Splunk Search

Community Activity

How to create graph based on hardcoded hosts with data, but generate an error if any of the hosts show no data? All, I am trying to create a dashboard search to monitor if the named process is running on our name servers. I am t... by jpolachak New Member in Splunk Search 04-21-2016 0 2	0	2
Is it correct practice to leave an inline search untitled, and only set a title on the "parent" panel? I'm using Splunk (6.3.1) Web to create dashboards. My newbie workflow involves entering a search string in the Search... by Graham_Hanningt Builder in Splunk Search 04-21-2016 0 2	0	2
Best practice for representing bit flag fields in input data? Suppose I have a field that consists of a byte value, where each bit can represent a "flag": a property whose value i... by Graham_Hanningt Builder in Splunk Search 04-21-2016 1 7	1	7
Fill nulls based on previous value I have events that contain the following data: Time, Name, Value, Quality. The Quality value can either be "Good" o... by arramack Engager in Splunk Search 04-21-2016 1 4	1	4
Some form of Display for Counting Down Hi Everyone, I am looking for a way to display a downtime value. I am able to display the value in a single visualiz... by Stevelim Communicator in Splunk Search 04-21-2016 0 3	0	3
Is it possible to match one or more values to one variable in a regex? So I have log entries like the follow: 557 <134> 2016-04-20T10:33:05-04:00 PulseSecure: id=firewall time="2016-04-20... by agarrison Path Finder in Splunk Search 04-21-2016 0 3	0	3
regex help - transforms.conf The goal is to take my ohs logs and dump all except entries with IP addresses. IP's w/o images that is. I can get it ... by jlmoldan New Member in Splunk Search 04-21-2016 0 4	0	4
How to write a search to only display entries added in the last 24 hours based on a time field from a lookup CSV file? I have a .csv file as a lookup file that gets updated daily with new records. It has a number of fields, one being d... by ng87 Path Finder in Splunk Search 04-21-2016 0 5	0	5
"eval UsedMemory=(Avg_Memory/Total_Memory)" How do I know where the Avg_Memory and Total_Memory fields are coming from? I have a search which uses an eval expression for a calculation. eval UsedMemory= (Avg_Memory/Total_Memory) I wan... by PreetiKa Engager in Splunk Search 04-21-2016 0 4	0	4
How to deal with "quotes" in field values that are causing Splunk to have issues parsing field/value pairs? I'm having an issue with certain events that contain values with quotation marks in them. This is causing Splunk to ... by BT_Neophyte Explorer in Splunk Search 04-20-2016 3 2	3	2
How to edit my single regex for parsing multiple types of events in the same sourcetype? Hi All, I want a single regex for multiple types of events getting generated in my access logs. I have written the f... by pgadhari Builder in Splunk Search 04-20-2016 0 5	0	5
How to create a single chart showing % Processor Time and % User Time by host? I'm trying to create a single chart showing % Processor Time and % User Time by host My example so far: host="pvaw... by CSMounsey01 New Member in Splunk Search 04-20-2016 0 1	0	1
Anyone know of an efficient method to deploy Splunk UF v6.3.3 with Splunk_TA_Windows to several hundred Windows 2012 Servers? Hello All, Does anyone know of an efficient method to deploy Splunk UF v6.3.3 with Splunk_TA_Windows to several hund... by jl_Splunk Engager in Splunk Search 04-20-2016 0 2	0	2
How to search for an alert via rest with a name that contains spaces? I have an alert named e.g. "My Alert". How do I search for it in Splunk using the REST API? I can successfully sear... by danielpops Engager in Splunk Search 04-20-2016 2 5	2	5
How can I set a custom linemerge sourcetype event break regex to ensure that an entire event is ready to be captured Hi everyone, I have a monitored file that is appended to by a cron job. Sometimes splunk checks the file in the mi... by bestpa Explorer in Splunk Search 04-20-2016 0 11	0	11
Is "unknown sid" and "The search job 'xxxxxxxxxxx.xxx_xxxxxxxxxx-xxx-xxx-x-xxxxxxxxxx was canceled remotely or expired" really a "feature"? If I leave my Splunk WebUI dormant for a bit (I think about 30m), I get the following error message with scary, red, ... by proletariat99 Communicator in Splunk Search 04-20-2016 0 2	0	2
How apply a stats sum with a where condition? Need to sum a field value with a condition. For example, every log contains a field value pair "failedcount" with int... by intelsubham Explorer in Splunk Search 04-20-2016 0 3	0	3
Why is only one member of a search head cluster reporting "Maximum number of concurrent searches has been reached"? Recently started encountering issues where one node of a 4 node search head cluster starts reporting: SHPMaster -... by pkeller Contributor in Splunk Search 04-20-2016 0 1	0	1
How to write the regex to extract the domains from URLs? I have been through the field extractor, answers.splunk.com, and the interwebs looking for help on this one. So our ... by ccsfdave Builder in Splunk Search 04-20-2016 2 5	2	5
How to edit my stats search to get a sum of bytes per app and total sum for all traffic? I currently get events that shows bytes received from a router. What I'm trying to do is use stats to obtained a sum ... by ethanrulez80 New Member in Splunk Search 04-20-2016 0 1	0	1
operations or statistics on rows and cells in multi-line event table I have an entry in /var/log/messages which contains a string of multiple sets of 6 keypairs (pairdelim="," kvdelim=":... by tippy New Member in Splunk Search 04-20-2016 0 1	0	1
Add line numbers to multiline event using rex in sed mode Hi, Is there a way to use fields in rex expression? I would like to do something like this: \| eval num=1 \| accum n... by alon7786 New Member in Splunk Search 04-20-2016 0 2	0	2
How to create a new token by editing the value of a previous token in Simple XML? Hi Splunkers, I have pie chart with 2 values for the field state: "Active" and "Inactive" appended by percentage and... by evelenke Contributor in Splunk Search 04-20-2016 0 7	0	7
Using REST API search endpoints to retrieve a saved search SID and search results, why are no results returned? Hi All, I'm trying to build a mini SDK for the REST API using Golang (focusing on the search/saved search endpoints ... by ks2211 Engager in Splunk Search 04-20-2016 0 8	0	8
How to loop through all the values of a list, run the same search for each value, and finally combine the results? Hi, Here is an example. I have a list of IP addresses and for each IP address I need to find out all the hosts assig... by xiangtaner Path Finder in Splunk Search 04-20-2016 1 7	1	7

