Splunk Search

Community Activity

What is the syntax for rolling hot buckets to warm via cli? What is the syntax, please? by the_wolverine Champion in Splunk Search 04-20-2016 1 5	1	5
Is this the correct way to extract successful and failed logins from /var/log/secure in a search? I need help with the regular expression for field extraction of login status: Successful: source="/var/log/secure"... by sureshsala Explorer in Splunk Search 04-20-2016 0 4	0	4
How to show all sources for each index? Hello, I'm searching to show all source from indexes on a search form. I'm able to extract the list of indexes with... by BaptVe Path Finder in Splunk Search 04-19-2016 0 4	0	4
How to inputlookup on a field that is "rex" generated? Hi, I have two pieces of data: 1. a list of IP addresses stored in a lookup table host2ips.csv; 2. a source where IP... by xiangtaner Path Finder in Splunk Search 04-19-2016 0 2	0	2
calculate the days between 2 dates this is my search: \| makeresults count=2 \| eval start=relative_time(now(),"@d") \| eval start_string=strftime(star... by HattrickNZ Motivator in Splunk Search 04-19-2016 0 2	0	2
How to search if a string exists in a variable number of columns? Hi, I have multiple columns (number of columns may vary) and wanted to search a string if it exists in any of the c... by Kukkadapu Path Finder in Splunk Search 04-19-2016 0 6	0	6
Splunk Search Head : "Search not executed: The minimum free disk space (5000MB) reached for /opt/splunk/var/run/splunk/dispatch" From Splunk Web, when I run a search, I receive the following message Search not executed: The minimum free disk spa... by ramaswamy New Member in Splunk Search 04-19-2016 0 4	0	4
How to store a large search result set into a lookup table? I have a large results set of a search which I would like to store as a lookup table. How can I do that? by ddrillic Ultra Champion in Splunk Search 04-19-2016 0 6	0	6
How to create a custom chart from js_charts that extends the verticalfillerGauge chart? I want to create a custom chart from js_charts that extends the verticalfillerGauge chart. This chart would use SVG ... by rickgeorge Explorer in Splunk Search 04-19-2016 1 2	1	2
Is there a way to get an event by some unique ID(s) ? I read this but this was almost two years ago: http://splunk-base.splunk.com/answers/49/does-each-splunk-event-have-... by socalvin New Member in Splunk Search 04-19-2016 0 2	0	2
How to write a search using an eval object with a wildcard? I am trying to use an eval object as the basis of a search pattern along with a wildcard and Splunk is not happy with... by sfellin Engager in Splunk Search 04-19-2016 0 2	0	2
How to extract the file type from my logs and get the count of successfully processed files by file type? Hi, I am searching for some way to extract count of each file type which is successfully processed. The logs contain... by boddunan Engager in Splunk Search 04-19-2016 0 3	0	3
How to combine my two searches and run another search when clicking on a field from the results? Hi , Request any help for the below questions: 1) I have two different searches: sourcetype=bcd "JMS-120: Dequeu... by garinapavan Explorer in Splunk Search 04-19-2016 0 2	0	2
How to search for the same IP in multiple sourcetypes within a certain time frame? Greetings, I am looking for a way to search through 2 sourcetypes: sourcetype=bro_http AND sourcetype=McAfee to find... by janiceb Path Finder in Splunk Search 04-19-2016 0 7	0	7
How to combine two fields into one to run a stats count search? I have log events which are little different, but each event has a unique name which I am interested in. However, thi... by reachskhm New Member in Splunk Search 04-19-2016 0 4	0	4
How to add a column with the max values for a set of fields on each row and add these values in the totals row? I need to add a maximum column for a set of fields on each row (created using chart ... OVER ... BY ... ), and then a... by David_Hodgson Engager in Splunk Search 04-19-2016 0 1	0	1
What is meant to clean up dispatch? Splunk recently fell over because the dispatch directory (on an ext2 filesystem) hit 32000 directory entries, so the ... by djce Engager in Splunk Search 04-19-2016 3 5	3	5
How to search the last 90 days of BlueCoat logs for the top 100 websites? This is the criteria I'm using: index=bcoat_logs sc_filter_result!=DENIED cs_host!="-" \| stats count(cs_host) by cs_... by OD_jfraher New Member in Splunk Search 04-18-2016 0 1	0	1
How to edit my search to get the counts and eval results for each value of a certain field? The below returns the correct results, but I only get the RequestOne, RequestTwo, and meetscriteria fields when field... by Catie_Carmody Engager in Splunk Search 04-18-2016 0 2	0	2
To Get sum of hosts Hi, i have a simple query where i am getting response times by host. i want to get the sum of hosts as a filed. I ha... by xvxt006 Contributor in Splunk Search 04-18-2016 0 7	0	7
How do I table 3 distinct values within the same event if all values share the same field name? Hi, In my log, I have the same name field for three distinct values in the same event. For example: ... Security ID... by monteirolopes Communicator in Splunk Search 04-18-2016 0 5	0	5
Captain Skipping Configuration Replication Hi guys, I'm having a problem with my environment, we have 15 machines, 1 Master, 1 Deploy, 1 Universal Forwarder, 6... by rafamss Contributor in Splunk Search 04-18-2016 5 4	5	4
"Unanswered" Questions As a note: 17:30 CET - 4,825 questions, 1,069 unanswered!?! There are so many answered questions still "open" / unti... by LCM Contributor in Splunk Search 04-18-2016 5 7	5	7
How to search the count of each Windows event code in my data and run arithmetic operations with these counts to display on a timechart? Hello! I have some Windows event log data with 5 different event codes. I need to count by each of the event codes a... by Branden Builder in Splunk Search 04-18-2016 0 2	0	2
How to create a panel that displays response events which take longer than the time of X to respond? Hey fellow Splunkers, I have a very complex problem which I am attempting to solve and thought it couldn't hurt to a... by helpmejesus Explorer in Splunk Search 04-18-2016 0 5	0	5

