Splunk Search

Community Activity

How to write a query where I can show the success and failure of a status? H Form the result of a asearch i get field status- success & failed, i need to show the count of success and failed ... by kiran331 Builder in Splunk Search 08-10-2016 0 4	0	4
Hunk is not filtering files based on timestamp I have a Hunk installation that is successfully (albeit slowly) pulling data from an s3:// filesystem. However, I'm ... by mik_cox Explorer in Splunk Search 08-10-2016 0 1	0	1
Assign earliest and latest _time to some other timestamp column I want to take the earliest and latest _time and assign to some other timestamp column. For example, I have a timesta... by splunk_hvijay Explorer in Splunk Search 08-10-2016 0 1	0	1
Can a result of one query can be used in multiple timechart ? I can use a query that display the result in verbose mode with all fields displayed in interesting field area. I woul... by pradjswl Explorer in Splunk Search 08-10-2016 0 2	0	2
How to edit my regular expression to extract a field from my sample data? Hey Fellow Splunkers I'm looking to possibly create a regular expression that can be used to extract a field. The da... by asarran Path Finder in Splunk Search 08-10-2016 0 10	0	10
How to edit my regular expression to extract a field and trim out strings with more than X characters (except space) from the value? I have the following events. event 1) [08-09-2016_08:00:40.567_PDT] [ERROR] - [ePdv0XVRu2] [xxx@yyy.com] [] [auth] ... by pradjswl Explorer in Splunk Search 08-10-2016 0 8	0	8
Why is my dashboard panel showing different values from the base report? Hi, I wonder if someone can help me on something. I created a report which runs absolutely fine no matter when I run... by robettinger Explorer in Splunk Search 08-10-2016 0 3	0	3
search adding instead of representing a trend I'm trying to rectify a search where the chart should represent a Trend but is actually just adding the last active u... by Esky73 Builder in Splunk Search 08-09-2016 0 2	0	2
Calculate percentage from an event field and lookup field I am trying to calculate percentage from a field in my lookup (xyz ) to an event field in splunk (abc). Technically i... by ashishlal82 Explorer in Splunk Search 08-09-2016 0 11	0	11
How to add or sum values in a timechart? Hi Splunkers, How to add or SUM values in timechart as shown below: Search I used: base search\|transaction....\|ti... by sridharreddy New Member in Splunk Search 08-09-2016 0 1	0	1
Is using TERM() the same as searching for something in quotes? Is using TERM() the same as searching for something in quotes, in that the search is not checking letter by letter, b... by splunkin11 Path Finder in Splunk Search 08-09-2016 0 1	0	1
How to append a single value to multiple rows in my table? base search\| mvexpand Name \| stats dc(Name) as totalcve by severity \| appendcols [\|inputlookup lookupname\| stats coun... by ashishlal82 Explorer in Splunk Search 08-09-2016 0 2	0	2
Chart multiple columns based on time and additional grouping We are trying to chart multiple results with some success. I am able to have everything sorted based off the Device c... by tccooper Explorer in Splunk Search 08-09-2016 0 5	0	5
get peak values from a timechart I have a chart and would like to get a total of all the peaks values on the chart. This chart calculates idle time a... by chadman Path Finder in Splunk Search 08-09-2016 0 7	0	7
Why are some of the events garbled with "\x00"? I am indexing some logs and I see some events are filled with "\x00" while some other events are indexed correctly. by elusive Splunk Employee in Splunk Search 08-09-2016 5 6	5	6
Importing a file, how do I configure Splunk to parse fields from the raw logs in this format? I'm importing a file into Splunk and the file always has these fields: Date (07/25/16 ) \| Time (01:12:04) \| Message... by dperry Communicator in Splunk Search 08-09-2016 0 6	0	6
How do i regex the numbers for the following hung thread log message...? Looking for a regex in 612,200(threadDuration) and 3(no.of.Threads) for the log message below... WSVR0605W: Thread “... by prakash007 Builder in Splunk Search 08-09-2016 1 2	1	2
How to pass search result from one Panel to a different Panel? Hello. I'm trying to construct a footer containing my app's version in a dashboard. The footer resides in a differe... by _dave_b Communicator in Splunk Search 08-09-2016 0 5	0	5
What is the difference between sma and avg? I want to know the exact difference between sma and avg. Also, can someone pls provide detailed description of trend... by simona2121 Path Finder in Splunk Search 08-09-2016 2 3	2	3
How to change the frequency of search jobs scheduled to run from configuration files to prevent 100% CPU usage? I've messed my Splunk system up a bit and some jobs or searches (I don't remember) are continuously running (every mi... by Javo222 Path Finder in Splunk Search 08-09-2016 0 3	0	3
How to write a search to alert if there is a growing number of a particular type of event? How to detect if there is a growing number of a particular type of event? It could indicate “flapping” on the Exchang... by Gayathirik Path Finder in Splunk Search 08-09-2016 0 4	0	4
Average and maximum time between events by location Given public transit log data of the form: 2016-08-01 13:34:03 GMT vehicle_id="1234" stop_id="5678" I would like t... by plucas_splunk Splunk Employee in Splunk Search 08-08-2016 0 1	0	1
How to write regex to extract fields with multiple values? The below is the windows security logs Message field data. The Security_ID field is splunk identified and contains 2 ... by basanthp Path Finder in Splunk Search 08-08-2016 1 7	1	7
How to extract an XML element attribute which has a space and no quotation marks? Hi Guys, I have the below XML in a log file: I can't get the the name attribute via "path="Customer{@value}")" patt... by wuwangjun New Member in Splunk Search 08-08-2016 0 6	0	6
How to edit my search to display Min, Max, Total, and Sum at the end of a table as separate rows? Hi This is my current Splunk search: index=pqaestore source="/log/jboss_jmx_stats.log" \| dedup host \| rex field=_ra... by sureshwalmart Explorer in Splunk Search 08-08-2016 0 1	0	1