Splunk Search

Community Activity

Finding total number for OOID Hi all, I currently have a search that I need a little tweaking to get something else that I want. So the current s... by splunkman341 Communicator in Splunk Search 03-23-2016 0 4	0	4
BEWARE: srchFilter usage may negate each other in certain situation. If you are using deny (NOT) in your srchFilter be aware that inheritance of multiple roles with negative filters will... by the_wolverine Champion in Splunk Search 03-23-2016 1 1	1	1
help in calcuating the difference between two time stamps? Hello Experts, I have the below two fields EML_REQUEST_TIME: 2016-01-19 15:44:00.749 +00:00 EML_RESPONSE_TIME: 2... by vrmandadi Builder in Splunk Search 03-23-2016 0 13	0	13
How to find where logs are coming from and where they are being monitored? I am seeing logs in an instance of splunk, but i am unsure where the monitoring is set up. I checked my serverclass.... by JoeSco27 Communicator in Splunk Search 03-23-2016 0 4	0	4
Print rex result on search First, i'm sorry for my bad english. Let me explain my problem. I have to do a search on splunk, and in the result,... by arizoide New Member in Splunk Search 03-23-2016 0 1	0	1
regex global modifiers Hi, I trying to execute regex in search command with g (global) m (multi-line) s (single-line). the regular way (?gm... by alon7786 New Member in Splunk Search 03-23-2016 0 1	0	1
Global Environment Vars Shared Between Scripts? Hello. Is there a way to set a global environment variable in Splunk so that it can be shared and used multiple time... by _dave_b Communicator in Splunk Search 03-23-2016 0 4	0	4
Regexing multiple values Hello everyone, I've been banging my head on this one. I'm sure it involves 'rex' which I'm not so familiar with. I... by WestlyB New Member in Splunk Search 03-23-2016 0 5	0	5
Extracting numbers between words Say I have this data: c.i.m This is just a sample 23456 Yes it is true. My question is how do I extract 23456 and p... by ibekacyril Explorer in Splunk Search 03-23-2016 0 2	0	2
converting to an epoch date format using strptime I’m trying to extract the date and time from the Winevent log when an unexpected shutdown has occurred(EventCode=6008... by pc1234 Explorer in Splunk Search 03-23-2016 0 8	0	8
best way to automatically rename fields that have been generically named Let's say you've got a custom application log that has a lot of sensibly named fields. But in addition to the sensib... by sideview SplunkTrust in Splunk Search 03-23-2016 0 3	0	3
how to preserve iplocation data The database used by iplocation is updated usually with each new version of Splunk. What is the best solution to pres... by imrago Contributor in Splunk Search 03-23-2016 0 3	0	3
How can i extract a field from my custom search command through a conf file ? Hello splunkers, I've got PEM encoded value from SSL certificates that are already indexed. I've made a python custom... by phbourrel New Member in Splunk Search 03-23-2016 0 4	0	4
How to store a single value search result in some variable in a Splunk HTML page to display in a javascript alert popup? Hi, I have a dashboard in html code with one search query which provides the result in Single Numeric Value. Is the... by harshal_chakran Builder in Splunk Search 03-22-2016 0 5	0	5
Help in Calculating average timestamp,with multivalue fields? Hello , I have tried my best to get the average response time which is the based on two other timestamps which ra mu... by vrmandadi Builder in Splunk Search 03-22-2016 0 7	0	7
How Calculate the difference between two time fields? Hello all, I am trying to calculate the difference between two time fields.Below is the query which I ran to get the... by vrmandadi Builder in Splunk Search 03-22-2016 0 6	0	6
Trying to write strptime statement for importing time and date data. My data set has time in the format 10/1/2015 12:02:00 AM in a single _time field. would anyone be able to tell me th... by svercelli Path Finder in Splunk Search 03-22-2016 0 3	0	3
Pull 2 sourcetypes based off the timestamp and IP in a lookup table for +/- 5 minutes from the timestamp I have a query that produces a lookup table with three columns: _time, src_IP, and user. _time is currently formatte... by splunkfuinator New Member in Splunk Search 03-22-2016 0 1	0	1
Help with distributed search and multi-site index clustering Hi, I've setup a dev env with 3 sites. I also have a SHC configured, and need to setup distributed search, so the ... by a212830 Champion in Splunk Search 03-22-2016 0 3	0	3
Chart disk space over multiple servers in one pie chart I need to track disk space over multiple servers in one pie chart. I want to match all volumes with terms in them ac... by jackpal Path Finder in Splunk Search 03-22-2016 0 9	0	9
duration / count of downtime occurences Hi, My data looks like: SiteID, Date, Time,DeviceID,Alarm 1234,01/01/2013,10:01,1,True 1234,01/01/2013,10:02,1,Tru... by martyd Engager in Splunk Search 03-22-2016 1 3	1	3
How to extract a value into a field from a string? I have this string : Leaving className=com.vsp.il.drools.business.spring.SpringRulesBusinessImpl. processRequest(com... by lavasi New Member in Splunk Search 03-22-2016 0 1	0	1
tostring not totaling durations in columns that have 0 for totals. For example, I have 2 columns that I am totaling their seconds into a 3rd. However, if one of the columns has 0 as t... by ericdelacruz Engager in Splunk Search 03-22-2016 0 4	0	4
Need help calculating total time over 24 hour timeperiod between events I have a proximity sensor that generates a logfile with time stamp for whether or not I am home via my cellphone loca... by rvoninski_splun Splunk Employee in Splunk Search 03-22-2016 0 6	0	6
Order Column Headers in reverse alphabetical order after chart command I have a search that ends with the following commands: \| eval qtr=strftime(_time,"%Y")."-Q".(floor((tonumber(strftim... by bclarke5765 Explorer in Splunk Search 03-22-2016 0 2	0	2