Splunk Search

Community Activity

How do you use the value of a field as a keyword search? I would like to use the value of a field as a keyword search. For example, if I have field like dest_ip="1.1.1.1", ho... by davidhake New Member in Splunk Search 04-07-2016 0 6	0	6
Is it possible to run a search with a cron expression inside the search? My requirement is to monitor files daily, weekly, monthly, and quarterly and I have to search during a specific time ... by prakashbhanu407 New Member in Splunk Search 04-07-2016 0 2	0	2
How to edit my stats search to find the percentage of a range? I'm trying to build a simple SPL query to display the max, min, range (difference), and percent of the difference to ... by dcascione Explorer in Splunk Search 04-07-2016 0 2	0	2
How to search average response times at a specific time? Hello, I'm trying to write a splunk query but dont know where to start with. Is it possible to write a query to sear... by nlrdy Explorer in Splunk Search 04-07-2016 1 2	1	2
How to create a drilldown to run a new search from clicking an item on a table? I looked through the docs and other Splunk Answers, but it still isn't making sense to me, so please bear with me.  ... by aferone Builder in Splunk Search 04-07-2016 0 4	0	4
How to show stats count grouped by two fields in a graph? I have 3 Ticket groups A, B, and C. And multiple users. My system logs every ticket purchased under each ticket group... by cseuser New Member in Splunk Search 04-07-2016 0 3	0	3
Detailed Index Status Report - Is there one? I would like to see the following for each index limit (maximum size) Mbcurrent size Mbavg. Mb indexed per day last ... by lguinn2 Legend in Splunk Search 04-07-2016 6 6	6	6
How to edit my regex to extract this pattern from my sample data? I am trying to extract a pattern as below. Tried a few things, but all sorts of junk data is being picked up. Event ... by koushiknandan New Member in Splunk Search 04-07-2016 0 1	0	1
How to group results by count with high number of values Hi everybody, I'm new to Splunk and this will be my first question! I'm tinkering with some server response time dat... by external_alien_ Explorer in Splunk Search 04-07-2016 1 8	1	8
Measure service uptime when we have expected downtimes Hi, I'm looking for a way to measure the uptime of a service we run. The tricky part for me is that we have downtime ... by BT_Neophyte Explorer in Splunk Search 04-07-2016 0 1	0	1
How to set max y-axis value to a number derived from a search? I need to base the max y-axis value to the number created from a search . . . how do I do that? I looked at hidden se... by cspires64 Path Finder in Splunk Search 04-07-2016 0 8	0	8
Regex for pattern match Hello I need a regex expression to match the below patern in my abc.log Pattern details: , 2014-03-20 13:43:55.608... by RashmiGowda Explorer in Splunk Search 04-07-2016 0 5	0	5
How to edit my search to pull the first instance of an AnyConnect VPN connection for each start and end session? I want to know if anyone can help me pull the first instance of a VPN Connection for each start and end session. Anyc... by fmpa_isaac Path Finder in Splunk Search 04-07-2016 0 2	0	2
show fields with no values in a timechart Hello Expert, I'm showing a multilines graph using this search: sourcetype="mysource" thefield="x" or thefield="y" ... by royimad Builder in Splunk Search 04-07-2016 0 2	0	2
Hi, i want to colored my cell by red if the value are equal or less than 2 for the below table query for (Value_g) index=vsdm_p host = vgmm13zw.internal.vodafone.com OR host = vgmm14zw.internal.vodafone.com source="Perfmon:FreeDiskS... by MShawki New Member in Splunk Search 04-07-2016 0 2	0	2
Timechart intervals starting NOT on the top of the hour If you have created a timechart mapping, say, the number of unique users over time, Single Value will display the mos... by bpopssplunk Engager in Splunk Search 04-07-2016 1 3	1	3
How to view a list of my most recent searches (search history) This seems like it should be an easy question, but I haven't found the answer.... I ran a search recently and it had... by mfrost8 Builder in Splunk Search 04-07-2016 1 3	1	3
Where to find comparison between Splunk releases 6.2, 6.3, and 6.4? Another release of Splunk is out today ...6.4.0 we are currently on 6.2 Can anyone help me with a table of compariso... by bkumarm Contributor in Splunk Search 04-07-2016 1 10	1	10
Why do I not get the same results for (search status="200" OR "500") and (search status="500" OR "200")? Hi I try Splunk myself after I've join in Splunk beginning Course and found this strange result. Is it bug or someth... by Qlink New Member in Splunk Search 04-06-2016 0 4	0	4
How to add a unit with a value to a timechart? Dear Experts, We are trying to add unit with a value to a timechart. My search is: index = xyz sourcetype = csv sou... by chanduira Explorer in Splunk Search 04-06-2016 0 1	0	1
How to detect when a server has stopped indexing logs in Splunk? I need to know what server(s) has stopped ingesting logs OR for which server the logs are not ingesting into Splunk. ... by pandeyashish New Member in Splunk Search 04-06-2016 0 2	0	2
How to search keywords to identify in a field using regex? How to match keywords to identify in a field using regex. Our requirement is to capture the keywords that are (Liquo... by sathiyasun Explorer in Splunk Search 04-06-2016 1 1	1	1
How to edit my search to compare the count for Tuesday of the present week with Tuesday of the previous week? Hello, I am trying to compare the count for Tuesday of last week with Tuesday of this week. I am currently using the... by vrmandadi Builder in Splunk Search 04-06-2016 0 6	0	6
How to use regex/rex to extract filename from URI I am looking for a way to extract filenames of executable files from a URL in proxy logs. The url field in my logs co... by jmedved Explorer in Splunk Search 04-06-2016 0 4	0	4
Is it possible to run subsearches with tstats alone? Can you do subsearches with tstats alone? \| tstats values(DM.app) AS App FROM datamodel=DM BY DM.source [\| t... by yacht_rock Explorer in Splunk Search 04-06-2016 0 1	0	1