Splunk Search

Community Activity

Table with numbers of events Hi! I have a set of HTTP requests and I have to build a table with sources and size of requests, where the first colu... by splaccount123 New Member in Splunk Search 03-31-2016 0 2	0	2
Search String for network Devices Hi, We have around 200 Network devices and want to know, we are getting logs from all the network devices, which we ... by syed_star357 New Member in Splunk Search 03-31-2016 0 2	0	2
How do I use a value of an eval field to search an existing field Hi Experts, I have an input token $env_field$ which has a value: "port123_host123" host, component and port are exi... by apvinod2003 Explorer in Splunk Search 03-31-2016 1 3	1	3
need help to Form Splunk search query ? Hi All, Can you please help me to form the search query for below scenario ticket Created Closed Tic... by rsathish47 Contributor in Splunk Search 03-31-2016 0 3	0	3
How to set time span in relative terms? I have a form where I accept two inputs: a phone number and a time picker for the search. I need to make a search for... by ggillini New Member in Splunk Search 03-31-2016 0 3	0	3
Is there a way to create a transaction that contains 4 actions? Good Morning, I am trying to create a transaction that will search my logs for hosts that perform the following: St... by janiceb Path Finder in Splunk Search 03-31-2016 0 6	0	6
Why is the time to execute my search very high and adding required fields doesn't seem to improve performance? Hi All, I am using Splunk version 6.1.2 and running a simple search with index name. My search is resulting 27 lakh ... by rakesh_498115 Motivator in Splunk Search 03-31-2016 0 3	0	3
Splunk Search Head Cluster Crashing at start of hour Our search head cluster environment is crashing at start of hour. Any of the nodes are going down without any notable... by hardikJsheth Motivator in Splunk Search 03-30-2016 0 1	0	1
How to compare the counts of certain fields to find a ratio in a search? We have a server access log with format like below. 10:30:30.269 HostID=1001, ClientConnectionStatus=Connecting,... ... by flytrinity Engager in Splunk Search 03-30-2016 1 3	1	3
Propper Logging practices for list of events I have a service that recommends a list of cars based on the user's input of personal information. For example, someo... by sankarms Explorer in Splunk Search 03-30-2016 0 3	0	3
Why is date_hour inconsistent with %H? According to doco: "The date_hour field ... is extracted from the event's timestamp (the value in _time)." Consider ... by yuanliu SplunkTrust in Splunk Search 03-30-2016 1 7	1	7
Join truncating from too many results. i have 2 kinds of logs, one for an install of a toolbar, and one for the USE of the toolbar to do a search. the inst... by dennywebb Path Finder in Splunk Search 03-30-2016 2 7	2	7
How to fetch the before event of the search field Hi , I am looking for two different search on the single log file and am using below command to search. index=Test ... by Abilan1 Path Finder in Splunk Search 03-30-2016 0 10	0	10
Splunk 6.3.3 Search app hangs at "Loading..." in Chrome Version 49.0.2623.110 (64-bit) When loading the Splunk search app in Chrome, it will sometimes run correctly (5% maybe), but most often it hangs at ... by bskrbec Explorer in Splunk Search 03-30-2016 0 3	0	3
How to graph the event count by sourcetype on a specific index per host over time? I have found a lot of ways to do one or the other of these, but short summary of what we have with theoretical number... by dolejh76 Communicator in Splunk Search 03-30-2016 0 5	0	5
What is the best way to join/combine/correlate fields from separate events with separate UIDs? Scenario: I am searching email event logs. I can find some of the needed fields by a unique id (UID) and I find some... by packet_hunter Contributor in Splunk Search 03-30-2016 0 27	0	27
5 failed attempts for 5 users in 5 min index=windows "fail" \| stats count by user \| where count >4 This query is absolutely working as expected for my alert... by sr_dhinesh Path Finder in Splunk Search 03-30-2016 1 3	1	3
How to write Host_regex to extract filename from the source path Hi Team I have file names C:\SPLUNKCEBU\rdilraanan010-4-1.ncr.com.Gi0-2.csv from which i need host_regex to take o... by deepthi5 Path Finder in Splunk Search 03-30-2016 0 1	0	1
How to write a Calculated field by extracting a value from an existing field using REGEX Hi Experts, I'd want to create a calculated field called domainName from the SourcePath field. SourcePath field has ... by apvinod2003 Explorer in Splunk Search 03-30-2016 0 7	0	7
Errors increasing on search where "lookup table does not exist" for multiple sources but lookups have status of disabled When running ad-hoc searches, I am getting errors that are increasing. My last search produced "20 errors occurred w... by srunyon New Member in Splunk Search 03-30-2016 0 13	0	13
How to make a sequential lookup? I have created a CSV from Linux's usb.ids (http://www.linux-usb.org/usb.ids ) that has vendor_id,product_id,VendorDes... by Arcite Explorer in Splunk Search 03-30-2016 0 1	0	1
list time when the logs are indexed by Splunk Hey guys, I'm a splunk newbie and I'm trying to list all the time a specific index tries to access the log file. So ... by flzftw Explorer in Splunk Search 03-29-2016 0 2	0	2
How to pass string fields to search commands to use in parameters I am always looking for ways to DRY up my Splunk searches. Here is a pattern I find myself repeating index=<your b... by neiljpeterson Communicator in Splunk Search 03-29-2016 0 1	0	1
Why am I unable to extract all fields from a CSV log in Splunk 6.2.5? I'm trying to extract fields from a basic .csv log with no luck. Here is the file how it looks in Splunk 6.2.5.. ... by dcascione Explorer in Splunk Search 03-29-2016 0 8	0	8
Strptime statement not extracting date/time I've been trying to import the data into splunk and have been unable to get the time/date to work. Included is a scre... by svercelli Path Finder in Splunk Search 03-29-2016 0 14	0	14