Splunk Search

Community Activity

How do I break multiple events by Regex into single event objects I would like to break this into individual events before the ",{type" : { "type": "FeatureCollection", "features": [... by BrandSentiment Explorer in Splunk Search 11-08-2015 0 1	0	1
Removing a line from a timechart? Within our application we are tracking a "Pings" metric, and in our query we are showing pings over time along with a... by thefosk Engager in Splunk Search 11-07-2015 0 1	0	1
Count by values for two fields like a table I have events coming with two distinct key say "Key1" and "Key2". Expected value for these keys are 1 to 3. I want... by nkotha New Member in Splunk Search 11-07-2015 0 2	0	2
Timechart comparing values from now and 7 days ago Hello, I'm trying to show trends using a single value dashboard to compare a count from now and 7 days ago. It seem... by jawebb Explorer in Splunk Search 11-07-2015 0 2	0	2
Need Regex Help - Works Inline Search, Doesn't Work On Field Extractor. I have this simple data: Wich will be cut by fixed positions. 201508150015002060HHTTP090E0000000085CHAN5050 I need... by vtsguerrero Contributor in Splunk Search 11-07-2015 0 12	0	12
How to enable iplocation How do I "enable" iplocation in Splunk Ent. 6.2.2. I thought it might be just an automatic function now that the dat... by mbohlsen Engager in Splunk Search 11-06-2015 0 1	0	1
Efficient way to get high-level messaging stats I'm looking at behavior of a service which consumes messages about products, the unifying factor being a field called... by mcomfurf Path Finder in Splunk Search 11-06-2015 0 1	0	1
How to find elapsed time between now() and event? Hello. I am trying to find the amount time that has passed from the time and event occurred to the present (now()). ... by _dave_b Communicator in Splunk Search 11-06-2015 1 5	1	5
Unable to blacklist Windows events with regex on universal forwarder Hi All, We have an remote DC, to save bandwidth and Splunk license we like to filter out computer account logon mess... by Derksr Explorer in Splunk Search 11-06-2015 1 5	1	5
How can I average a dynamic column created using eval {Field}=Value I would like to display some data that has columns based on dynamic data from the search results. e.g. Assuming I hav... by chustar Path Finder in Splunk Search 11-06-2015 0 6	0	6
Count by group subgroup and use subgroup as column I had a query like this .... \| eval group_name = case ( match ( field , "value1" ) , "g1" , match ( field ... by splunknewbieste New Member in Splunk Search 11-06-2015 0 4	0	4
Using Chart over two fields grouped by time Hi Guys, I am trying to pull up a table containing Time, Channel & Popularity as fields. I am using : chart useothe... by kabiraj Path Finder in Splunk Search 11-06-2015 0 5	0	5
Real Time searches not all running Two of our users reported that they have not been getting any alerts from their real time searches over the past week... by gn694 Communicator in Splunk Search 11-06-2015 0 2	0	2
Extracting country codes from phone numbers Lets see how many of you are up early this Easter Sunday - bonus point on offer  I have a lookup with a list of pho... by himynamesdave Contributor in Splunk Search 11-06-2015 0 13	0	13
Join between 2 source type with a lot of data I everybody. I have a problem on splunk. I have a sourcetype with my orders and a sourcetype with my customers. I ... by jbechchar New Member in Splunk Search 11-06-2015 0 4	0	4
Showing filed only once per unique occurrence Hello, I am having problems with Splunk queries were a single unique instance of a field is repeated over other fiel... by gleandro Engager in Splunk Search 11-06-2015 0 1	0	1
extract code Once I have filter the data I need using search App I wish to extract the code (Java or python or other) for future u... by ryosefi New Member in Splunk Search 11-05-2015 0 5	0	5
DB Lookup - If I have two database inputs of the same type, how do I differentiate between the outputs? This is just a dummy example to illustrate a problem I'm having with my DB Lookup... Within my Splunk search results... by joea9 Explorer in Splunk Search 11-05-2015 0 2	0	2
Timechart average bandwidth usage per transaction Dear experts I must confess this post and question is not properly defined. It's more a chance to pick your brains r... by epacke Path Finder in Splunk Search 11-05-2015 0 7	0	7
How to edit my search get the subsearch to pass multiple values to the main search? Subsearch returning large number of MAC Address and pass each of them to the main (outer) search to evaluate if they ... by rafiqul New Member in Splunk Search 11-05-2015 0 2	0	2
I am not sure if this is a bug. I am using the same dataset and i am "appendcols" them. I can see the visualization - but i cant interact with the screen and it freezes. HI I am not sure if this is a bug. I am using the same dataset and i am "appendcols" them. I can see the visualizati... by robertlynch2020 Influencer in Splunk Search 11-05-2015 0 1	0	1
Attempting to run eval using value from min row returned by stats I have a list of events with columns such as: type,event_time,event_id,create_date My objective is to find the lowes... by hzane Engager in Splunk Search 11-05-2015 0 1	0	1
Timechart Dropping Empty Buckets I am trying to create a search that provides me with the predicted average usage of a machine during the course of a ... by werz New Member in Splunk Search 11-05-2015 0 3	0	3
How do I edit my timechart search to create a column chart of average duration values in a human readable format? I am trying to create a column chart that represents the average session time over a period of time with a 1 day span... by kboswell New Member in Splunk Search 11-05-2015 0 2	0	2
How do I graph a continuous timechart over a long period of time? Hello, I have implemented a dashboard in Splunk Enterprise that uses a time chart (among other things) that graphs n... by cstarling Explorer in Splunk Search 11-05-2015 0 3	0	3