Splunk Search

Community Activity

Hunk: setting vix.nfs.dump.dir when jobs fail due to no space left on device We are running Hunk/Splunk 6.3.1 with Hive. We saw some tasks for Hunk jobs failing due to no space left on device e... by burwell SplunkTrust in Splunk Search 11-23-2015 0 1	0	1
Matching an IP address across two sourcetypes I am trying to get matching IP address's from my asset list and another device. My source1 does not have a username a... by santorof Communicator in Splunk Search 11-23-2015 0 2	0	2
foreach for mv fields? I've got a search which uses a transaction command to combine a few log events together. As a result, I have a field... by smisplunk Path Finder in Splunk Search 11-23-2015 1 5	1	5
datamodel not able to plot timechart I have simple datamodel, which I am using as query and want to plot time chart series. Now I am not able to plot anyt... by sumitnagal Path Finder in Splunk Search 11-23-2015 2 12	2	12
How do I edit my search to output unique values per host? Any help would be much appreciated here.. Here's my search: index=main host=host1* source=server.log "exception"... by prakash007 Builder in Splunk Search 11-23-2015 0 3	0	3
not able to extract fields using TRANSFORMS.conf Files at C:\Program Files\Splunk\etc\system\local transforms.conf [function_coverage] REGEX =(fn).(name)(=)\".*?\"... by rbsplunktest New Member in Splunk Search 11-22-2015 0 8	0	8
Can you make Splunk treat lookup files as local configuration in a search head cluster? I am running a custom app that uses lookup files to get some of its configuration on a search head cluster. When the... by parsonch Engager in Splunk Search 11-22-2015 0 1	0	1
How to apply search filters for user roles on lookup table content? I would like to implement a strategy where branch office Splunk users can only see events and lookup table content re... by dstaulcu Builder in Splunk Search 11-22-2015 2 1	2	1
How do I change my current search with multiple subsearches into a time chart? The following query works for a specific time period. eventtype=A \| stats count \|join type=outer [search eventtype... by john_byun Path Finder in Splunk Search 11-22-2015 0 5	0	5
regex Adding an empty line after value found Hi, Newbie in regex, would like help to add a line after transactionid=XXXXXX. My props looks like this: [source::/... by Giggs New Member in Splunk Search 11-21-2015 0 4	0	4
What correlation is actually performed between a subsearch and the main search? Hi All! I am trying to use the subsearch functionality to find a token which should be used in the main search. Pret... by tenorway Path Finder in Splunk Search 11-21-2015 0 6	0	6
Query against a lookup table If I have a lookup table of 5groups, is it possible to have SPLUNK query activity against the groups in the lookup ta... by spammenot66 Contributor in Splunk Search 11-21-2015 0 1	0	1
List common substrings of at least 5 stations in a subway travel history of users List common substrings of at least 5 stations. List also the users followed each substring. Is this splunk problem or... by hylam Contributor in Splunk Search 11-21-2015 1 5	1	5
How to perform a secondary search on each result? I have a search that shows network activity destined for specific IP addresses I'm interested in: host="logserver" 1... by uostg Engager in Splunk Search 11-20-2015 1 3	1	3
Why is the join command joining more than it should in my search results? Hi. I have this data: Row cTime pTime uName connectionId 1 23:10:54 22:34:08 user1 user... by _dave_b Communicator in Splunk Search 11-20-2015 0 10	0	10
Why can't I see stats values from a subsearch? Hello. I want to extract timestamp data using stats list() and display that data as part of a larger search, so I ru... by _dave_b Communicator in Splunk Search 11-20-2015 0 3	0	3
How do I edit my search to create a distribution graph to show total session times for VPN connections? Good afternoon. Please forgive my ignorance. I have been 'splunking' now for a few weeks and I am still very much le... by soniquella Path Finder in Splunk Search 11-20-2015 0 4	0	4
how does 6.3 support multiple tenants With no tenants.conf, what is the multi-tenant solution... any document for it? What is the plan for future release... by paulmarino New Member in Splunk Search 11-20-2015 0 1	0	1
Threat Stream sample data Hi, We have installed splunk free version and optic splunk app. We are not able to see the sample data available with... by sanjayamin Engager in Splunk Search 11-20-2015 1 1	1	1
How do I search the count of events and use that value to calculate another field? I wish to count the number of events and then use that value to calculate something else. I tried something like thi... by joydeep741 Path Finder in Splunk Search 11-20-2015 1 4	1	4
How to combine foreach and fieldformat? Hi, I've a timechart table for revenue grouped by product. _time \| productA \| product B \| product C I would like t... by HeinzWaescher Motivator in Splunk Search 11-20-2015 0 13	0	13
Splunk not rolling hot buckets, maxHotSpanSecs not respected I have a configuration, maxHotSpanSecs = 86399 for an index namded board, expecting the buckets keep a day amount of ... by sylim_splunk Splunk Employee in Splunk Search 11-20-2015 2 2	2	2
How to write the regex to filter events by contents of a specific field in transforms.conf? I am creating a filter to only keep certain events which contain a specific country code (they are actually hostnames... by pjohnson1 Path Finder in Splunk Search 11-20-2015 0 7	0	7
Can anyone provide me a simple example for using REGEX with DELIMS? Could anyone provide me a simple example for using REGEX with DELIMS? The event in my scenario is full of delimiter-s... by zcwang New Member in Splunk Search 11-19-2015 0 2	0	2
What is the limit on the number of branches in a single CASE statement in Splunk, and how can I optimize my current eval case statement? Hello, I have defined api_names and calculating counts and sigma limits for alert based on uri stem. Example uri ste... by magorinahory New Member in Splunk Search 11-19-2015 0 1	0	1