Splunk Search

Community Activity

Why is transaction maxspan=1mon span=1mon showing results for MAX that are more than 1 month? I'm working on Juniper syslogs and trying to extract data using search below: index=A sourcetype=B LSP_DOWN OR LSP_U... by christopheryu Communicator in Splunk Search 08-24-2016 0 1	0	1
can't figure out line breaks on a particular file I have Hi There, I have a log file that looks like this (where it says "blank line" is a blank line, not the words "blank l... by gregcain Explorer in Splunk Search 08-24-2016 1 5	1	5
variable to control the value of `future_timespan` in the predict function? Is there a way I can use a variable to control the value of future_timespan in the predict function? I have tried t... by HattrickNZ Motivator in Splunk Search 08-24-2016 0 5	0	5
How to edit my props.conf for a custom field extraction based on the source field? I'm having issues creating a custom field extraction based on the source field. Here's all the information. inputs.... by hortonew Builder in Splunk Search 08-24-2016 0 2	0	2
How to group by a column value Hi, I'm searching for Windows Authentication logs and want to table activity of a user. My Search query is : index... by gautham Explorer in Splunk Search 08-24-2016 0 4	0	4
How can I run this query more efficiently without using so many join commands? Hello, I'm running the following query to combine data from two different sources and to create a table for our AppA... by kltest Explorer in Splunk Search 08-24-2016 0 3	0	3
extracting field using rex props.conf I have data that looks like this: **** Error Wed Aug 24 09:36:52 CDT 204941272049412507 /nitro/com/t/Manager Ce... by JoshuaJohn Contributor in Splunk Search 08-24-2016 0 1	0	1
How to optimize my search to find 30+ src_ips and any dest_ip that are not 2 specific IP addresses? Currently I am using (OR)s For example: Index = A sourcetype=a (src="192.168.3.5" OR src="192.168.3.6" OR.... etc.... by packet_hunter Contributor in Splunk Search 08-24-2016 0 9	0	9
How to edit my rex statement to extract the name out of this example string? I am trying to rex out a person name out of the following.... .... @ xyz-2\\\\johndoe&........ Here is my current ... by packet_hunter Contributor in Splunk Search 08-24-2016 0 2	0	2
How to extract fields from email header to get email delivery time between each email server... Hi, I am trying to create email performance monitor using imap app. Using email header, I would like to get how lon... by melonman Motivator in Splunk Search 08-24-2016 0 4	0	4
Query for Results count making performance worse In the view, we have one table. We want to know the total results found for that particular search. So we used one mo... by pasokkum Path Finder in Splunk Search 08-24-2016 0 3	0	3
Multiline event not get breaking properly in middle of indexing i am indexing .dat file which contains more than 5000 events. in the middle 1 or 2 events breaked wrongly This the c... by arunloganathan New Member in Splunk Search 08-24-2016 0 6	0	6
How to extract unique values from events with multiple values? I am importing SQL data into Splunk. Each record contains SessionID, message, and VarValue. SessionID is always uniq... by ipops Path Finder in Splunk Search 08-23-2016 0 3	0	3
Can't run "lookup" on a lookup table created by "outputlookup" About my Environment Everything here is run using Splunk 6.4.2. The Problem I need to correlate session IDs and IP... by samjenk_2 Explorer in Splunk Search 08-23-2016 0 6	0	6
Splunk SDK for Ruby asynchronous search fail while connecting to load balancer Issue : We don't see run async query using Ruby SDK against a Splunk 6.4 search head cluster via a BIG-IP load balanc... by sat94541 Communicator in Splunk Search 08-23-2016 0 1	0	1
Is there a way to increase the limit of results returned for the chart command? Chart command is limited to 10000 results by default, but I want to see all the events (Total-73228 events). index=e... by uhkc777 Explorer in Splunk Search 08-23-2016 0 1	0	1
How do I edit my regular expression to search for a question mark in a string? Hi, I'm having a dickens of a time trying to figure out how to use a question mark as the termination of a search fo... by dbcase Motivator in Splunk Search 08-23-2016 0 3	0	3
How to edit my search to sort dates in calendar order? Here is my search: index=parmed-qa date_wday=monday \|table _time date_month date_wday date_mday orderid\|sort 0 _time... by uhkc777 Explorer in Splunk Search 08-23-2016 0 1	0	1
How to split Start Time and End Time after using the Splunk transaction command? Currently, I'm using Splunk transaction command to derive the duration using an attribute named TimeStamp from a data... by leonheart78 Explorer in Splunk Search 08-23-2016 0 1	0	1
Join two fields within the same index From one single index, there contains the following four fields, Source, Name, EquivalentName (part of the records un... by LIUJIEER Explorer in Splunk Search 08-23-2016 0 7	0	7
Getting TailReader - File descriptor cache is full (100), trimming in one of the splunk heavyforwarder ? How to fix this issue. Currently we have two heavy forwarder to configured to forward the data to the indexer. Just wanted to know what are... by Hemnaath Motivator in Splunk Search 08-23-2016 0 14	0	14
Regex Extraction Hi, I have encountered error while trying to using the Splunk Web to extract the below bolded field Remark="B78OH30... by leonheart78 Explorer in Splunk Search 08-23-2016 0 8	0	8
Add calendar control in fieldset in a view my need is to add calendar control to pickup single date , in a fieldset of a view. I do not want to use because usi... by spatil Path Finder in Splunk Search 08-23-2016 1 3	1	3
How to Set A date field on a custom HTML form Hi Everyone, I am running Splunk ver 6.4 on CentOS release 6.6 (Final) Running web GUI on Firefox ver 46.0.1 and Ch... by napomokoetle Communicator in Splunk Search 08-23-2016 0 4	0	4
SearchSelectLister I have the following Advanced XML code that contains both a Static Select and a SearchSelectLister, My main goal is t... by Dark_Ichigo Builder in Splunk Search 08-23-2016 1 6	1	6