Splunk Search

Community Activity

What is the difference between fieldformat and eval operation time conversion? I am able to see that the following search returns the same result for fieldformat as well as eval time conversion op... by splunkn Communicator in Splunk Search 07-12-2016 1 5	1	5
Transaction duration in Splunk Hi All, Transaction duration based on thread name. I wrote the below search: index="p" sourcetype="x" \| transaction... by saradachelluboy Explorer in Splunk Search 07-12-2016 0 5	0	5
Creating Bar Chart for SSH logs Hi Team, We are trying to create a bar chart from secure log. The ultimate goal is to plot the accounts (top 10) use... by akashjohn Explorer in Splunk Search 07-12-2016 0 4	0	4
How can I get a count of words in an event? All, Weird search. How can I get a count of words in an event? e.g. _raw = "Hello world. Hello state. Hello Franc... by daniel333 Builder in Splunk Search 07-11-2016 0 3	0	3
How to edit my search to chart a trend line over time? I am trying to use the below search and plot a graph for the TPS field. So, if I draw a chart with the TPS values ov... by koushiknandan New Member in Splunk Search 07-11-2016 0 9	0	9
How to find where an extracted field was created that appears in searches? Trying to find where a field was created that appears in a search against our BlueCoat proxy logs. The field is s_... by tlmayes Contributor in Splunk Search 07-11-2016 0 7	0	7
How to extract a substring based on its position within a field? I have a field that is of the form /Code153:4:Item1,Item2,Item3,Item4/Code211:2:Item5,Item6 where I need to extract a... by mcgi906 Explorer in Splunk Search 07-11-2016 0 1	0	1
How to Group Events at Index Time? I want to tie together 2 events at index time the same way I would tie them together at search time using the transac... by skoelpin SplunkTrust in Splunk Search 07-11-2016 0 4	0	4
Search for items not matching values from a lookup I have this search which basically displays if there is a hash (sha256) value in the sourcetype= software field =sha2... by ashishlal82 Explorer in Splunk Search 07-11-2016 0 8	0	8
Can I format the y-axis on a chart to properly display military time? I'm using the following to chart job end times over date: index = ironstream MSGNUM = "IEF404I" ( JOBNAME = TZRPD85 ... by szimmer661 Explorer in Splunk Search 07-11-2016 0 6	0	6
Why am I unable to return any results with the appendcols command? I have a search where I get a value "SplitID" that, along with another ID, gets put into a table. However, I am using... by mcgi906 Explorer in Splunk Search 07-11-2016 0 2	0	2
How to visualize a sum of simultaneous occurring events in a timechart with a start_time and stop_time? Hello, I have a series of events with a JoinTime field and a LeaveTime field. Each of these events essentially repr... by adacpt Explorer in Splunk Search 07-11-2016 0 6	0	6
Why am I unable to get results for the second stats in my search? I have a log file with rows for each transaction in a request sequence, each identified by msg_id. I'm trying to get... by David_Hodgson Engager in Splunk Search 07-11-2016 0 3	0	3
How do I merge data with the same values in a table entry? See the attached picture: I am looking at a count of data for deliveries from 2 months ago and the previous months. ... by voninski New Member in Splunk Search 07-11-2016 0 9	0	9
How to find the origin and regular expression of an extracted field I use in Splunk? We have a field called Response_Size which we cannot find. I looked in the Settings>Fields>Field Extractions and sele... by skoelpin SplunkTrust in Splunk Search 07-11-2016 0 6	0	6
What is the best way to generate and download a PDF after a search automatically? Hi guys, I want to download a PDF after search automatically, but the search is produced by crontab, so I need to ge... by Buscatrufas Path Finder in Splunk Search 07-11-2016 0 1	0	1
Can I use an eval if statement to create a new field based on a value? I would like to use an if statement to create a new field based on a value. Something like if field1=0 and field2=0,... by chadman Path Finder in Splunk Search 07-11-2016 0 4	0	4
How to add values to a chart with another color based on a certain value? I have a chart that show some ping times. I would like to show values with "NA" as red in the chart and set their val... by chadman Path Finder in Splunk Search 07-11-2016 0 3	0	3
I've configured inputs.conf for a Splunk forwarder on Windows, but why do I get no data searching for that host? Hi, I'm evaluating Splunk for the first time. I installed a forwarder on a Windows server and I configured the input... by kemmlli Explorer in Splunk Search 07-11-2016 0 16	0	16
When searching two indexes, how do i refer to a field from a specific index? My search is on two indexes. I want to be able to refer specifically to a field value from one of the indexes and not... by khubyarb Path Finder in Splunk Search 07-11-2016 0 4	0	4
How to get disabled server status on the basis of time compare query. Hi, I have a log with number of entries for many servers like- Time1 user1 server1 statusdown Time2 user2 server2 st... by Anshumaan12 New Member in Splunk Search 07-10-2016 0 2	0	2
Find common entries in two different sources Hi, I have data that looks like this Source1 PREMISE,CREATION_DATE,RESULT_TIME 111111,20160621111111,20160621111211... by dbcase Motivator in Splunk Search 07-09-2016 0 8	0	8
Why is the where clause case sensitive against field values when part of an inputlookup search? It appears that the where clause is sensitive to the case of field values when invoked as part of an inputlookup comm... by dstaulcu Builder in Splunk Search 07-09-2016 0 2	0	2
How to create a chart overlay from 2 stats searches with no time series data? sourcetype=pbs:rg OR (sourcetype=pbs:status state!=free AND state!=job-* tag=sasl0002) \| foreach resources_available... by mjones414 Contributor in Splunk Search 07-09-2016 1 1	1	1
How to use two lookups for comparison Hi All, Here is my requirement: I have 100 values (abc1,def1,....etc) in lookup1 and 100 values in lookup2 (ABC1,DE... by mprreddy51 Explorer in Splunk Search 07-08-2016 0 8	0	8