Splunk Search

Community Activity

Unable to search mv All, I am unable to search by a mvexpand which I am doing via fields.conf. I am getting the extraction I expect, bu... by daniel333 Builder in Splunk Search 08-15-2016 0 4	0	4
Timestamp regex not capturing correctly. Hello, Is it possible to write a regex that has two different capture areas for the timestamp? Here is my problem: ... by dmalina_splunk Splunk Employee in Splunk Search 08-15-2016 0 3	0	3
Convert time I'm trying to rename _time to Time and it's changing the format. I used ctime to fix it, but I only want to display ... by chadman Path Finder in Splunk Search 08-15-2016 0 3	0	3
Clean up search head cluster objects After switching to Search Head cluster some of our team members are having hard time adjusting to the 'deployment of ... by ateterine Path Finder in Splunk Search 08-15-2016 0 2	0	2
How to sort time so that minute values are in correct order relevant to a 60 minute hour? Here is the data when sorted recent first.... 11:25:22 11:25:23 11:25:51 11:25:52 11:25:53 11:5:37 11:5:38 11:5:42 1... by packet_hunter Contributor in Splunk Search 08-15-2016 0 6	0	6
Extracting field using rex for URL I have this search: index=nitro_prod_ecomm sourcetype = nitro_access_log earliest=-30m@m \| rex field=_raw "\d\d\:\d\... by JoshuaJohn Contributor in Splunk Search 08-15-2016 0 1	0	1
Merge two disjunct number fields into one Hi, I had to switch from one DB Connect App to another which leads to two fields where I have my version information... by mhornste Path Finder in Splunk Search 08-15-2016 0 3	0	3
How to display time ranges based on chart/table data I have a timechart that works ok, but can be hard to read because of how Splunk averages the data. I have tried to s... by chadman Path Finder in Splunk Search 08-15-2016 0 6	0	6
How to change the output format of search results? Using my splunk query, I am getting the output as follows (X and Y are headers)- X Y ----------- 1 A... by gadeanup1 Engager in Splunk Search 08-14-2016 0 2	0	2
How to get an automatic lookup to run after dnslookup to first translate the name from the IP of devices on my network? Hi all, I'm VERY new to Splunk and I'm trying to learn. I have a RPi running dnsmasq on my home network and have it... by GRMcCauley Explorer in Splunk Search 08-14-2016 0 3	0	3
in splunkd.log a lot of warnings : DispatchCommand - could not read metadata file In my splunkd.log (v4.1) I have a lot of warnings like these : 04-13-2010 00:05:19.676 WARN DispatchCommand - could... by imrago Contributor in Splunk Search 08-14-2016 1 3	1	3
Why is my nullQueue configuration not working at app level? I would like to eliminate the unnecessary content in the events because I have a small license. I want to remove the ... by vkakani60 Path Finder in Splunk Search 08-13-2016 0 12	0	12
How do I automatically run mvexpand on a field? All, I run this search - index=main \| makemv PCIDSS delim="," I'd like to be automatically expanded instead. B... by daniel333 Builder in Splunk Search 08-12-2016 0 3	0	3
Bubble Graph percentage X axis trouble. I have a graph where everything looks visually correct; however, the numbers are all off. In the example below the ... by Cuyose Builder in Splunk Search 08-12-2016 0 1	0	1
stats command help to convert a row to column Need your help, In the below query, we want to convert metric_name as column with values of avg_average, Can you ple... by dhavamanis Builder in Splunk Search 08-12-2016 0 7	0	7
i need to extract fields from XML from this data i want to extract theses fields "Message", "Query" and "Row". when i try to extract i am getting error... by rwiley Explorer in Splunk Search 08-12-2016 0 7	0	7
Why am I not getting any search results using the REST API to send a request to the /search/jobs/export endpoint? Hi, I am trying to do a real-time Splunk search using the REST API. The endpoint I am sending a request to is servic... by sk4l Explorer in Splunk Search 08-12-2016 0 7	0	7
How to edit my search to calculate the time difference between two events? Hello Splunk'all, I am trying to derive a simple chart from the data I got here within a Splunk Index. The data cons... by vikramyerneni Explorer in Splunk Search 08-12-2016 0 15	0	15
Splunk search stuck Since upgrade from version 6.3.2 to 6.4, we are getting this problem. Search stuck at point of time and doesn't progr... by omesh4sv New Member in Splunk Search 08-12-2016 0 8	0	8
Capture the peak points in a table I have a great search that someone here helped me with the other day. It will take all the peak numbers in a search ... by chadman Path Finder in Splunk Search 08-12-2016 0 4	0	4
Subsearch using boolean logic Hello, I am looking for a search query that can also be used as a dashboard. The query has to search two different s... by bluemarvel Path Finder in Splunk Search 08-12-2016 1 2	1	2
How to transform a field into a time format? I extracted deployment time from events and it's currently in this format 0:04.645 and 1:30.123 and is in terms of Mi... by skoelpin SplunkTrust in Splunk Search 08-12-2016 0 3	0	3
How to alert based off the last reported number in a stats count How to alert based off the last reported number in a time chart. I want to alert based on a comparison of the last tw... by sbattista09 Contributor in Splunk Search 08-12-2016 0 3	0	3
How can we edit our search to visualize results on a pie chart? Hi, We have the search below and are looking to view results in pie chart format. We are facing difficulties to visu... by splunker9999 Path Finder in Splunk Search 08-12-2016 0 3	0	3
How to i get the average maximum number of a field Hi All, I just involved in SPLUNK project development and i have lilmited knowledge in how to get splunk search work... by tailesley New Member in Splunk Search 08-12-2016 0 4	0	4