Splunk Search

Community Activity

How do I create a stacked bar graph with 2 fields? Hi, I am trying to create a stacked bar graph, using 2 fields. First field is Level, second field is Urgency. I wa... by jhoang Path Finder in Splunk Search 07-04-2016 1 4	1	4
Why is a multikv field null, even if it is not empty? I'm trying to extract data from events which contain a table: RAW Data Table # \| INST_ID \| STATISTIC ... by FritzWittwer_ol Contributor in Splunk Search 07-03-2016 0 3	0	3
Streaming and non streaming commands Can someone explain exact difference between streaming and non-streaming commands in laymen terms? Thanks by splunkn Communicator in Splunk Search 07-03-2016 1 3	1	3
How to extract selective fields from our log files in CSV format at index-time? I would like to know how could I extract selective fields at Index-time from our log files which are in CSV format. L... by shahzadarif Path Finder in Splunk Search 07-03-2016 0 6	0	6
Referring to array elements by index Hi, I am trying to take each field out of array in json, can someone please help? My problem is that I want the eleme... by psable Explorer in Splunk Search 07-02-2016 0 3	0	3
Is there any way to delay bucket-fix activity performed by the master when an indexer goes down unintentionally? Hi, We have a cluster of 3 indexers with replication factor of 3 and search factor of 2. Just curious to know if we... by fatemabwudel Path Finder in Splunk Search 07-02-2016 0 5	0	5
Can we get query's perfomance data? We are looking for ways to find out how long a query has been running, performance stats / total run time etc. So f... by ddrillic Ultra Champion in Splunk Search 07-02-2016 0 2	0	2
Why is the predict command producing unexpected results with my current timechart search? I have volumes that are ingested into Splunk for the past 6 months Need to predict the volumes for the following per... by kishorksudha Explorer in Splunk Search 07-02-2016 1 2	1	2
Regex for filter in creating pivot Hello, I need to create a pivot where I need to filter the records based on the starting characters of string field ... by jpcool New Member in Splunk Search 07-01-2016 0 2	0	2
search query with table. Hi all, I have the fields unit, user, work from the result set: unit user work a kiran w ... by kiran331 Builder in Splunk Search 07-01-2016 0 3	0	3
Splunk query help - CPU Load - Need to change query for negative values Hi, We have splunk query to find CPU load like \| eval pctCPULoad=round(100 - pctIdle,2) , and we used condition if... by splunker9999 Path Finder in Splunk Search 07-01-2016 0 2	0	2
How can I extract breakable_text properly? Hi everyone, I have many logs in the following format as an example Timestamp: 6/27/2016 8:40:25 PM Message: Matc... by ew09 New Member in Splunk Search 07-01-2016 0 4	0	4
Problems opening a search on an APP... When I try to open a search for an app that is not the "Search" gives the following result: . . I imagine my ot... by renanprado96 Path Finder in Splunk Search 07-01-2016 0 3	0	3
Regex Help Needed I am not an expert with regex and I am trying to extract a field name= First, Last out of the following string user=... by ttchorz Path Finder in Splunk Search 07-01-2016 0 9	0	9
Splunk Dynamic Query Hi, I am trying to make a dynamic query and seams not working as expected: First i load a saved search \| savedsea... by ffr03 Explorer in Splunk Search 07-01-2016 0 4	0	4
How can you add a value from the header of a file into the various rows? I'm drawing in multiple files that look something like this... and I need to be able to distinguish between data draw... by pcawdron Explorer in Splunk Search 07-01-2016 1 5	1	5
how to get the number of logins per user for the past 30 days? We want to know how to get the number of logins per user for the past 30 days? and also, if there is a metric we can ... by kiran_mh Explorer in Splunk Search 07-01-2016 0 3	0	3
How can I correlate access logs with a malware domain list in CSV format? Hello Guys, I am VERY new to Splunk and security. I actually started to work on a security project where we want to ... by papemalik Explorer in Splunk Search 07-01-2016 0 2	0	2
Is our single 32 core search head the reason why both of our 8 core indexers are getting overloaded with searches? Hello guys, We just started using Splunk within Azure and spun up two standard_a4 machines to serve as our indexers... by dondky Path Finder in Splunk Search 06-30-2016 0 3	0	3
How to compare 2 fields in an index to 1 field in a lookup? I have a field named HASH which contains hash values and I would like to compare it to md5 and sha256 (name of the ot... by ashishlal82 Explorer in Splunk Search 06-30-2016 0 5	0	5
lookup help I have a lookup table, and then I added another field to the table (csv) The original table contained some of the fo... by mcbradford Contributor in Splunk Search 06-30-2016 0 2	0	2
How to extract the email_id from my sample event, then use the sendemail command to send the event to the extracted email? Hi, I have events as below, 2016-06-29 16:05:13,994 ERROR host=localhost service=check_process state=alert descript... by rajeshbikram New Member in Splunk Search 06-30-2016 0 1	0	1
What is the proper syntax for the shared time picker token in my search string? I am currently ingesting my vulnerability scan reports into Splunk, but we receive more results than scanned as there... by Makinde New Member in Splunk Search 06-30-2016 0 1	0	1
splitting key/value pair from a field without space Hi, One of my field is dc_size, which has value "US_0UK_9SG_20CA_5". Please let me know how to split it to key valu... by anasar New Member in Splunk Search 06-30-2016 0 2	0	2
Radius Accounting Data Timestamping events Might be related to https://answers.splunk.com/answers/168995/how-to-write-regex-to-identify-and-use-time-field.html ... by anthonysomerset Path Finder in Splunk Search 06-30-2016 0 4	0	4