Splunk Search

Community Activity

How do I search with a self adjusting time? So on the GUI I have been looking at the various time pickers . . . specifically "Date & Time" and "Advanced". I see... by fmerrow New Member in Splunk Search 05-02-2016 0 2	0	2
How do I get the right pie chart based on a group count? If have the following search in Splunk: sourcetype = Tweets \| stats count(eval(match(text, "string1"))) AS "string1"... by malderhout New Member in Splunk Search 05-02-2016 0 4	0	4
How to create a timechart with the count of open events that did not have a closing event within a certain time frame? Hi there, I have events which indicate opening and closing of an event. I want to see the amount of open events (th... by lordadmiral New Member in Splunk Search 05-02-2016 0 4	0	4
How to replace the value of field for another field value if a certain condition is met? I feel like this should be easily done with eval, but it doesn't seem to be working for me! I have data sets that in... by hcannon Path Finder in Splunk Search 04-30-2016 0 3	0	3
Is there a method to provide the app context to a CLI export search? Is there a method that I can provide the app context to a cli export search? I have a savedsearch called "GetLogins"... by Lucas_K Motivator in Splunk Search 04-30-2016 0 1	0	1
How to monitor Splunk 6.4 performance? Should be possible to determine the resource in use by each search or dashboard (mem, cpu...) by arkonner Path Finder in Splunk Search 04-30-2016 1 1	1	1
How to search all transactions existing in one payload and not present in another? Hi, Task: 2 different log files (source types). I want to find all transactions from first payload and check which o... by maxiva01 Engager in Splunk Search 04-29-2016 1 1	1	1
How to group by count with a stacked chart? I have the following search... index="server_inventory" NOT "OS Name"=enclosure NOT "OS Name"=na NOT "OS Name"=unk... by r34220 Explorer in Splunk Search 04-29-2016 0 2	0	2
Is there any tool to automatically format a Splunk search to make it readable? Hi, Do you know of any tool to beautify/format a Splunk search to make it readable? Thanks. by Kukkadapu Path Finder in Splunk Search 04-29-2016 0 4	0	4
Top values of each span on a timechart Hi, We want the following search, but for each span of time: index=test_index \| chart sum(REQTIME) as reqtime by ur... by dsmc_adv Path Finder in Splunk Search 04-29-2016 0 8	0	8
How do I add additional fields to my table? I have a simple table showing the dropped links on my switches: this is generated by the following search: DellEven... by bharrell Path Finder in Splunk Search 04-29-2016 1 2	1	2
A search that makes searches and executes them So I have this search that I believe makes other searches from a list of regexs that I have stored in a csv. [ \| inp... by rkoster Explorer in Splunk Search 04-29-2016 0 5	0	5
How to correlate DNS values between 2 indexes? Dear Splunkers, I have an index with Windows DNS Logs, where I extract the requested record in to a field --> dns do... by nts_cseidl New Member in Splunk Search 04-29-2016 0 1	0	1
How to edit my search to convert epoch _time headers and display all columns instead of combining some results as "Other"? Hi This is my current search: chart count(TYPE) over TYPE by _time I only get 10-12 columns, the rest is put in O... by mortenb123 Path Finder in Splunk Search 04-29-2016 0 3	0	3
Trying to search by CIDR but getting no results So I did a search by one IP in this range, and I get matches. My thought was to try searching for any IP in the whol... by bworrellZP Communicator in Splunk Search 04-29-2016 0 6	0	6
How to use earliest twice in one search (subsearch)? I want to do something like this: index=* sourcetype=files (earliest="1459455814.788302" filename=hello.exe) OR (ear... by thisissplunk Builder in Splunk Search 04-28-2016 0 6	0	6
Can Splunk be used to search and index web pages Would like to index web page contents in Splunk. Is this possible? by lwilliams5301 New Member in Splunk Search 04-28-2016 0 2	0	2
How to select only specific events from the search to do stats on? Need a way to select only specific events from the list of events, so here the example I have a query on iis logs whi... by reachskhm New Member in Splunk Search 04-28-2016 0 8	0	8
Why is my search not populating the visualization tab with data? When I run this search, everything runs fine, but I don't understand why my visualization tab does not populate. Does... by rwells Engager in Splunk Search 04-28-2016 1 1	1	1
How to create a chart with static values from log file? Hi I have extracted 2 fields from log file & now I have to show a chart based on these 2 values. How can I do that? ... by ketanadkar1 New Member in Splunk Search 04-28-2016 0 2	0	2
Why am I getting this error in the search.log when extracting Hive data in Splunk? I am getting the below error in the search.log when I am extracting hive data in Splunk. I am using thrift metastore ... by maximus_reborn Path Finder in Splunk Search 04-28-2016 1 8	1	8
How to write a search to only list servers that are sending logs to Splunk with two types of error messages? Hi, I have server message logs sending to Splunk. Eg 1000 servers sending logs at a time. Wanted to find a way to ... by sreejithchmd New Member in Splunk Search 04-28-2016 0 2	0	2
How do I extract this value from my sample data? How to extract fdd1895d-63e9-4be2-b78b-ec784b00754f from below: 2016-04-28 15:12:56,939 GMT [transaction_id=20160428... by javaj2e11 New Member in Splunk Search 04-28-2016 0 1	0	1
How to extract a value of a field, when the field contains quotes(") Inside? I have an index with multiple fields, however one of my field could contain multiple quotes. Id="0001", Message="Th... by icquintos New Member in Splunk Search 04-28-2016 0 7	0	7
need to extract two values from two lines and display as table I am trying to get two files milli seconds from one line and merchant id from another line from the same tomcat tr... by sukundur Engager in Splunk Search 04-28-2016 0 11	0	11