Get Updates on the Splunk Community!

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...

Splunk Search

What is the syntax for rolling hot buckets to warm via cli?

Is this the correct way to extract successful and failed logins from /var/log/secure in a search?

How to show all sources for each index?

How to inputlookup on a field that is "rex" generated?

calculate the days between 2 dates

How to search if a string exists in a variable number of columns?

Splunk Search Head : "Search not executed: The minimum free disk space (5000MB) reached for /opt/splunk/var/run/splunk/dispatch"

How to store a large search result set into a lookup table?

How to create a custom chart from js_charts that extends the verticalfillerGauge chart?

Is there a way to get an event by some unique ID(s) ?

How to write a search using an eval object with a wildcard?

How to extract the file type from my logs and get the count of successfully processed files by file type?

How to combine my two searches and run another search when clicking on a field from the results?

How to search for the same IP in multiple sourcetypes within a certain time frame?

How to combine two fields into one to run a stats count search?

How to add a column with the max values for a set of fields on each row and add these values in the totals row?

What is meant to clean up dispatch?

How to search the last 90 days of BlueCoat logs for the top 100 websites?

How to edit my search to get the counts and eval results for each value of a certain field?

To Get sum of hosts

How do I table 3 distinct values within the same event if all values share the same field name?

Captain Skipping Configuration Replication

"Unanswered" Questions

How to search the count of each Windows event code in my data and run arithmetic operations with these counts to display on a timechart?

How to create a panel that displays response events which take longer than the time of X to respond?

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

How to get an extract of threshold values set in s...

how to query OCI Audit logs from Datasafe

SPLUNK ES 8.2.3 Drill Down not appearing

Using Splunk to Analyze Web Traffic & Machine-Gene...

How can i export a list of all services in APM

Splunk Search

Join the Conversation