Splunk Search

Community Activity

visiting a dashboard + controlling panel/chart heights + XML When you visit a dashboard the panels/chart are all at a predefined size, but you now have the option to make the hei... by HattrickNZ Motivator in Splunk Search 03-09-2016 1 1	1	1
Calculating _internal log volume for a particular host Hello, I'm trying to determine how much traffic gb/mb/kb that a particular forwarder is sending in daily. I'm using t... by dky New Member in Splunk Search 03-09-2016 0 12	0	12
How to alert on a value crossing over a moving average of that value? Is there any way to do this in a single search? I know it can be done by having one search compute the moving averag... by responsys_cm Builder in Splunk Search 03-09-2016 0 4	0	4
How can I create extract the earliest and latest times for current search and create fields for them? I would like to display the original earliest and latest of a search as fields in my table results. My query below. ... by jedatt01 Builder in Splunk Search 03-09-2016 0 2	0	2
Unmatched parentheses error with replace The following search is complaining about an unmatched parenthesis. Since the parentheses are inside of quotes, shoul... by bruceclarke Contributor in Splunk Search 03-09-2016 0 2	0	2
Filtering on UF for Specific Events then Delete the Rest (6.3.2) Hello Splunkers, I've been working on filtering IIS events. What I need to keep is any event that contains auth.owa,... by markschoonover Explorer in Splunk Search 03-09-2016 1 5	1	5
Help with timecharts New to splunk so aplogies if this question is not worded correctly. Trying to generate a view (sparkline?) that compa... by cjohnson_vectra New Member in Splunk Search 03-09-2016 0 5	0	5
Multiple stats counts in string, need to divide one count by 2 This is my string .....\| eval actionSend=if(action="Send", 1, null) \| eval actionRecv=if(action="Receive", 1, null)... by tbrown110 New Member in Splunk Search 03-09-2016 0 3	0	3
Struggling with stacked bar chart to show time spent in different places Hi, We are trying to use Splunk to provide some nice diagrams showing execution time of critical sections in referen... by PanKokos Path Finder in Splunk Search 03-09-2016 0 2	0	2
help with distinct counting in same field Hi, I have a question for sifting through some ssl logs. Let's say you have something like this: "GET /subdomain/su... by hak1 New Member in Splunk Search 03-09-2016 0 6	0	6
Field mapping from number to names Say for instance I am searching for windows event codes and types and I have a list of the event code mapping to the... by michael_lee Path Finder in Splunk Search 03-09-2016 0 1	0	1
Connect Splunk to the Internet to retrieve apps Hello, I'm tying to add more apps to our Splunk Web GUI. Every time I click "Find More Apps" I get an error message ... by jrsanders Path Finder in Splunk Search 03-09-2016 0 8	0	8
How to group results by name Hello all, I have a search with these results compl count(Number) 0 ... by marina_rovira Contributor in Splunk Search 03-09-2016 0 2	0	2
Display phone number value without commas? Trying to display a phone number as a single value but it is getting formatted with commas: xx,xxx,xxx,xxx What jus... by simpkins1958 Contributor in Splunk Search 03-09-2016 0 6	0	6
Count Stats by Two Fields in One Search So I'm running a search that looks like this: (host="zakta01.inno-360.com" AND mwv-landscaping.inno-360.com AND "GET... by henryt1 Path Finder in Splunk Search 03-09-2016 2 14	2	14
How can I use tokens in a stats function? I want to use a dropdown to change the field that the stats command function uses in calcuation. my token is called m... by jedatt01 Builder in Splunk Search 03-09-2016 0 3	0	3
Combine two searches using Eval with Case statement. Combine two searches using Eval with Case statement. by abdimustafa12 New Member in Splunk Search 03-09-2016 0 3	0	3
Search to find missing data using lookup table with multiple fields Hello, I am trying to find missing data in Splunk from a lookup table using inputlookup. My lookup table is: netdev... by GersonGarcia Path Finder in Splunk Search 03-09-2016 0 3	0	3
How to show text values in a timechart? I have the following information extracted from the log file: 03.03.2016 04:46:23 : Execution time in minutes: 4,370... by edwinmae Path Finder in Splunk Search 03-08-2016 0 7	0	7
Why does a new field extraction not work on the search head just I created it on, but works immediately on other members in the search head cluster? Running the latest Splunk 6.2.2 with search head clustering. I found that when I create a new search field extraction... by BP9906 Builder in Splunk Search 03-08-2016 0 2	0	2
mvexpand truncate result because of exceed 500MB memory usage Dears, i have splunk 6.3.3 and i am using query that have command mvexpand but mvexpand truncate result because of e... by ahmedhassanean Explorer in Splunk Search 03-08-2016 0 4	0	4
charting.data.count worked in Splunk 6.2.x, but why not in Splunk 6.3.0? Is this a known issue? Dear community, We have several dashboards where we need to display more than the default 100 results in a visualiza... by glentes Path Finder in Splunk Search 03-08-2016 0 3	0	3
How to set up a search head connection to an index cluster via a Network Address Translation (NAT) device? Hi, I'm designing a deployment where there will be a search head on the other side of a NAT boundary to an index clu... by acidkewpie Path Finder in Splunk Search 03-08-2016 0 1	0	1
Using preloaded sourcetypes I am having difficulty setting up my forwarder with a preloaded source type. I have identified the source type as "ac... by pkaushik1 New Member in Splunk Search 03-08-2016 0 4	0	4
filter out top 10% of the results sorted in desc order Hi all, i am trying the below query.. i need result for only top 10% of the total result. the query i am using is .... by tanujsaxena New Member in Splunk Search 03-08-2016 0 5	0	5