Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
iKate

preserve original table column order after untable and xyseries commands

Hi-hi! Is it possible to preserve original table column order after untable and xyseries commands? E.g.: ... | table ...
by iKate Builder in Splunk Search 11-30-2015
1 2
1
2
Imjusttesting

Search on Lat/ Lon within a specific radius

Hi Everyone, I'm seeking an answer on how to do a search within Splunk that notified you when something/someone is en...
by Imjusttesting Explorer in Splunk Search 11-30-2015
0 9
0
9
kartik13

Why am I getting an incorrect count searching a summary index using the Splunk REST API?

I am using the Splunk REST API. While making a request to Splunk, I receive the response, but with wrong numbers. My ...
by kartik13 Communicator in Splunk Search 11-30-2015
0 5
0
5
adepasquale

How to group IP addresses by their autonomous system number (ASN) using a lookup?

I'm monitoring access_combined logs from our Apache servers. My goal is to group IP addresses by their ASN for repor...
by adepasquale Path Finder in Splunk Search 11-30-2015
0 12
0
12
horsefez

check if a field value is in a specific reference set list

Hi, I have data, which I want to filter based on the IP-addresses that are contained in a .csv file. For example my...
by horsefez Motivator in Splunk Search 11-30-2015
0 3
0
3
adamblock2

What is the best practice for host name extraction of syslog servers as well as the originating devices?

I have syslog servers which receive and forward log data to Splunk from a few hundred devices. I am curious what is ...
by adamblock2 Path Finder in Splunk Search 11-30-2015
0 1
0
1
james_sro

Determine if disk or volume is mounted

I was wondering how can I use Splunk to monitor and notify me if a disk or volume that should be mounted is not moun...
by james_sro New Member in Splunk Search 11-29-2015
0 1
0
1
IRHM73

Rex to Exclude + Sign

I wonder whether someone may be able to help me please. I'm trying to extract the text "Comapred to previous years a...
by IRHM73 Motivator in Splunk Search 11-29-2015
0 6
0
6
rjm101

Comparing login events from multiple applications

I would like to construct a bar graph comparing login events between two applications however I'm having trouble join...
by rjm101 New Member in Splunk Search 11-28-2015
0 3
0
3
prakash007

need help with a query to get count and avg(count) per day

I have given this query and it's just giving me avg(count) in the output, i'm looking for both count and avg(count) p...
by prakash007 Builder in Splunk Search 11-28-2015
0 1
0
1
_dave_b

Why am I getting error "In handler 'props-extract': Data could not be written:" after configuring extractions for custom fields?

Hello, I had created some custom fields in my original Splunk Install, then I installed on a new server. I'm tryin...
by _dave_b Communicator in Splunk Search 11-27-2015
1 4
1
4
peterkn

Joining 3 sets of results from 2 indexes to graph

Say in table A I have just 1 column result: Animal: Chicken Chicken Cow Cat Cow Cow Dog My query of "stats count ...
by peterkn Explorer in Splunk Search 11-27-2015
0 2
0
2
prianticoy

How can I break this two events?

Hello!!! Can you help me to break this two events, they must separated with this expression WORD WORD WORD We ha...
by prianticoy Explorer in Splunk Search 11-27-2015
0 2
0
2
servlette

How do I create an alert when Splunk sees a transaction that is missing a certain log event, but avoid false positives?

Hi, I have something like the following, where I have a message producer and consumer. I am using ActiveMQ for mess...
by servlette Engager in Splunk Search 11-27-2015
0 4
0
4
Thyagarajan

How do I write a search to extract key/value pairs from this Windows Event Log?

Hi, I am looking for a search to extract the name/value pair from the below Windows Event logs and in Splunk, the b...
by Thyagarajan New Member in Splunk Search 11-27-2015
0 3
0
3
horsefez

Extract date and time in a specific format

Hi, I'm trying to figure out how to extract date and time in a specific format. The date in the logs are in this fo...
by horsefez Motivator in Splunk Search 11-26-2015
0 2
0
2
hettervik

Is it possible to use the transaction command to create several transactions in parallel based on distinct fields in the same search using e.g. XOR?

Hi everyone! To save resources, I want to combine several scheduled alerts into one. Each of the alerts is running a...
by hettervik Builder in Splunk Search 11-26-2015
0 8
0
8
adaam94

How to search the count of keywords for each individual event, not for all events?

How do I count the number of times keywords such as DROP, SELECT, FROM and WHERE appear for each event I have indexed...
by adaam94 Explorer in Splunk Search 11-26-2015
0 3
0
3
mctester

What does 'ERROR IndexProcessor - caught exception for index=os during initialzation: 'Splunk has detected that a directory has been manually copied into its database, causing id conflicts" mean?

I had to migrate a some indexes over from one instance to another. All worked but the 'os' index, and I'm seeing this...
by mctester Communicator in Splunk Search 11-25-2015
2 2
2
2
jyothishtj

How to write the regex to split a single event to multiple events after a particular number of characters in a string?

Hi, I am trying to split an event to multiple events. I want to split after 12th character. The string contains spac...
by jyothishtj New Member in Splunk Search 11-25-2015
0 6
0
6
Laya123

How do I edit my search to get both subtotals and the grand total?

hi, Is it possible to get subtotals? I have attached a file of how my output looks like. I want subtotals by Cluste...
by Laya123 Communicator in Splunk Search 11-25-2015
0 11
0
11
tdiestel

Why am I getting different results for essentially the same search?

Hi All; Here's my issue. I'm trying to search data where a single event appears as below. When I use the search: in...
by tdiestel Path Finder in Splunk Search 11-25-2015
1 8
1
8
raghunand

What regular expression can be used to extract literals between slashes?

Ex: /nfs/tibcosoftware/splunk/impactAnalysis/freight/ConwayServicesOMSEvents/1.01-49/AESchemas /nfs/tibcosoftware/s...
by raghunand Explorer in Splunk Search 11-25-2015
0 7
0
7
DimkoBilanko

How do I search for and combine Windows event pairs (4663 and 4660) that are generated when a file is deleted?

I want to find exact events that point to a delete file event in Windows share. There are two events generated at th...
by DimkoBilanko Explorer in Splunk Search 11-25-2015
0 4
0
4
leochan

How do I merge these search results into one line?

Is there a way to combine the following the following result into one line? Current Result: q2.example.com 26,575....
by leochan Explorer in Splunk Search 11-25-2015
0 4
0
4
Top Labels
Get Updates on the Splunk Community!

Splunk Enterprise Security: Your Command Center for PCI DSS Compliance

Every security professional knows the drill. The PCI DSS audit is approaching, and suddenly everyone's asking ...

Developer Spotlight with Guilhem Marchand

From Splunk Engineer to Founder: The Journey Behind TrackMe    After spending over 12 years working full time ...

Cisco Catalyst Center Meets Splunk ITSI: From 'Payments Are Down' to Root Cause in ...

The Problem: When Networks and Services Don't Talk Payment systems fail at a retail location. Customers are ...
Top Solution Authors
View All