Splunk Search

Community Activity

Help with props.conf changes link textHello Experts, Attached is the sample JSON file which I am trying to upload to Splunk.I have uploaded it by... by vrmandadi Builder in Splunk Search 02-23-2016 0 12	0	12
How to insert rows with eval calculated fields in a time series table? I have a set of time series data that looks like this: Date Type Data ================== 12 A 1 12 B 2 12 ... by Stevelim Communicator in Splunk Search 02-23-2016 1 6	1	6
Splunk Java SDK: Why does "Export Search" return significantly fewer results than an identical search in Splunk Web? I've been experimenting with a number of different settings, but here are my current search args: JobExportArgs sear... by bentuit New Member in Splunk Search 02-23-2016 0 1	0	1
How to configure Splunk to extract event timestamps from 3 different fields in each log? Hello everyone, I have a problem with my timestamp fields. Splunk doesn't recognize the timestamp because it comes f... by cesar_tomas Explorer in Splunk Search 02-23-2016 0 3	0	3
Sort table in a specific order? Sample from Splunk does not work? Sample given from Splunk: ... \| eval wd=lower(Day) \| eval sort_field=case(wd=="monday",1, wd=="tuesday",2, wd=="w... by alex1895 Path Finder in Splunk Search 02-23-2016 0 1	0	1
How to sort a time field in a 12hr time format (AM/PM)? How do I sort a column of time in 12 hour format with AM / PM on the end? I have tried using eval with the _time fie... by SQservicedesk Explorer in Splunk Search 02-23-2016 0 4	0	4
How to replace a value in a multivalue field? I am trying to report on user web activity to a particular category as well as list the URLs in that category. I have... by jmedved Explorer in Splunk Search 02-23-2016 0 4	0	4
How do I edit my search to get the sum for an eval calculated field? I am trying to add to the search below so that I can get a cumulative total of the elapsed time calculation. I want o... by rbushman New Member in Splunk Search 02-23-2016 0 4	0	4
How to sort the display order of data inside a bar on a stacked bar chart in Splunk 6.2.1? We have a search like this: ... \| eval week_start=relative_time(_time,"@w") \| eval week_label=strftime(week_start, ... by rgsage Path Finder in Splunk Search 02-23-2016 0 2	0	2
Why am I getting "ERROR FETCHING EVENT FROM SEARCH PEER" while searching? I am searching for a particular sourcetype on a Search Head. I am getting this error in intermittent pages. Page 1 t... by kamal_jagga Contributor in Splunk Search 02-23-2016 0 2	0	2
Why are monthly numbers changing when enlarging the timerange? Hi, my goal is to calculate the number of retained customers per month. So let's say our timerange starts in 2015-1... by HeinzWaescher Motivator in Splunk Search 02-23-2016 0 2	0	2
What is the most popular field name for an IP in raw data? Hi guys, What is the most popular field name for an IP? I'd like to apply a workflow_action for all the possible IPs... by alauri Explorer in Splunk Search 02-23-2016 0 3	0	3
Why is time formatting not working with my search? Why is time formatting not working with the following search: index=_internal sourcetype=splunkd "Ignoring" AND "bi... by jaho_splunk Engager in Splunk Search 02-22-2016 0 3	0	3
Why is the default y-axis chart height setting itself to 100 in Splunk 6.3.1? Both myself and other people using the same Splunk search head as I see this. The default charting.axisY2.maximumNumb... by lsolberg Path Finder in Splunk Search 02-22-2016 0 5	0	5
How to subtract two extracted fields and alert on the result? I have created 2 extracted fields. The 1st I have created from a main list which is RFQ_Request, and the second one i... by ashokapex Explorer in Splunk Search 02-22-2016 0 5	0	5
How to edit my stats count search to chart a percentage trend over time? Hi, I have the search below that displays an availability percentage for me, but now I'm looking to time chart that ... by sidekix24 Path Finder in Splunk Search 02-22-2016 0 2	0	2
How to group IP address subnets to build an average duration by subnet range? I am using a search to get the average Sessions Duration for my Windows security event logs. I want to take the below... by matt4321 Explorer in Splunk Search 02-22-2016 0 2	0	2
How to sum(field) depending on another field Hello all, I have a field called Type with three values and I want a chart of the percentage of these three values. ... by marina_rovira Contributor in Splunk Search 02-22-2016 0 6	0	6
Why do I no longer see certain fields being parsed in Splunk search results? Hi For some reason, Splunk is not parsing data anymore - whenever I load new files or forward syslog, while I see th... by NimrodSky Explorer in Splunk Search 02-22-2016 0 3	0	3
Exclude fields ending with specific character Hi Guys, I am trying to filter out "Account_Name" that ends with $ and account names with no values( this as field v... by shaker_ali Engager in Splunk Search 02-22-2016 0 5	0	5
How do I group results based on 3 fields? I am trying to group three fields together and have the first two to be unique values. The fields are Sensor Name, Wo... by Vornae New Member in Splunk Search 02-22-2016 0 4	0	4
How to make a rest endpoint search to find dashboards that are not in use or have not been accessed for the last 2 months? Hi All, How can I make a rest endpoint search to search for dashboards which are not in use or not even accessed for... by taraksinha New Member in Splunk Search 02-22-2016 0 13	0	13
How to increase number of trend lines displayed on a chart? Hi All, I am creating a dashboard which has 30 trend lines. However, when I create the visualization chart, only 11... by diliptmonson Explorer in Splunk Search 02-22-2016 0 1	0	1
StreamedSearch - Streamed search connection terminated Getting this in internal logs "StreamedSearch - Streamed search connection terminated". What does this mean? by ben_leung Builder in Splunk Search 02-22-2016 3 4	3	4
How do I apply leftouter join into two diffetent search I needs to apply left outer join or NOT IN condition on two different search search 1 : index=abc host="xxx" sourcet... by govindparashar1 New Member in Splunk Search 02-22-2016 0 2	0	2