Splunk Search

Community Activity

How to add blank rows in a table? Hi friends!!! I am using the delta command to show the difference between two entries/values, but need to have a bla... by dennisaraujo Path Finder in Splunk Search 08-01-2016 0 2	0	2
Events with maximum value of dynamic field I think I'm missing something. I have rex generating a new field for me. I want to return only events with the maximu... by mmclain1 Explorer in Splunk Search 08-01-2016 1 3	1	3
How to display only matching names from a CSV file with 2 fields? Hi, I'd like to have Splunk display only matching names from my .csv data source which has 2 fields. I'd like to di... by infra2sec Path Finder in Splunk Search 08-01-2016 1 5	1	5
header problem in splunk reading the wrong header i am using perl script to pull the data from DB. The data is indexed perfectly and it's using the header that i was m... by lavanyaanne Path Finder in Splunk Search 08-01-2016 0 2	0	2
How to call macros from a Splunk JavaScript SDK search? Hi, In my search, I need to call a macro with the eval command, but I am getting error "bad request". My macros.conf... by ektasiwani Communicator in Splunk Search 07-31-2016 0 3	0	3
Cisco ASA Timechart I'm looking to create a timechart of VPN sessions that shows the number of users logged on over the course of a 24 ho... by jmaple Communicator in Splunk Search 07-30-2016 0 2	0	2
How to add image from URL to a table Pretty simple question, hopefully it is a simple answer. I have data where one field has a URL of an image. I would... by ccsfdave Builder in Splunk Search 07-29-2016 0 3	0	3
Is there a way to find which props.conf and/or transforms.conf file is applied to a specific sourcetype for search-time field extractions? I have certain logs which are indexed correctly. Field extraction using props.conf and transforms.conf works correctl... by ashabc Contributor in Splunk Search 07-29-2016 0 1	0	1
How do we get our summary index search to produce our expected result? Hi, We are planning to implement summary indexing in our dashboards. As part of it, I have created a scheduled searc... by splunker9999 Path Finder in Splunk Search 07-29-2016 0 6	0	6
How to search my Sonicwall logs for multiple values for the same field? Very much a newb looking to get some basic information from my Sonicwall logs. Setting up the search using multiple c... by Rockn New Member in Splunk Search 07-29-2016 0 2	0	2
How to search a specific user's internet activity for a certain time range? (websites visited, search history, timestamps) I am trying to complete a request for a specific employees internet search history. I need to specify a date range, l... by RobertKepner New Member in Splunk Search 07-29-2016 0 7	0	7
Why do search results return nothing on a calculated check? I have a summary index that is holding lead information. One of the data points I created was the numeric day the lea... by jsilverbears Path Finder in Splunk Search 07-29-2016 0 3	0	3
Should you specify or not specify the index in your search? What are everyone's thoughts on whether you should or should not specify the index in your search? Is sourcetype=val... by sjaworski Communicator in Splunk Search 07-29-2016 0 5	0	5
Count Sourcetype by Day In 6.4.2 version, when i try to count the integrated volume by sourcetype last day for example with this search : ea... by laberthelemy Engager in Splunk Search 07-29-2016 0 7	0	7
Getting duplicate rename fields error after upgrade from 6.3.0 to 6.4.2 The following search worked prior to upgrade: \| stats sparkline count dc(sourcetype) as sourcetype last(_raw) as las... by bandit Motivator in Splunk Search 07-29-2016 0 2	0	2
Are there recommendations on teaching users how to get current data from reports without hitting concurrent search limits? A ticket has come across my desk today where a customer is getting different results from different search heads for ... by jamesoconnell Path Finder in Splunk Search 07-29-2016 0 8	0	8
Does lookup command support OR Boolean operation? Hello, I have events in index 1 and I have lookup table 1 created from a CSV file. I want to lookup events from index... by vpao Engager in Splunk Search 07-29-2016 0 1	0	1
left join multivalue hi, i try to use left join to match between two index. index="myfirst_Index" \| rex max_match=0 field=multivalu... by sfatnass Contributor in Splunk Search 07-29-2016 0 5	0	5
How to include all rows from a lookup? Hi folks, newbee here, I'm trying to do this: \| stats values(duration) as DaysSinceLastAccess, count(duration) as Ac... by yma8000 New Member in Splunk Search 07-29-2016 0 1	0	1
Compare time of the output of the query Hi All I am trying to compare the result of the query. In am getting this result from my query Hostname date time ... by Anshumaan12 New Member in Splunk Search 07-29-2016 0 4	0	4
Universal Forwader Regex - no special field Hey Guys, any chance to set a blacklist entry in the universal forwarders input.conf for not sending events where in... by sdf5496d8f New Member in Splunk Search 07-29-2016 0 2	0	2
How to calculate Weighted Average After the base search such as: ...... \| stats sum(r1) as t_r1 sum(r2) as t_r2 sum(duras) as total_dura c(member) ... by tac24 New Member in Splunk Search 07-29-2016 0 2	0	2
How to write a search to show events that do not meet transaction requirements? Hello, I am trying to find a way to show events which are not meeting transaction requirements. So of course I can't... by Fleshwriter Explorer in Splunk Search 07-29-2016 0 4	0	4
[hope someone could help me!] How can reduce records in each row in splunk table. Hi, I was preparing a dashboard but i have some problems while generating the table. I am using sort and stats to gr... by jujis008 Explorer in Splunk Search 07-28-2016 0 2	0	2
Is there a way to do calculation on streamstats values? Hi folks, newbie here, trying to use Splunk to do some stuff... I have a search that ends like below: \| table DaysS... by yma8000 New Member in Splunk Search 07-28-2016 0 2	0	2