Get Updates on the Splunk Community!

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...

Splunk Search

How to create graph based on hardcoded hosts with data, but generate an error if any of the hosts show no data?

Is it correct practice to leave an inline search untitled, and only set a title on the "parent" panel?

Best practice for representing bit flag fields in input data?

Fill nulls based on previous value

Some form of Display for Counting Down

Is it possible to match one or more values to one variable in a regex?

regex help - transforms.conf

How to write a search to only display entries added in the last 24 hours based on a time field from a lookup CSV file?

"eval UsedMemory=(Avg_Memory/Total_Memory)" How do I know where the Avg_Memory and Total_Memory fields are coming from?

How to deal with "quotes" in field values that are causing Splunk to have issues parsing field/value pairs?

How to edit my single regex for parsing multiple types of events in the same sourcetype?

How to create a single chart showing % Processor Time and % User Time by host?

Anyone know of an efficient method to deploy Splunk UF v6.3.3 with Splunk_TA_Windows to several hundred Windows 2012 Servers?

How to search for an alert via rest with a name that contains spaces?

How can I set a custom linemerge sourcetype event break regex to ensure that an entire event is ready to be captured

Is "unknown sid" and "The search job 'xxxxxxxxxxx.xxx_xxxxxxxxxx-xxx-xxx-x-xxxxxxxxxx was canceled remotely or expired" really a "feature"?

How apply a stats sum with a where condition?

Why is only one member of a search head cluster reporting "Maximum number of concurrent searches has been reached"?

How to write the regex to extract the domains from URLs?

How to edit my stats search to get a sum of bytes per app and total sum for all traffic?

operations or statistics on rows and cells in multi-line event table

Add line numbers to multiline event using rex in sed mode

How to create a new token by editing the value of a previous token in Simple XML?

Using REST API search endpoints to retrieve a saved search SID and search results, why are no results returned?

How to loop through all the values of a list, run the same search for each value, and finally combine the results?

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

How to get an extract of threshold values set in s...

how to query OCI Audit logs from Datasafe

SPLUNK ES 8.2.3 Drill Down not appearing

Using Splunk to Analyze Web Traffic & Machine-Gene...

How can i export a list of all services in APM

Splunk Search

Join the Conversation