Splunk Search

Community Activity

Why does splunk add junk to the front of a search when a field search is defined before the first pipe? With the simplest search: index=checkpoint action=accept \| head 1 The normalizedSearch (under Job Inspect, 8.34s) ... by landen99 Motivator in Splunk Search 03-24-2016 1 10	1	10
How to compare columns in a row Hi I have a query that produces some output like this: ID server_a.1 server_a.2 server_b.1 server... by ewanbrown Path Finder in Splunk Search 03-24-2016 0 5	0	5
Indexer not searchable by Search head I'm having a problem where I have 5 indexers and 1 search head. All 5 show up in the search peers under distributed ... by wweiland Contributor in Splunk Search 03-24-2016 0 5	0	5
Dashed line in timechart without advanced xml I want to use a dashed line in my timechart. I know that this is possible with advenced XML. But is this also possibl... by tgdvopab Path Finder in Splunk Search 03-24-2016 0 2	0	2
Different Results From Similar Queries Hi, I wonder whether someone may be able to help me please with something that I just don't understand. I'm using th... by IRHM73 Motivator in Splunk Search 03-24-2016 0 4	0	4
Conditional Transaction Hi I'm looking to extract a specific subset of events in my Splunk data. _time=3:01 type=update user=user2 _time=3:... by zeophlite New Member in Splunk Search 03-23-2016 0 5	0	5
How to remove additional results from search. I have a search that is showing the data I want, but I want to isolate it to a specific team and not show all results... by ericdelacruz Engager in Splunk Search 03-23-2016 0 1	0	1
Finding total number for OOID Hi all, I currently have a search that I need a little tweaking to get something else that I want. So the current s... by splunkman341 Communicator in Splunk Search 03-23-2016 0 4	0	4
BEWARE: srchFilter usage may negate each other in certain situation. If you are using deny (NOT) in your srchFilter be aware that inheritance of multiple roles with negative filters will... by the_wolverine Champion in Splunk Search 03-23-2016 1 1	1	1
help in calcuating the difference between two time stamps? Hello Experts, I have the below two fields EML_REQUEST_TIME: 2016-01-19 15:44:00.749 +00:00 EML_RESPONSE_TIME: 2... by vrmandadi Builder in Splunk Search 03-23-2016 0 13	0	13
How to find where logs are coming from and where they are being monitored? I am seeing logs in an instance of splunk, but i am unsure where the monitoring is set up. I checked my serverclass.... by JoeSco27 Communicator in Splunk Search 03-23-2016 0 4	0	4
Print rex result on search First, i'm sorry for my bad english. Let me explain my problem. I have to do a search on splunk, and in the result,... by arizoide New Member in Splunk Search 03-23-2016 0 1	0	1
regex global modifiers Hi, I trying to execute regex in search command with g (global) m (multi-line) s (single-line). the regular way (?gm... by alon7786 New Member in Splunk Search 03-23-2016 0 1	0	1
Global Environment Vars Shared Between Scripts? Hello. Is there a way to set a global environment variable in Splunk so that it can be shared and used multiple time... by _dave_b Communicator in Splunk Search 03-23-2016 0 4	0	4
Regexing multiple values Hello everyone, I've been banging my head on this one. I'm sure it involves 'rex' which I'm not so familiar with. I... by WestlyB New Member in Splunk Search 03-23-2016 0 5	0	5
Extracting numbers between words Say I have this data: c.i.m This is just a sample 23456 Yes it is true. My question is how do I extract 23456 and p... by ibekacyril Explorer in Splunk Search 03-23-2016 0 2	0	2
converting to an epoch date format using strptime I’m trying to extract the date and time from the Winevent log when an unexpected shutdown has occurred(EventCode=6008... by pc1234 Explorer in Splunk Search 03-23-2016 0 8	0	8
best way to automatically rename fields that have been generically named Let's say you've got a custom application log that has a lot of sensibly named fields. But in addition to the sensib... by sideview SplunkTrust in Splunk Search 03-23-2016 0 3	0	3
how to preserve iplocation data The database used by iplocation is updated usually with each new version of Splunk. What is the best solution to pres... by imrago Contributor in Splunk Search 03-23-2016 0 3	0	3
How can i extract a field from my custom search command through a conf file ? Hello splunkers, I've got PEM encoded value from SSL certificates that are already indexed. I've made a python custom... by phbourrel New Member in Splunk Search 03-23-2016 0 4	0	4
How to store a single value search result in some variable in a Splunk HTML page to display in a javascript alert popup? Hi, I have a dashboard in html code with one search query which provides the result in Single Numeric Value. Is the... by harshal_chakran Builder in Splunk Search 03-22-2016 0 5	0	5
Help in Calculating average timestamp,with multivalue fields? Hello , I have tried my best to get the average response time which is the based on two other timestamps which ra mu... by vrmandadi Builder in Splunk Search 03-22-2016 0 7	0	7
How Calculate the difference between two time fields? Hello all, I am trying to calculate the difference between two time fields.Below is the query which I ran to get the... by vrmandadi Builder in Splunk Search 03-22-2016 0 6	0	6
Trying to write strptime statement for importing time and date data. My data set has time in the format 10/1/2015 12:02:00 AM in a single _time field. would anyone be able to tell me th... by svercelli Path Finder in Splunk Search 03-22-2016 0 3	0	3
Pull 2 sourcetypes based off the timestamp and IP in a lookup table for +/- 5 minutes from the timestamp I have a query that produces a lookup table with three columns: _time, src_IP, and user. _time is currently formatte... by splunkfuinator New Member in Splunk Search 03-22-2016 0 1	0	1