Splunk Search

Community Activity

How to edit my lookup search to display multiple fields after matching domains in a CSV file? Scenario: I am matching dns queries to the domains listed in malware_domainsdm.csv. The .csv has multiple fields th... by packet_hunter Contributor in Splunk Search 04-15-2016 0 2	0	2
Using an iframe to embed a report on a website, the bar chart visualization shows, but why is the table of data missing? Hi I created a report with Table data and bar chart together. When I embed this report and use iframe codes in the... by samarkumar Path Finder in Splunk Search 04-15-2016 0 1	0	1
How to count a sum of events since a specified time? How to count how many events are over 1 yr old? And better yet, how to show a pie chart comparing against the entire... by ssackrider Explorer in Splunk Search 04-15-2016 0 2	0	2
How do I filter my search using inputlookup with a CSV file? I have created a search that searches for any Windows logon events in my environment. index=windows EventID=528 OR... by jj85 Engager in Splunk Search 04-15-2016 0 3	0	3
How to create a summary index to compare data with daily? Good afternoon, everyone I'm looking for a solution for my idea like this: Today, I want to create a first baseline ... by phudinhha Explorer in Splunk Search 04-15-2016 0 2	0	2
How to filter a search by a time field in hhmm format? I need to calculate some MTTR numbers based on NOC work shifts. In particular these shifts: First Front: Sun-Wed 07... by hmdoan Explorer in Splunk Search 04-15-2016 0 1	0	1
How to count all occurrences of certain strings from subsearch results? I have text that is not well formatted, and I'm looking for occurrences of some text. In one spot, the text is easy t... by lessard Engager in Splunk Search 04-15-2016 0 2	0	2
External command configured automatic I wrote an external command to just adjust the timezone and reformat _time and return a new field. It is a very simpl... by rdownie Communicator in Splunk Search 04-15-2016 0 1	0	1
How do I extract a field from my data in a search? I want to extract the ip address as field ipaddress in a search. 04-15-2016 05:34:01.228 -0400 ERROR HttpClientReque... by sim_tcr Communicator in Splunk Search 04-15-2016 0 1	0	1
How do I add extra fields to a "chart count over fieldA by fieldB" search? In the earthquake example at the bottom of the chart help page (http://docs.splunk.com/Documentation/Splunk/6.0.9/Sea... by rjrcooper New Member in Splunk Search 04-15-2016 0 2	0	2
ERROR DispatchCommand : maximum disk usage quota has been reached Hi,In my appname/local/ dir,authorize.conf's configuration information: [default] srchDiskQuota = 20000 srchJobsQu... by ray_cao Engager in Splunk Search 04-15-2016 0 4	0	4
Has anyone implemented a Motion Chart or Small Multiples using D3? I'm looking for a way to to implement a motion chart and small multiples with my Splunk data. I know the D3 library ... by fdarrigo Path Finder in Splunk Search 04-14-2016 0 2	0	2
How can I extract a timestamp from a specific CSV field regardless of format? Hi all, I have a CSV file that could look like this: Ticket-ID,User ID,Site ID,Site City,Site State,Create_date,Mod... by j2bohan New Member in Splunk Search 04-14-2016 0 1	0	1
How to place and sort data in a table for a single event based on the field names? Hello, I'm having trouble breaking apart an event into a chart. I have an event with 15 data points. The field ti... by waldez Engager in Splunk Search 04-14-2016 0 6	0	6
Help understanding the commands - Search vs Where after first pipe Hi , Can you help me understanding "search" vs "where" command after first pipe. Is there any performance impact beca... by Kukkadapu Path Finder in Splunk Search 04-14-2016 0 5	0	5
how to sum all average values within the hour and timechart only the latest? I guess my question is a little hard to explain... so let me start by giving you an example of the data I'm working w... by kamgineer Explorer in Splunk Search 04-14-2016 0 6	0	6
How to extract all occurrences of a field from JSON with a repeating structure? I have the following JSON and am looking to extract all of the occurrences of Lat and Long. I have used a macro defi... by roshannon New Member in Splunk Search 04-14-2016 0 1	0	1
How to sum the count of two fields when they have the same value? I have data where each event has two fields to show the source and destination city of a package.I can get the count ... by lyndac Contributor in Splunk Search 04-14-2016 1 5	1	5
Use different Regex in one search Hello I have a dashboard with a radio-button input. Depending on which value is selected, I want to use a different ... by tgdvopab Path Finder in Splunk Search 04-14-2016 0 1	0	1
How to add two fields together based on a condition? Background Information: I have an index from a tool that is being fed into Splunk. The tool has a score field and a ... by SplvnkGirl New Member in Splunk Search 04-14-2016 0 8	0	8
How do I take the ratio of (sum of 2 categories) / (total categories)? Though this question seems similar to the other discussions, I'm having a hard time relating to them. A network serv... by at999 New Member in Splunk Search 04-14-2016 0 10	0	10
How to get stats average with a where clause in the same search? If I run this search: index=main sourcetype=Metrics MEASUREMENT_POINT_NAME = "Test" \| stats avg(ELAPSED_TIME) I ge... by justinrowan Explorer in Splunk Search 04-14-2016 0 5	0	5
Why am I not getting results running a search on an extracted field? Hi at all, I have a very strange behavior in one of my searches: I extracted a field from a raw as a part of a word... by gcusello SplunkTrust in Splunk Search 04-14-2016 0 2	0	2
How do I convert binary files to human readable format? I'm getting this error in Splunk: 04-13-2016 11:13:58.607 -0500 WARN FileClassifierManager - The file '/opt/wasserv... by prakash007 Builder in Splunk Search 04-14-2016 0 2	0	2
Calculating percentage and placing in a radial gauge I am trying to a radial gauge to report a percentage. I've built my search and the field that I want to report on ha... by ronmurphy New Member in Splunk Search 04-14-2016 0 3	0	3