Splunk Search

Community Activity

How do I show the dispatch directory limit warning in a dashboard? I need to make a dashboard wherein I have to show if the dispatch directory exceeds it limit. what would be the quer... by apurva1707 New Member in Splunk Search 04-04-2016 0 4	0	4
Receive cooked data to index securitylogs We have some Appliances (Open System Webproxy), they can send Splunk cooked data into Splunk. I want to receive the ... by nicocin Path Finder in Splunk Search 04-04-2016 0 5	0	5
Why is Hunk returning incomplete results for searches running over a few hours? Splunk = Hunk 6.2.8 and Hunk 6.3.3 Hadoop = HDP 2.3.x Symptoms = Searches don't return some results. On an example d... by bohanlon_splunk Splunk Employee in Splunk Search 04-04-2016 0 1	0	1
Why am I unable to extract all fields from a JSON event? I am trying to extract the key/value pairs in this Json field: [DataJson={"Code":"Error","Reason":"Failed to locate... by ibekacyril Explorer in Splunk Search 04-03-2016 1 4	1	4
Eval and if commands return unexpected result The question relates to https://answers.splunk.com/answers/387510/alternatives-to-using-join-command.html index=prov... by ddrillic Ultra Champion in Splunk Search 04-03-2016 0 3	0	3
Can I have a chart overlay with 2 series stacked in a Splunk graph? I have a chart with 4 series and what I am wondering is "can I have a chart overlay with 2 series stacked in a Splunk... by HattrickNZ Motivator in Splunk Search 04-03-2016 0 9	0	9
How can I have a pivot table sorted by the sum of column values automatically instead of manually sorting each time? I have created a pivot table in the Pivot Builder and it shows the information that I need. However, I want the pivo... by clifforg Explorer in Splunk Search 04-03-2016 1 1	1	1
using transaction to check service status Hi  we have McAfee Solidifier (software for real-time change monitoring to software code and servers configurati... by abdallah_hegazy Explorer in Splunk Search 04-03-2016 0 2	0	2
What are alternatives to using the join command for my search? Hello Splunkers, I would like to seek advice on how to achieve the same goal without having to use the join command. ... by tsunamii Path Finder in Splunk Search 04-03-2016 3 9	3	9
After setting up several eventtypes with the same tag, why am I getting a NULL eventtype when trying to use timechart? Hi all! I've set up several eventtypes with the same tag. I'm now trying to use timechart but getting unexpected NUL... by chriscranford New Member in Splunk Search 04-03-2016 0 1	0	1
How to write a search to extract and only display email addresses from XML events? Each event found in my search, is always similar to the example below, but with a different email address found withi... by hbcit New Member in Splunk Search 04-03-2016 0 1	0	1
Could someone please explain me how to configure "SNMP Polling" for splunk installed on windows Server 8 R2 machine ? (From Scratch) Could someone please explain me how to configure "SNMP Polling" for splunk installed on windows Server 8 R2 machine ?... by dileepkumarsr New Member in Splunk Search 04-02-2016 0 1	0	1
DB Connect Convert Epoch to DateTime Hello, I have an MySQL database and I am trying to index some data from it. I can connect with no problems and I can... by justinfranks Path Finder in Splunk Search 04-01-2016 0 4	0	4
How do I create a host name from two matches with host_regex? If I'm gathering data from /data/"folder"/"subfolder" and want to make the host = "folder"-"subfolder", is this possi... by kevlar0 Engager in Splunk Search 04-01-2016 0 2	0	2
REST search for Deployment Client Forwarder Management Console In the Splunk Web Interface, you can navigate to /manager/system/deploymentserver to get access to a set of tables th... by muebel SplunkTrust in Splunk Search 04-01-2016 0 1	0	1
Extracting values from a field I have 2 fields like these: For Field 1: type=Intelligence Field 2: [abcd=[type=High] [Number=3309934] ] I know I ... by ibekacyril Explorer in Splunk Search 04-01-2016 0 5	0	5
How to find out if there are multiple hits to page in a single session I am trying to find out the count of transactions when there are multiple hits to a particular uri with in a session.... by xvxt006 Contributor in Splunk Search 04-01-2016 0 4	0	4
Automatically add ORs between IPs for Dashboard Hi Community, Suppose I get a list of IPs once a week and I want to search all the indexes for these IPs. Is it poss... by CYBR_AH Explorer in Splunk Search 04-01-2016 0 2	0	2
Join Join Help Hello, I feel like I am close to figuring this out. If there was a way to just pump out all the fields you have avail... by matthewcanty Communicator in Splunk Search 04-01-2016 0 7	0	7
How to accelerate parameterized searches Hi all, I have a couple applications that each of them have six or seven dashboards, with multiple users accesing si... by despachoSTD Explorer in Splunk Search 04-01-2016 0 1	0	1
Multiple searches over a number of days across separate indexes Apologies for the title, i couldn't come up with anything that made sense. Some background information before i expla... by ng87 Path Finder in Splunk Search 04-01-2016 0 2	0	2
Conditional Sum I'm trying to create a report of domain accounts locked out by caller_computer_name. However, I want to alert if the ... by rackersmt Explorer in Splunk Search 04-01-2016 0 4	0	4
Recognizing Unicode Hi there, I am in the problem where I am receiving a JSON data via TCP but I am unable to convert the unicode to the ... by Stevelim Communicator in Splunk Search 04-01-2016 0 5	0	5
How to set up an initial transactiontypes.conf file in $SPLUNK_HOME/etc/system/local ? I am attempting to set up an initial transactiontypes.conf file in $SPLUNK_HOME/etc/system/local so I can use [search... by packet_hunter Contributor in Splunk Search 04-01-2016 1 6	1	6
Finding searches for a user Pre-Splunk 5 I could find a list of searches for a user by doing something like: index=_internal sourcetype=searches... by rmorlen Splunk Employee in Splunk Search 04-01-2016 0 3	0	3