splunk dashboard. I want to use "AND" and "OR" operations in the text panel for searching co... by JangYounKyung New Member in Splunk Search 08-24-2016 0 3	0	3