Splunk Search

Community Activity

Search field names with spaces in map command inner search I have data from a sourcetype that I am searching with a map command like so: source=outersearch \| map search="sear... by ErikaE Communicator in Splunk Search 11-24-2015 0 2	0	2
How can i use stats in below mentioned Query? Find below mentioned data Applicationname \|Partners \| Servicename \| status DEE \| WEEEEE \|Money Transfer\|Suc... by shankaranantht New Member in Splunk Search 11-24-2015 0 6	0	6
Enrich event with number of business days till end of the month I would like to include an evaluated field to the events returned in the search containing the number of business day... by SP987541 Explorer in Splunk Search 11-24-2015 1 4	1	4
How could I dynamically exclude events from search results? Hello All, I'm working on a new query for one of our SIP (VoIP) dashboards. In the SIP world, each call has a unique... by bpitts2 Path Finder in Splunk Search 11-23-2015 0 1	0	1
How do I edit my search with appendpipe and subsearch to append subtotals under each individual user, not at the end? Here is my search: sourcetype="xyz" [search sourcetype="abc" "Threshold exceeded"\| top user limit=3 \| fields user] ... by GirolamoBo Explorer in Splunk Search 11-23-2015 0 4	0	4
How to set a Static threshold value on Line chart Here is my search for transaction response times on web logs: index=bridger sourcetype=bridger_wbs_txns User_ID=rtm_... by Anne_Landry Explorer in Splunk Search 11-23-2015 0 1	0	1
Hunk: setting vix.nfs.dump.dir when jobs fail due to no space left on device We are running Hunk/Splunk 6.3.1 with Hive. We saw some tasks for Hunk jobs failing due to no space left on device e... by burwell SplunkTrust in Splunk Search 11-23-2015 0 1	0	1
Matching an IP address across two sourcetypes I am trying to get matching IP address's from my asset list and another device. My source1 does not have a username a... by santorof Communicator in Splunk Search 11-23-2015 0 2	0	2
foreach for mv fields? I've got a search which uses a transaction command to combine a few log events together. As a result, I have a field... by smisplunk Path Finder in Splunk Search 11-23-2015 1 5	1	5
datamodel not able to plot timechart I have simple datamodel, which I am using as query and want to plot time chart series. Now I am not able to plot anyt... by sumitnagal Path Finder in Splunk Search 11-23-2015 2 12	2	12
How do I edit my search to output unique values per host? Any help would be much appreciated here.. Here's my search: index=main host=host1* source=server.log "exception"... by prakash007 Builder in Splunk Search 11-23-2015 0 3	0	3
not able to extract fields using TRANSFORMS.conf Files at C:\Program Files\Splunk\etc\system\local transforms.conf [function_coverage] REGEX =(fn).(name)(=)\".*?\"... by rbsplunktest New Member in Splunk Search 11-22-2015 0 8	0	8
Can you make Splunk treat lookup files as local configuration in a search head cluster? I am running a custom app that uses lookup files to get some of its configuration on a search head cluster. When the... by parsonch Engager in Splunk Search 11-22-2015 0 1	0	1
How to apply search filters for user roles on lookup table content? I would like to implement a strategy where branch office Splunk users can only see events and lookup table content re... by dstaulcu Builder in Splunk Search 11-22-2015 2 1	2	1
How do I change my current search with multiple subsearches into a time chart? The following query works for a specific time period. eventtype=A \| stats count \|join type=outer [search eventtype... by john_byun Path Finder in Splunk Search 11-22-2015 0 5	0	5
regex Adding an empty line after value found Hi, Newbie in regex, would like help to add a line after transactionid=XXXXXX. My props looks like this: [source::/... by Giggs New Member in Splunk Search 11-21-2015 0 4	0	4
What correlation is actually performed between a subsearch and the main search? Hi All! I am trying to use the subsearch functionality to find a token which should be used in the main search. Pret... by tenorway Path Finder in Splunk Search 11-21-2015 0 6	0	6
Query against a lookup table If I have a lookup table of 5groups, is it possible to have SPLUNK query activity against the groups in the lookup ta... by spammenot66 Contributor in Splunk Search 11-21-2015 0 1	0	1
List common substrings of at least 5 stations in a subway travel history of users List common substrings of at least 5 stations. List also the users followed each substring. Is this splunk problem or... by hylam Contributor in Splunk Search 11-21-2015 1 5	1	5
How to perform a secondary search on each result? I have a search that shows network activity destined for specific IP addresses I'm interested in: host="logserver" 1... by uostg Engager in Splunk Search 11-20-2015 1 3	1	3
Why is the join command joining more than it should in my search results? Hi. I have this data: Row cTime pTime uName connectionId 1 23:10:54 22:34:08 user1 user... by _dave_b Communicator in Splunk Search 11-20-2015 0 10	0	10
Why can't I see stats values from a subsearch? Hello. I want to extract timestamp data using stats list() and display that data as part of a larger search, so I ru... by _dave_b Communicator in Splunk Search 11-20-2015 0 3	0	3
How do I edit my search to create a distribution graph to show total session times for VPN connections? Good afternoon. Please forgive my ignorance. I have been 'splunking' now for a few weeks and I am still very much le... by soniquella Path Finder in Splunk Search 11-20-2015 0 4	0	4
how does 6.3 support multiple tenants With no tenants.conf, what is the multi-tenant solution... any document for it? What is the plan for future release... by paulmarino New Member in Splunk Search 11-20-2015 0 1	0	1
Threat Stream sample data Hi, We have installed splunk free version and optic splunk app. We are not able to see the sample data available with... by sanjayamin Engager in Splunk Search 11-20-2015 1 1	1	1