Splunk Search

Community Activity

How to edit my search to get expected output EVENT1) 20160718T164839.608 GMT INFO MESSAGE=" RES" SNAME="ABCD" ACCNO="123456" EVENT2) 20160718T164831.111 GMT INFO... by sridharreddy New Member in Splunk Search 07-21-2016 0 1	0	1
Can eval evaluate Cosines? Can eval evaluate Cosines? by davecroto Splunk Employee in Splunk Search 07-21-2016 2 6	2	6
Consolidating table entries 192.168.1.7 \|table Realm, Role I have a search and I'm trying to consolidate to unique combinations of Realm and Rol... by dwear Explorer in Splunk Search 07-21-2016 0 3	0	3
Subsearch not Working I believe I fully understand the concept of subsearches and have used it a few times perfectly, however, I can't get ... by Makinde New Member in Splunk Search 07-21-2016 0 2	0	2
Why is my transaction search grouping two start events together and no end? Hi, I am trying to create transactions that begin with a start event and end with an end event, so I can find events... by brianlee12 Engager in Splunk Search 07-21-2016 0 2	0	2
Show a chart based on host found in another search Ok, So I have two searches that work great. One will find computers with slow ping times. The other will create a c... by chadman Path Finder in Splunk Search 07-21-2016 0 5	0	5
How to join log file with a lookup file? I have indexed one log file in which Job name, job status and time are the fileds. Also, I have one lookup file which... by poojamande New Member in Splunk Search 07-21-2016 0 1	0	1
Lookup does not return data I am doing a small proof of concept on lookup command. I have a look up csv file with the table: env status d... by pramit46 Contributor in Splunk Search 07-21-2016 0 4	0	4
how can I troubleshoot logs not getting forwarded to indexers Hi, I have splunkforwarder installed to monitor garbage collection for glassfish servers A and B side. I have a dash... by maxruas Loves-to-Learn Lots in Splunk Search 07-21-2016 0 3	0	3
Combining multiple independent searches result into excel/csv file and send a single mail Hi, i have a requirement of combining multiple independent searches into a single excel/csv file and schedule a singl... by chintan_shah Path Finder in Splunk Search 07-21-2016 0 6	0	6
How to change the color of a bar if it is the highest value in the chart? Hi, I'm trying to figure out a way to change the color of one of the bars in a series to RED if that bar happens to ... by dbcase Motivator in Splunk Search 07-21-2016 0 5	0	5
In Advanced XML, can a search output to a collect? I have this code which is intended to just write one event to a tracking index when a user clicks a button: <module ... by lycollicott Motivator in Splunk Search 07-21-2016 0 1	0	1
How to overlap two bars in a Splunk chart? I have this search that counts the times a product has been purchased and the times the same product has been purchas... by luna23 Explorer in Splunk Search 07-21-2016 0 6	0	6
After upgrading from 5.0 to 6.4, getting a regex error issue at startup related to dashes, i think Bad regex value: '(?i) .*? (?P<foo-bar>\[a-f0-9]+\-[a-f0-9]+\-[a-f0-9]+\-[a-f0-9]+\-[a-f0-9]+)(?= )', of param: props... by gozulin Communicator in Splunk Search 07-21-2016 0 17	0	17
Finding the number of unique ip-addresses per country using geostats So what I have been able to do is display the total event count in each country/region using host="NC-CORP-3098-Acce... by jledinh New Member in Splunk Search 07-21-2016 0 2	0	2
Regex that covers both cases I have the following log events both on the same source log: Log 1: [21/Jul/2016:11:34:28 +0000] 99.125.125.201 "AB... by lpolo Motivator in Splunk Search 07-21-2016 0 6	0	6
timepicker and real time Hi friends I am using timepicker to select a time range, and pass it to dbquery command to search the database. Bu... by albertohontoria Path Finder in Splunk Search 07-21-2016 2 6	2	6
fields.conf Hi, I read the field.conf examples, but I still don't understand how to set it up. I am using Field Extraction from ... by lain179 Communicator in Splunk Search 07-21-2016 1 6	1	6
difference between NOT and != Hi fellow Splunkers, I just fell over the difference between "NOT src_ip=1.2.3.4" and "src_ip!=1.2.3.4" in a basesea... by Olli1919 Path Finder in Splunk Search 07-21-2016 0 3	0	3
how to remove characters from strings Hi all, I have some value under geologic_city fields as below, but it has some problems. For example, actually Ansha... by hqw Path Finder in Splunk Search 07-21-2016 1 2	1	2
How do I add days taken from a field to a date field? I have a field called "date"(2016-07-21) and a field called "countdown"(e.g. 30) which shows the number of days. How... by ZacEsa Communicator in Splunk Search 07-21-2016 0 3	0	3
Panels that use basesearch won't display different times I tried taking a look at this question: https://answers.splunk.com/answers/395258/how-to-specify-different-time-range... by hajducko Explorer in Splunk Search 07-20-2016 1 1	1	1
Append or join transactions Hi All, I have two different transactions. individually it works perfect but can some one help me to append the two ... by saradachelluboy Explorer in Splunk Search 07-20-2016 0 6	0	6
How to get the top 10 URL's visited by count and then sort those 10 URL's by sum(bandwidth) in ascending order. So basically what i need is 3 columns which contains the top 10 visited URL's with count sorted by highest bandwidt... by rsingh_splunk Splunk Employee in Splunk Search 07-20-2016 0 6	0	6
Specific Hour Search Anyone know splunk's built-in time variables? For example, I'm trying to create a search based on events occuring aft... by jsb22 Path Finder in Splunk Search 07-20-2016 1 10	1	10