Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
azqaz

Is there a way to display a timechart for all results of a search?

I'm trying to find a way to return a list of hosts and then create a timechart of a metric for each of the hosts. Be...
by azqaz Engager in Splunk Search 02-02-2016
0 4
0
4
dhavamanis

How to calculate total month difference between dates?

Can you please tell us, how to calculate total month difference between dates? Example: startDate=1/1/2013 00:00:00...
by dhavamanis Builder in Splunk Search 02-02-2016
0 1
0
1
avalle

Locking down app and role to search only one index, why are users that are assigned this role able to search the main index?

Hello all, I have looked at documentation and a few of the questions on here and have tried it all. I have created ...
by avalle Path Finder in Splunk Search 02-02-2016
0 4
0
4
606866581

Why is my Splunk forwarder not extracting CSV file fields?

Hi, I've configured my forwarder's /etc/system/local/props.conf as such: [mysourcetype] INDEXED_EXTRACTIONS=CSV FIE...
by 606866581 Path Finder in Splunk Search 02-02-2016
0 2
0
2
TobiasBoone

Date_hour not returning in 24 hour based on AM/PM

I have an input file that has lines like: 2/1/2016,10:21AM,8006529721,4,TOLL-FREE Splunk is accounting for the time ...
by TobiasBoone Communicator in Splunk Search 02-02-2016
0 3
0
3
andrei1bc

Why is my "eval field=if()" search returning TRUE or FALSE instead of a numeric value?

Hi. I am trying to search across multiple indexes. The field I am looking for is Value (and has only numbers). This...
by andrei1bc Communicator in Splunk Search 02-02-2016
0 3
0
3
dwear

How to count different fields from different hosts?

Pardon if this is easy, I just finished going through the Searching and Reporting class and am attempting to utilize ...
by dwear Explorer in Splunk Search 02-02-2016
0 7
0
7
jpanderson

Why my search adding an additional day when finding the time difference between two time fields?

I have two values in my events: "OccuredOn" (ignore the spelling...) and "EndTime". Quite simply, I want the differen...
by jpanderson Path Finder in Splunk Search 02-02-2016
0 6
0
6
0range

How to use the same timerange for both the main search and subsearch in Splunk 6.3?

Is it possible to make exactly the same timerange for the search and the subsearch in Splunk 6.3? For example a sear...
by 0range Communicator in Splunk Search 02-02-2016
0 6
0
6
IRHM73

How do I get a certain rex field extraction to run if a field equals a specific value?

Hi, Firstly, I'm not sure whether this is even possible, but I wonder whether someone may be able to help me please...
by IRHM73 Motivator in Splunk Search 02-02-2016
0 2
0
2
gschr

How to aggregate states that have a "new" and a "gone" event?

Hi, I have a sequence of data describing state changes of a device. Now this device can have multiple state_codes at...
by gschr Path Finder in Splunk Search 02-01-2016
0 9
0
9
gitanjali

what would be the wrapper code for Circle Packing D3 chart

The data would be passed from splunk enterprise search. I am following this tutorial http://dev.splunk.com/view/SP-...
by gitanjali Explorer in Splunk Search 02-01-2016
0 5
0
5
napomokoetle

How to verify data for a specific sourcetype was indexed yesterday for a list of hosts from a master list?

Hi Everyone, Every night just after midnight, I need to verify that data for a specific sourcetype has been indexed ...
by napomokoetle Communicator in Splunk Search 02-01-2016
0 3
0
3
renems

After a severe hardware error in my multisite cluster, how do I make replicated copies of raw data searchable?

My multisite cluster suffered a severe hardware error. In some cases, I don't have a searchable copy left. Unfortunat...
by renems Communicator in Splunk Search 02-01-2016
0 1
0
1
alexgohberg

How do I present my search over time?

Hey I'm trying to present this search over time, but without success. I tried to use buckets and to add by _time, b...
by alexgohberg Explorer in Splunk Search 02-01-2016
0 3
0
3
kapliars

How can I compare latest stats with older metrics in a table?

Hi! I have application metrics in a log, and every 10 minutes, I'm printing all app perf stats. It looks like (): 2...
by kapliars New Member in Splunk Search 02-01-2016
0 1
0
1
IRHM73

Remove Plus Sign In Regex

Hi, I wonder whether someone may be able to help me please. I currently have the following raw data: service=ma&re...
by IRHM73 Motivator in Splunk Search 02-01-2016
0 5
0
5
EricWehrly

Java SDK: Why am I only getting one field with stats?

I'm attempting to run the following search using the Splunk Java SDK: index="[my_index]" sourcetype="[my_index]" | s...
by EricWehrly Engager in Splunk Search 02-01-2016
0 7
0
7
matthewjohnson

How to edit my search to find multiple averages from one field based based on the context provided by other fields?

When working with Windows performance counters, the Value field contains the interesting data for a given context. Th...
by matthewjohnson Explorer in Splunk Search 02-01-2016
0 2
0
2
jameskerivan

How do I match events from two different sources based on a common field found in both?

Hi, I have 2 fields resp_time and response_time in two different sources. Lets call it source1 and source2. In bot...
by jameskerivan Explorer in Splunk Search 02-01-2016
0 1
0
1
zach5871

How to count an event based on a unique variable?

My question may be somewhat misleading, but I'm trying to plot a timechart of one event field based on common variabl...
by zach5871 Explorer in Splunk Search 02-01-2016
0 3
0
3
Clutchplate

How do I edit my search to find how many sessions are missing a certain log entry over time?

I am logging events of my application by session. i.e whenever the app is started, I generate a new SessionId and the...
by Clutchplate Engager in Splunk Search 02-01-2016
0 5
0
5
dan_pudwell

How to create a bar chart from a field that contains a list of values?

I am trying to create a bar chart from a field that could have 0 or multiple values delimited with ; An example of t...
by dan_pudwell Explorer in Splunk Search 02-01-2016
0 4
0
4
kpavan

How do I edit my search to display Windows Active Directory users' logon_time, logoff_time, and duration in a single page?

Hi All, Need help on a Splunk search for Windows Active Directory users logon_time, logoff_time and duration in a si...
by kpavan Path Finder in Splunk Search 02-01-2016
0 2
0
2
threatanalyst

Why am I unable to use a CSV lookup table as input for my search?

I am trying to run a search against proxylogs to find any events that contain any IP listed in a certain CSV file, bu...
by threatanalyst Engager in Splunk Search 02-01-2016
0 3
0
3
Top Labels
Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...