Splunk Search

Community Activity

How to filter search results by most recent timestamp by host I want to create a search that will look over the last 30 days of vulnerability events and only retain those events t... by responsys_cm Builder in Splunk Search 07-18-2016 0 4	0	4
Returning field from subsearch to eval displays no returned rows in table I am attempting to return a field from a subsearch into an eval statement. No errors are thrown, but when the table p... by mcgi906 Explorer in Splunk Search 07-18-2016 0 6	0	6
How can you use max with streamstats? I have a list of events which are watermarks for customer activities. The data look like this: Date/Time Custo... by Kenshiro70 Path Finder in Splunk Search 07-18-2016 0 5	0	5
"Scheduler.log" Alert Efficiencies & Field Meanings Hi, I'm trying to determine the efficiency of alerts within Splunk. I was wondering if anyone knows which particular... by danielbarr Explorer in Splunk Search 07-18-2016 0 3	0	3
Using time range picker does not work in dashboard where report searches are used. I have a dashboard where we have a reference to a report in a search. In the report we have values for all time range... by praspai Path Finder in Splunk Search 07-18-2016 0 7	0	7
How to write a search to graph average time by site specific location using my sample data? I'm trying to graph the average time of an event: July 18, 2016 10:02 -> INFO -> Done with sync of project-high-med-... by XtC Engager in Splunk Search 07-18-2016 0 3	0	3
Dedup all redundant data in a column...having an issue I am new and learning Splunk. I created a search where multiple time stamps are revealed in a column. I'd just like... by infra2sec Path Finder in Splunk Search 07-18-2016 0 10	0	10
Upgraded to 6.4.1 and patterns tab and download button are not appearing after users run searches Hi, We just upgraded to 6.4.1 and some users are now stating that they are not seeing the "Patterns" tab after searc... by a212830 Champion in Splunk Search 07-18-2016 0 2	0	2
Search not working after upgrade to 6.2 I have a dashboard that has been working fine while using Splunk version 5. We just upgraded to 6.2 and the search i... by chadman Path Finder in Splunk Search 07-18-2016 0 8	0	8
Extracting from log file I have the following custom log file 2016-07-15_05:58:57.5857-est label="adbcf" lastmodifiedtime="2016-07-15_05:58:5... by nravichandran Communicator in Splunk Search 07-18-2016 0 7	0	7
How do you average multiple stats values at one time stamp as a timechart? I have multiple values connected to a timestamp at 5 minute intervals and I want to get the average of these multiple... by amandaxtru Engager in Splunk Search 07-18-2016 0 16	0	16
subsearch on more than two strings I have three source types I want to search using a user's username. One of the source types only knows the user's IP ... by daishih Path Finder in Splunk Search 07-18-2016 0 14	0	14
Links to RSS feeds or newsletter Hi Guys! This is not a technical question rather an organizational. A few years ago I have added a RSS feed for sec... by RobertRi Communicator in Splunk Search 07-18-2016 0 3	0	3
Most common and most expensive searches run by users I need to find out what are the most common searches are run by users on daily basis. Also what are the most expensiv... by shahzadarif Path Finder in Splunk Search 07-18-2016 0 5	0	5
Unable to find Dynatrace headers in Splunk I have Dynatrace monitoring all of the instances of my application. I send Loadrunner requests which append a Dynatra... by zkn9ce6 New Member in Splunk Search 07-18-2016 0 1	0	1
how can i modify multivalued field? hi, how can i change the content of multivalued field using regex. i have a multivalued field and i try to modify th... by sfatnass Contributor in Splunk Search 07-18-2016 0 2	0	2
csv files can't ignore headers Dear all, Actually working on csv files on Splunk (v6.2.3), i have such troubles to index them correctly, contains... by mmekroud Explorer in Splunk Search 07-18-2016 0 2	0	2
How do I search who is exporting aggregate data from my log files? I am fairly new to Splunk and hoping someone could help with this. I have Index log files loaded onto Splunk, so to b... by ATMO1 New Member in Splunk Search 07-18-2016 0 11	0	11
Find and filter out entries from log I want to process log file which contains numeric entries like eg 232231XX 232313XX 332133XX 411111XX 522222XX 734... by tp92222 Explorer in Splunk Search 07-18-2016 0 6	0	6
Can you split a multi [n] value json attribute in to seperate rows? I have the following json {"timestamp":"2016-07-14T10:26+01:00","venture":"abc","totalRooms":3,"rooms":[{"key":"ROOM... by nickhuge New Member in Splunk Search 07-18-2016 0 3	0	3
convert timerange to epoch values Hello! I want to use my timerange as a filter in a search on a dashboard, like this: ..... \| where mydate < $tim... by 0range Communicator in Splunk Search 07-18-2016 1 6	1	6
inner search for multiple results I have this type of events: event1 activity1 data1 date1 event2 activity1 data2 date2 event3 activity1 data3 date3 ... by marcus_doron New Member in Splunk Search 07-18-2016 0 5	0	5
Retaining Colors in PDF report Hi, We have a dashboard with couple of charts. The dashboard is developed using simple XML. We have set colors for t... by strive Influencer in Splunk Search 07-17-2016 4 1	4	1
Splunk for Exchange: Not indexing message tracking logs Splunk for Exchange v2.1.0 on Splunk v5.0.2 main search head and indexers. Running splunk universal forwarder v5.0.2... by SheridanCollege Explorer in Splunk Search 07-17-2016 0 2	0	2
Are wildcards with tstats on accelerated data models not possible? I'm running a search that is something like this: \| tstats values from datamodel=foo When the datamodel is not acc... by Goophy Explorer in Splunk Search 07-17-2016 1 13	1	13