Splunk Search

Community Activity

How do i list all splunk jobs which are running on hosts? need to identify high cpu usage searchs and stop them. need to identify high cpu usage searches and stop them. by splunkgk Path Finder in Splunk Search 03-24-2016 0 2	0	2
Help with extracting specific data Given bunch of results in a format like: 6d2112effbe814f41ef6a6b984221c2490ef5112b70d394c074bb1427561556c some.site.... by Reosoul New Member in Splunk Search 03-24-2016 0 3	0	3
Combine fields created by spath I have a log file multiple service requests/responses that I am logging in JSON. I am able to take the those requests... by SPETZD11 New Member in Splunk Search 03-24-2016 0 4	0	4
Compare Search Result Against Lookup File and Output Multiple Fields Hello, I am not sure what I am doing wrong but logically I feel this search string should work however it isn't work... by Makinde New Member in Splunk Search 03-24-2016 0 5	0	5
Why does splunk add junk to the front of a search when a field search is defined before the first pipe? With the simplest search: index=checkpoint action=accept \| head 1 The normalizedSearch (under Job Inspect, 8.34s) ... by landen99 Motivator in Splunk Search 03-24-2016 1 10	1	10
How to compare columns in a row Hi I have a query that produces some output like this: ID server_a.1 server_a.2 server_b.1 server... by ewanbrown Path Finder in Splunk Search 03-24-2016 0 5	0	5
Indexer not searchable by Search head I'm having a problem where I have 5 indexers and 1 search head. All 5 show up in the search peers under distributed ... by wweiland Contributor in Splunk Search 03-24-2016 0 5	0	5
Dashed line in timechart without advanced xml I want to use a dashed line in my timechart. I know that this is possible with advenced XML. But is this also possibl... by tgdvopab Path Finder in Splunk Search 03-24-2016 0 2	0	2
Different Results From Similar Queries Hi, I wonder whether someone may be able to help me please with something that I just don't understand. I'm using th... by IRHM73 Motivator in Splunk Search 03-24-2016 0 4	0	4
Conditional Transaction Hi I'm looking to extract a specific subset of events in my Splunk data. _time=3:01 type=update user=user2 _time=3:... by zeophlite New Member in Splunk Search 03-23-2016 0 5	0	5
How to remove additional results from search. I have a search that is showing the data I want, but I want to isolate it to a specific team and not show all results... by ericdelacruz Engager in Splunk Search 03-23-2016 0 1	0	1
Finding total number for OOID Hi all, I currently have a search that I need a little tweaking to get something else that I want. So the current s... by splunkman341 Communicator in Splunk Search 03-23-2016 0 4	0	4
BEWARE: srchFilter usage may negate each other in certain situation. If you are using deny (NOT) in your srchFilter be aware that inheritance of multiple roles with negative filters will... by the_wolverine Champion in Splunk Search 03-23-2016 1 1	1	1
help in calcuating the difference between two time stamps? Hello Experts, I have the below two fields EML_REQUEST_TIME: 2016-01-19 15:44:00.749 +00:00 EML_RESPONSE_TIME: 2... by vrmandadi Builder in Splunk Search 03-23-2016 0 13	0	13
How to find where logs are coming from and where they are being monitored? I am seeing logs in an instance of splunk, but i am unsure where the monitoring is set up. I checked my serverclass.... by JoeSco27 Communicator in Splunk Search 03-23-2016 0 4	0	4
Print rex result on search First, i'm sorry for my bad english. Let me explain my problem. I have to do a search on splunk, and in the result,... by arizoide New Member in Splunk Search 03-23-2016 0 1	0	1
regex global modifiers Hi, I trying to execute regex in search command with g (global) m (multi-line) s (single-line). the regular way (?gm... by alon7786 New Member in Splunk Search 03-23-2016 0 1	0	1
Global Environment Vars Shared Between Scripts? Hello. Is there a way to set a global environment variable in Splunk so that it can be shared and used multiple time... by _dave_b Communicator in Splunk Search 03-23-2016 0 4	0	4
Regexing multiple values Hello everyone, I've been banging my head on this one. I'm sure it involves 'rex' which I'm not so familiar with. I... by WestlyB New Member in Splunk Search 03-23-2016 0 5	0	5
Extracting numbers between words Say I have this data: c.i.m This is just a sample 23456 Yes it is true. My question is how do I extract 23456 and p... by ibekacyril Explorer in Splunk Search 03-23-2016 0 2	0	2
converting to an epoch date format using strptime I’m trying to extract the date and time from the Winevent log when an unexpected shutdown has occurred(EventCode=6008... by pc1234 Explorer in Splunk Search 03-23-2016 0 8	0	8
best way to automatically rename fields that have been generically named Let's say you've got a custom application log that has a lot of sensibly named fields. But in addition to the sensib... by sideview SplunkTrust in Splunk Search 03-23-2016 0 3	0	3
how to preserve iplocation data The database used by iplocation is updated usually with each new version of Splunk. What is the best solution to pres... by imrago Contributor in Splunk Search 03-23-2016 0 3	0	3
How can i extract a field from my custom search command through a conf file ? Hello splunkers, I've got PEM encoded value from SSL certificates that are already indexed. I've made a python custom... by phbourrel New Member in Splunk Search 03-23-2016 0 4	0	4
How to store a single value search result in some variable in a Splunk HTML page to display in a javascript alert popup? Hi, I have a dashboard in html code with one search query which provides the result in Single Numeric Value. Is the... by harshal_chakran Builder in Splunk Search 03-22-2016 0 5	0	5