Splunk Search

Community Activity

What is the difference between the metasearch and tstats commands? I've been using tstats for most of the use cases that metasearch covers, and so I'm interested in what metasearch can... by muebel SplunkTrust in Splunk Search 08-29-2016 1 4	1	4
Creating a Tabular report I have following output in the logfile - The service /app/service/upload succeeded in 1.264000 seconds, Request: {us... by runiyal Path Finder in Splunk Search 08-29-2016 0 2	0	2
Renaming column at runtime without knowing at coding time their names. Hi. I have the following query BASE QUERY earliest=-7d latest=now \| bucket _time span=7d \| stats count as events by... by andreafebbo Communicator in Splunk Search 08-29-2016 1 4	1	4
Where condition based on date / time for imported data Hi, I've a CSV imported data (hostname = AVGMAILCOUNT) and want to use its data based on present time values. What... by ozirus Path Finder in Splunk Search 08-29-2016 0 1	0	1
Regex to extract numbers from non unique string Hello, I am hoping that someone with far more knowledge than myself can help with a bit of a puzzling problem I have... by ahogbin Communicator in Splunk Search 08-28-2016 0 8	0	8
Finding devices that are "off" at a date, and then counting how many of them turn "on" on each subsequent day Hi, I'm a first time splunk user trying to figure out how to do the following: I have data describing devices, the d... by ALevin123 New Member in Splunk Search 08-28-2016 0 9	0	9
Subsearch NOT with dbxquery Hello Team, I do have dbquery from mysql: \|dbxquery query="SELECT mac FROM pc.pc" connection=MYSQL shortnames=true \|... by teknet9 Path Finder in Splunk Search 08-28-2016 0 3	0	3
Possible to get information about user executing a custom command in Splunk from within the Python script? I have a custom script that I've defined as a command in commands.conf. I've tried adding passauth and enableheader, ... by rharrisssi Path Finder in Splunk Search 08-28-2016 0 1	0	1
Compare responseTime field toady to last week without using append Hello, I have a problem comparing responseTime field last minute with last week (monday - sunday). Below query give t... by appache Path Finder in Splunk Search 08-28-2016 0 13	0	13
Map search did not find value for required atribute Hello Team, map command is working for me but only with some fields. For example: host="10.62.140.64" CISE_Profiler ... by teknet9 Path Finder in Splunk Search 08-27-2016 0 3	0	3
Timechart aggregation with 2 fields for a count over time I have events of this form: fooKey="abc", fooLoc="5", fooCount="1" fooKey="def", fooLoc="10", fooCount="1" fooKey="a... by seanawilliams New Member in Splunk Search 08-27-2016 0 3	0	3
Automatic lookup failing I have a lookup working when I use "lookup" manually in my search. I cannot seem to get this working as an automatic ... by ipops Path Finder in Splunk Search 08-27-2016 0 1	0	1
Log file rotation with date in file name Hi, I have to get all (and ONLY) tomcat std out files in D:/Program Files/Apache Software Foundation/Tomcat 6.0/logs.... by 1234testtest Path Finder in Splunk Search 08-27-2016 0 5	0	5
Searching against an mvappend generated field We created in props.confthe following - EVAL-mod_code = mvappend(modifier_code, modifier_code2, modifier_code3, modi... by ddrillic Ultra Champion in Splunk Search 08-26-2016 0 1	0	1
Make splunk return latest results first Hi, I have a dashboard with search queries which take tens of seconds to run. The results are displayed as charts, ... by godouet New Member in Splunk Search 08-26-2016 0 6	0	6
How to include a distinct count in an eval statement? I am currenlty trying to make a search a little more dynamic based off scanned devices rather than a static number i... by trevorr2004 Engager in Splunk Search 08-26-2016 0 4	0	4
Best way to use multipe searchs to get shared result that can be used for percentage. Trying to use multiple searches to get a percentage of total servers to be restored and total currently restored but ... by cbright Explorer in Splunk Search 08-26-2016 1 2	1	2
regex statement I am trying to extract the response time from this statement (Just the number, not the words response time or the ms ... by JoshuaJohn Contributor in Splunk Search 08-26-2016 0 2	0	2
How to convert time into the Epoch format Hi I have a timestamp field with values as below "2016-08-25T13:30:36.82" "2016-08-25T13:13:38.737" "2016-08-25T1... by samarkumar Path Finder in Splunk Search 08-26-2016 0 2	0	2
How to combine two different columns in a table into a single column? I have table as below generated from splunk C:x D:x E:x F:x C:y D:y E:y F:y A 2 1 0 3 5 ... by Rukmani_Splunk Path Finder in Splunk Search 08-26-2016 0 1	0	1
Lookup issues Having issues getting the NANP app to work (https://splunkbase.splunk.com/app/1515/) I have the following search but... by ipops Path Finder in Splunk Search 08-26-2016 0 1	0	1
Can't fillnull on fields in REST generated table? Why doesn't fillnull work here? \| rest /servicesNS/-/-/saved/searches splunk_server=local \| search disabled=0 is_sch... by the_wolverine Champion in Splunk Search 08-26-2016 0 3	0	3
Multiple where count > in the same string We always see some failures in our logs. But when we have an issue, the number of failures goes thru the roof. I'm tr... by sanorthrup Path Finder in Splunk Search 08-26-2016 0 3	0	3
Difficulty to get the time difference between two event time I am using the below query search\|eval 3CMStartTime = _time\|table Corr 3CMStartTime\|join Corr [search XXXXX\|eval 3CM... by samarkumar Path Finder in Splunk Search 08-26-2016 0 4	0	4
How to extract kv from a variable format field using kvform? I need to extract some keys/values from a certain field, however it doesn't have a fixed format. Actually this field ... by tcmarquesi Explorer in Splunk Search 08-26-2016 0 2	0	2