Splunk Search

Community Activity

change color of column chart for each type? Hello all , I ran the below query ....\| chart count by SRC_ID which gives me the count for each SRC_ID . when ... by vrmandadi Builder in Splunk Search 03-11-2016 0 7	0	7
Using Geostats to display count on Map Hi, I've tried looking at various Geostats solutions but I'm struggling to get any results out. I have a search whic... by Harveyj Engager in Splunk Search 03-11-2016 0 1	0	1
Is it possible to create a dashboard where you must manually select a panel before a search is run to improve performance? Hi, I have the task of improving some of the performance issues with our instance of Splunk. One of the issues I see... by therockhead Path Finder in Splunk Search 03-10-2016 2 15	2	15
tstats and using timechart not displaying any results I am trying to use the tstats along with timechart for generating reports for last 3 months. We have accelerated data... by nmohammed Builder in Splunk Search 03-10-2016 0 7	0	7
Control Alerting Based on Host Groups I want to be able to create searches that will only look at hosts from different levels of our SDLC environment so fo... by rlaan Path Finder in Splunk Search 03-10-2016 0 3	0	3
using variables in a search + to store number of rows I have a search \| timechart span=h count \| streamstats count as row that gives me 24 rows: (1 full day at an hourly l... by HattrickNZ Motivator in Splunk Search 03-10-2016 0 2	0	2
to search and show a string in the same field. Dears, I would like to search and show a string in the field that contains multiples values. Ex.: In the IP field, ... by fasantos New Member in Splunk Search 03-10-2016 0 2	0	2
Data forwarded to third party system missing metadata Hi, I have an all in one enterprise splunk install (indexer, search head, file monitoring) with a number of universa... by calinm Engager in Splunk Search 03-10-2016 0 2	0	2
Distinct count of multiple values from the same field I have some fields "Codes" "Count". In the "Codes" field i'll get multiple values and will count the values totally b... by kamaleshwar Explorer in Splunk Search 03-10-2016 0 11	0	11
Alternative to mvexpand in order to count values in multi-value field? I currently use mvexpand in order to count the number of unique values in a multi-value field. However, this field is... by sc0tt Builder in Splunk Search 03-10-2016 0 4	0	4
is it possible to execute some commands in index time i would like to know if it's possible is to execute some commands at index time . i mean commands such as ( mvzip \| ... by ahmedhassanean Explorer in Splunk Search 03-10-2016 0 1	0	1
Alternatives for subsearch needed (10k limit) Hello, I have a powershell Script that runs every day through my Filesystem and logs every Folder with all NTFS perm... by PPape Contributor in Splunk Search 03-10-2016 0 3	0	3
How to retrieve top 20 errors from all application logs All my application logs are 'indexed' as 'customer'_application. The below shows all my Events just fine index = *_a... by edwinmae Path Finder in Splunk Search 03-10-2016 0 5	0	5
Can someone please see my example and help me to combine the two panels using layoutpanel? Here is my current code below - <dashboard> <label>Dashboard Title</label> <description/> <row> <panel> ... by dlespron Path Finder in Splunk Search 03-10-2016 0 1	0	1
How to solve an unexpected behavior of appendcols [subsearch with “by source”] style search? Hi, I’m a new user of Splunk. From multi-site syslog-like data, I would like to get a table, each row is site-name(s... by tac24 New Member in Splunk Search 03-10-2016 0 2	0	2
How to correlate a lookup table with two columns with a query? I have a query that generates a lookup table (IP_and_Username.csv) which has two columns in it: src_ip and Username. ... by splunkfuinator New Member in Splunk Search 03-09-2016 0 2	0	2
Build a table with information from various sourcetype I have two different logsource, ProxyLogs: Contains "ipaddress" and "username" WebLogs: Conatains "IP_address" and w... by dineshp Explorer in Splunk Search 03-09-2016 0 4	0	4
Can I change the values of a specific column, given certain dates and certain values I havea a search that gives me the below: _time A B C D 1 2016-01-01 1 3 5 7 2 20... by HattrickNZ Motivator in Splunk Search 03-09-2016 0 3	0	3
visiting a dashboard + controlling panel/chart heights + XML When you visit a dashboard the panels/chart are all at a predefined size, but you now have the option to make the hei... by HattrickNZ Motivator in Splunk Search 03-09-2016 1 1	1	1
Calculating _internal log volume for a particular host Hello, I'm trying to determine how much traffic gb/mb/kb that a particular forwarder is sending in daily. I'm using t... by dky New Member in Splunk Search 03-09-2016 0 12	0	12
How to alert on a value crossing over a moving average of that value? Is there any way to do this in a single search? I know it can be done by having one search compute the moving averag... by responsys_cm Builder in Splunk Search 03-09-2016 0 4	0	4
How can I create extract the earliest and latest times for current search and create fields for them? I would like to display the original earliest and latest of a search as fields in my table results. My query below. ... by jedatt01 Builder in Splunk Search 03-09-2016 0 2	0	2
Unmatched parentheses error with replace The following search is complaining about an unmatched parenthesis. Since the parentheses are inside of quotes, shoul... by bruceclarke Contributor in Splunk Search 03-09-2016 0 2	0	2
Filtering on UF for Specific Events then Delete the Rest (6.3.2) Hello Splunkers, I've been working on filtering IIS events. What I need to keep is any event that contains auth.owa,... by markschoonover Explorer in Splunk Search 03-09-2016 1 5	1	5
Help with timecharts New to splunk so aplogies if this question is not worded correctly. Trying to generate a view (sparkline?) that compa... by cjohnson_vectra New Member in Splunk Search 03-09-2016 0 5	0	5