Splunk Search

Community Activity

Why is my automatic lookup not populating a field? Hi, Usually lookups aren't an issue, but today seems it is. I'm hoping this is just a pebcak  This is the first... by cdstealer Contributor in Splunk Search 06-15-2016 0 2	0	2
Should a search head cluster rolling restart kill searches in Splunk 6.3.0? I changed alert_actions.conf [email] in an app that is pushed to the Search Head Cluster by the deployer which initi... by davebo1896 Communicator in Splunk Search 06-15-2016 0 2	0	2
Should we add metadata...? Hi, I read this blog, which was great. I noticed that the app being mentioned - https://splunkbase.splunk.com/app/29... by a212830 Champion in Splunk Search 06-14-2016 0 5	0	5
How to do a lookup on multiple values in a text file on an HTTP URL? I have a requirement to be implemented in Splunk. Facts: I am a newbie to Splunk. Problem Statement: a. There is a... by vivekriyer Explorer in Splunk Search 06-14-2016 0 2	0	2
How to change the value of a field with information from another field? Suppose that there is a log with two fields, userName and phoneNumber, the structure is like: userName \| phoneNumb... by Tachines New Member in Splunk Search 06-14-2016 0 3	0	3
How do I interpret these Bonnie++ results? Hi All, I have read a few threads in the Answers forum and in a number of them, it states that Random Seeks == IOPS.... by keithyap Path Finder in Splunk Search 06-14-2016 0 3	0	3
How to incrementally subtract values to calculate duration Hi all, I'm running a search which outputs something like this, ( where time_diff is the date the code was loaded, s... by raby1996 Path Finder in Splunk Search 06-14-2016 1 3	1	3
How to change values in a column based on a value in a different column in the same row? Hi, I have a requirement: My table data shows like this: ACCNO STATUS TYPE CODE 123 A GOL ... by mprreddy51 Explorer in Splunk Search 06-14-2016 0 1	0	1
How to group by host, then severity, and include a count for each severity? I know this is probably very trivial to most, but I am a pretty new user. I am struggling quite a bit with a simple t... by _smp_ Builder in Splunk Search 06-14-2016 0 7	0	7
What's the difference between host=abc and host::abc Hi, Was reading some doc (http://docs.splunk.com/Documentation/Splunk/6.4.1/Search/Writebettersearches) and it menti... by a212830 Champion in Splunk Search 06-14-2016 0 4	0	4
Why am I unable to convert my addcoltotals value of MB to TB using eval? Hello Splunk Ninjas I'm trying to convert my addcoltotals of MB to TB using the eval statement which does not work..... by dean1 New Member in Splunk Search 06-14-2016 0 2	0	2
How do I get my search to return all associated sessionIDs based on user input with values that can be in 3 different formats? Hi, I have something like the following which gets logged: sessionId=A,phone=4155550123 sessionId=B,phone=141555501... by servlette Engager in Splunk Search 06-14-2016 0 6	0	6
Transaction with different values of the same field Hello, I have the log like below : Jun 13 10:18:59 Debug: IID 917966106 done Jun 13 10:18:59 Debug: IID 917967047 a... by sieutruc Contributor in Splunk Search 06-14-2016 0 6	0	6
Help with case statement affected by a transaction Each of the events in my log files has a data value for example, Data = a I am using a transaction to group my events... by jxiongjx Engager in Splunk Search 06-14-2016 0 2	0	2
How to count how many times users came? Data sample : Date;User "2016-04-01 09:31:05";"john.doe@gmail.com "2016-04-01 09:31:06";"jessica.doe@hotmail.com "20... by splunkreal Influencer in Splunk Search 06-14-2016 0 2	0	2
Help with Rex or RegEx: How do I extract all lines after a string? So my email using the iMail Mailbox comes in with headers like this. I need everything after the "___________________... by arrowecssupport Communicator in Splunk Search 06-14-2016 0 4	0	4
How to refer to a post-process base search from append subsearch queries in a dashboard? I have a base search in my dashboard that refers to a scheduled search: <search id="Base_Search" ref="Scheduled_Repo... by ishaanshekhar Communicator in Splunk Search 06-14-2016 0 3	0	3
How to expand 500 limits event for Transaction command? When I run transaction command, some transaction may be more than 500 events but splunk split it to a set of 500 even... by TheGU Path Finder in Splunk Search 06-14-2016 2 4	2	4
Why am I unable to make a dashboard from the "Search" App global with error "Could not find writer for : /nobody/search/views/ [0] [E:\Splunk\etc]"? New to Splunk. Created a custom dashboard using Search App, but it is private. When I am trying to make it Global, I ... by jcpsupport New Member in Splunk Search 06-13-2016 0 1	0	1
Count the movement (add remove) of hosts If I add 1 host and remove another host in a month, the stats will be the same and the delta zero but we had movement... by smudge797 Path Finder in Splunk Search 06-13-2016 0 3	0	3
How to exclude certain fields from search results? I would like to exclude certain fields from search results and keep the rest of the information (not discarding the e... by Yaichael Communicator in Splunk Search 06-13-2016 0 2	0	2
Assign a string to a Variable in Search Bar I would like to assign a string to a variable, like valid ="error" then use the variable with the stats or timechart ... by vkakani60 Path Finder in Splunk Search 06-13-2016 0 5	0	5
How to get average event size... Is there a quick way (metadata? tstats?) to get the average event size for my events? Querying every event would tak... by a212830 Champion in Splunk Search 06-13-2016 0 6	0	6
Using If then in combination with case I would like to create a new tag field based on multiple conditions. I think I have figured out how to specify my con... by kennyja Explorer in Splunk Search 06-13-2016 0 4	0	4
Can I determine the size of a source without reading the entire source? Hi, I'd like to determine the size of certain sources, but don't want the overhead of reading the entire file. Is t... by a212830 Champion in Splunk Search 06-13-2016 0 3	0	3