Splunk Search

Community Activity

Different average with Realtime Alert when viewing events I'm having difficulty with my realtime alert. When the alert is triggered, it gives an average of 109, but when I vi... by zeophlite New Member in Splunk Search 05-09-2016 0 1	0	1
How to display more than 5 questions per page on Answers? In the last few days this site has changed to display only 5 questions per page. It's hideous. I'd rather scroll th... by richgalloway SplunkTrust in Splunk Search 05-09-2016 1 8	1	8
Combine results from subsearches Hello all, I'm a newbie to Splunk so I'm hoping someone can assist me figuring out how to accomplish the following. ... by ronaldsc New Member in Splunk Search 05-09-2016 0 10	0	10
How to extract multiple fields from one regex I try to extract several fields from my log but for some reason it does not work  Here is my props: [ev_event] EXTR... by efedoseeva Engager in Splunk Search 05-09-2016 0 2	0	2
Transaction endswith field breaks when I remove field from search, why? When I run this search, Splunk returns one item for the "transaction" eventtype=pageactions tag=external_traffic id=... by ra01 Path Finder in Splunk Search 05-09-2016 1 12	1	12
Field extractions: How to use same fieldname multiple times in a one long regular expression? There is a regular expression which is extracting a user field ( Field Extractor). This is basically a combination of... by saxenaamit New Member in Splunk Search 05-09-2016 0 4	0	4
Splunk 640: How to eval the difference between events' values Hello Everybody, I've a table (w/o the yellow column), as shown below. I want to eval another field (in yellow). It s... by htkwan Path Finder in Splunk Search 05-09-2016 0 4	0	4
How to check if data exist in coldidx or hotidx? hi say we have an index called as "my_network". the rollover period is 1 month to cold index. This needs to be teste... by koshyk Super Champion in Splunk Search 05-09-2016 0 3	0	3
How do I read all searches with a specific action in savedsearches.conf? I have created an alert with user name password fields such that the alert in savedsearches.conf has action.creds_tra... by GauriSplunk Path Finder in Splunk Search 05-09-2016 0 8	0	8
hide column where value = 0 Hello everyone ! I've two panels depending on time (timechart) : 1) index=XXX sourcetype="XXXXX" Severity="*" \|ti... by BaptVe Path Finder in Splunk Search 05-09-2016 0 2	0	2
Add results depending on different fields Hello, I'm looking to add the results of a count from different fields in one for a table: index=XXXX sourcetype=... by BaptVe Path Finder in Splunk Search 05-09-2016 0 7	0	7
How can I Rex to match until a string Hi folks, I'm new to regex and am struggling to extract a number from a field. I basically need the amount extracted... by mattodo Explorer in Splunk Search 05-08-2016 0 5	0	5
Why is there a necessity to have a different app - Splunk DB-Connect? Hi All, Im very new to DB Connect for splunk app. Please help me understand the below. Appreciate your help on this. ... by sarnagar Contributor in Splunk Search 05-08-2016 1 1	1	1
Whats the difference between chart and timechart command? Hi All, I understand that timechart uses _time as x-axis? But why cant we use \| chart count over _time instead of \| ... by sarnagar Contributor in Splunk Search 05-08-2016 0 1	0	1
fieldformat individually is a pain Related to my previous question on arbitrary lists of variables... sum(CPU*) seems to pull off an interesting trick ... by NickJLange Explorer in Splunk Search 05-08-2016 0 1	0	1
How do I subtotal processor utilization? Disclaimer: I'm not saying this particular example is useful analysis - I'm just not sure how to think about solving... by NickJLange Explorer in Splunk Search 05-08-2016 0 9	0	9
How to combine the results of a query to matching fields of a column of an inputlookup csv file? first search: index=prod \|table assetId,SIZE,FORMAT,_time,processingHint \|where assetId!="null"\|outputlookup assetId_... by nikhilhanda New Member in Splunk Search 05-08-2016 0 2	0	2
Regex for complex search string Search String - Promotion Created, Coupon Settings For PromoCode=121509PromoId=3550966 : 17429150\|Gillette\|111082\|99... by arunsubram Explorer in Splunk Search 05-08-2016 0 5	0	5
Is this the best way to add up all numbers in a given field? If I want to add up all numbers I have in the nr_external_recipients field for a particular event type, is this the b... by johanupwork New Member in Splunk Search 05-08-2016 0 1	0	1
How to tell the sort command to sort by numerical order instead of lexigraphical? I want the series to sort as 1,2,3,10,11,12 not 1,10,11,12,2,3. The sort functions do not seem to have any effect wh... by hulahoop Splunk Employee in Splunk Search 05-07-2016 1 4	1	4
Help with Stats based on Conditional Multiple Values - foreach (potentially) Here is my raw data: advisories=[Advisory@51046c2f[advisory=6,rule=LOGIN_3,passive=true], Advisory@2f9ea478[advisory... by shashi319 New Member in Splunk Search 05-07-2016 0 2	0	2
how to run splunk query programmateically Hi Experts , We are using Splunk UI to search Logged data. I am planning to create a java program and run queries t... by rohitgupta2476 New Member in Splunk Search 05-07-2016 0 1	0	1
Extract fields/subfields into table pipe and ":" delimited and name columns in fly My search string "[.Id.IdCreateService] - Promotion Created, Promotion Settings For PromoCode=121509PromoId=3550966 ... by arunsubram Explorer in Splunk Search 05-07-2016 0 1	0	1
Looking for new events Good Day Everyone, I"m trying to construct a search that will search our weblogs over a one hour period and report ... by richnavis Contributor in Splunk Search 05-07-2016 0 2	0	2
How is it possible to assign the result of the \| append [ subsearch ] in a constant? Hi, I have a search and an \| append [subsearch] which adds at the bottom of the results (see image) a new row with t... by skender27 Contributor in Splunk Search 05-07-2016 0 2	0	2