Splunk Search

Community Activity

Detailed Index Status Report - Is there one? I would like to see the following for each index limit (maximum size) Mbcurrent size Mbavg. Mb indexed per day last ... by lguinn2 Legend in Splunk Search 04-07-2016 6 6	6	6
How to edit my regex to extract this pattern from my sample data? I am trying to extract a pattern as below. Tried a few things, but all sorts of junk data is being picked up. Event ... by koushiknandan New Member in Splunk Search 04-07-2016 0 1	0	1
How to group results by count with high number of values Hi everybody, I'm new to Splunk and this will be my first question! I'm tinkering with some server response time dat... by external_alien_ Explorer in Splunk Search 04-07-2016 1 8	1	8
Measure service uptime when we have expected downtimes Hi, I'm looking for a way to measure the uptime of a service we run. The tricky part for me is that we have downtime ... by BT_Neophyte Explorer in Splunk Search 04-07-2016 0 1	0	1
How to set max y-axis value to a number derived from a search? I need to base the max y-axis value to the number created from a search . . . how do I do that? I looked at hidden se... by cspires64 Path Finder in Splunk Search 04-07-2016 0 8	0	8
Regex for pattern match Hello I need a regex expression to match the below patern in my abc.log Pattern details: , 2014-03-20 13:43:55.608... by RashmiGowda Explorer in Splunk Search 04-07-2016 0 5	0	5
How to edit my search to pull the first instance of an AnyConnect VPN connection for each start and end session? I want to know if anyone can help me pull the first instance of a VPN Connection for each start and end session. Anyc... by fmpa_isaac Path Finder in Splunk Search 04-07-2016 0 2	0	2
show fields with no values in a timechart Hello Expert, I'm showing a multilines graph using this search: sourcetype="mysource" thefield="x" or thefield="y" ... by royimad Builder in Splunk Search 04-07-2016 0 2	0	2
Hi, i want to colored my cell by red if the value are equal or less than 2 for the below table query for (Value_g) index=vsdm_p host = vgmm13zw.internal.vodafone.com OR host = vgmm14zw.internal.vodafone.com source="Perfmon:FreeDiskS... by MShawki New Member in Splunk Search 04-07-2016 0 2	0	2
Timechart intervals starting NOT on the top of the hour If you have created a timechart mapping, say, the number of unique users over time, Single Value will display the mos... by bpopssplunk Engager in Splunk Search 04-07-2016 1 3	1	3
How to view a list of my most recent searches (search history) This seems like it should be an easy question, but I haven't found the answer.... I ran a search recently and it had... by mfrost8 Builder in Splunk Search 04-07-2016 1 3	1	3
Where to find comparison between Splunk releases 6.2, 6.3, and 6.4? Another release of Splunk is out today ...6.4.0 we are currently on 6.2 Can anyone help me with a table of compariso... by bkumarm Contributor in Splunk Search 04-07-2016 1 10	1	10
Why do I not get the same results for (search status="200" OR "500") and (search status="500" OR "200")? Hi I try Splunk myself after I've join in Splunk beginning Course and found this strange result. Is it bug or someth... by Qlink New Member in Splunk Search 04-06-2016 0 4	0	4
How to add a unit with a value to a timechart? Dear Experts, We are trying to add unit with a value to a timechart. My search is: index = xyz sourcetype = csv sou... by chanduira Explorer in Splunk Search 04-06-2016 0 1	0	1
How to detect when a server has stopped indexing logs in Splunk? I need to know what server(s) has stopped ingesting logs OR for which server the logs are not ingesting into Splunk. ... by pandeyashish New Member in Splunk Search 04-06-2016 0 2	0	2
How to search keywords to identify in a field using regex? How to match keywords to identify in a field using regex. Our requirement is to capture the keywords that are (Liquo... by sathiyasun Explorer in Splunk Search 04-06-2016 1 1	1	1
How to edit my search to compare the count for Tuesday of the present week with Tuesday of the previous week? Hello, I am trying to compare the count for Tuesday of last week with Tuesday of this week. I am currently using the... by vrmandadi Builder in Splunk Search 04-06-2016 0 6	0	6
How to use regex/rex to extract filename from URI I am looking for a way to extract filenames of executable files from a URL in proxy logs. The url field in my logs co... by jmedved Explorer in Splunk Search 04-06-2016 0 4	0	4
Is it possible to run subsearches with tstats alone? Can you do subsearches with tstats alone? \| tstats values(DM.app) AS App FROM datamodel=DM BY DM.source [\| t... by yacht_rock Explorer in Splunk Search 04-06-2016 0 1	0	1
How to edit my search to display a table of user IDs and IP addresses? I have a search that searches for source IP addresses that hit a specific site. Then takes the source IP and “appends... by ronj_clark Explorer in Splunk Search 04-06-2016 0 1	0	1
Why I am not seeing the headers for columns that have all null values? Hello, I am using a curl command to extract data from Splunk. When at least one value for the column is there, I ca... by sandeepkumarmis New Member in Splunk Search 04-06-2016 0 11	0	11
Conditional count distinct if Hello all, I'm looking to do a "count distinct value if record type = foobar" type of scenario. Hopefully, I'll be... by jclemons7 Path Finder in Splunk Search 04-06-2016 1 4	1	4
There are plenty of matching events, but why are summary index results not generated? Hi Folks, I have the following search: index=snaptor sourcetype=IDCResponseTimes requestoption!=*PercentBarDataRequ... by billycote Path Finder in Splunk Search 04-06-2016 0 2	0	2
How to update search bar value when a drop-down value changes? I am using following code to display search bar controls on a dashboard. I want to pass a query dynamically into a se... by kevshah Explorer in Splunk Search 04-06-2016 0 1	0	1
Snap to previous Friday Hello, I have the following time modifier, which I was hoping would give me the previous Friday as a static date, b... by jclemons7 Path Finder in Splunk Search 04-06-2016 0 5	0	5