Splunk Search

Community Activity

Regex in search to filter not working I am currently trying to work on a search where are admins in my results. I want the search to show only regular user... by santorof Communicator in Splunk Search 09-25-2015 0 6	0	6
Log file not picked up by splunk I'm trying to get our splunk server to index the local /var/log/audit/audit.log, but no matter what I do I don't see ... by tech8260 New Member in Splunk Search 09-25-2015 0 2	0	2
What values should I use for replication and search factor in a Splunk multisite indexer cluster with one peer in site1 and two peers in site2? Hi! I'm trying to configure a multisite indexer cluster with two sites; site1 and site2. There are one peer in site1... by hettervik Builder in Splunk Search 09-25-2015 0 1	0	1
Performing a MAP search in a given time window Hi, I'm trying to create a MAP search to see if Event B triggers within a certain time window of Event A being trigg... by sheamus69 Communicator in Splunk Search 09-25-2015 0 1	0	1
How to copy figures across empty time buckets? I'm generating a timechart that is supposed to display a daily figure which is an accumulation of total logged in hou... by szal Explorer in Splunk Search 09-25-2015 0 6	0	6
Adding a totals row to a table Hi all, So I have a search that i have saved as a report that looks like this when it completes Group Bun... by raby1996 Path Finder in Splunk Search 09-24-2015 0 1	0	1
Can't unlink pid file "/Applications/Splunk/var/run/splunk/splunkd.pid": Permission denied Splunk Free Enterprose download. Trying to start Splunk - non-root user. To "Start and Show Plunk" I get the error: ... by TheJagoff Communicator in Splunk Search 09-24-2015 0 4	0	4
Grouping by String and Sorting by Average Hi there! I have run the following search... index="prop_data" uri=/property//* \| stats avg(execution_time) by ur... by stanbridge New Member in Splunk Search 09-24-2015 0 4	0	4
Join and chart events from 2 log files with common field value but not lables. I see a ton of these type questions, but none seem to pertain to what I am doing or I just dont understand them. I h... by Cuyose Builder in Splunk Search 09-24-2015 0 1	0	1
How do I use regex to extract value in parenthesis preceded by parenthesis? I have the following log(s) from which I want to extract the value inside the parenthesis. The parenthesis field is p... by aramakrishnan New Member in Splunk Search 09-24-2015 0 5	0	5
Rename columns I have the following search string index="commercial_performance" "Efficiency Variance *" OR "Intervention Variance ... by deanamite91 Explorer in Splunk Search 09-24-2015 0 4	0	4
Map with custom image & _lat _lon Can I replace the maps app images with a static single image? I want to assign static _lat and _lon to a specific pla... by kapanig Explorer in Splunk Search 09-24-2015 0 2	0	2
Geostats Truncating Data? It would appear that using ...\| geostats isn't working as it used to anymore. I originally had a search like the foll... by vliu2 Explorer in Splunk Search 09-24-2015 0 1	0	1
Why does 'x.y'-1 return no value? I have an extremely simple search that inexplicably does not work. It returns blank values for latest(ewma): index=m... by j6white Path Finder in Splunk Search 09-24-2015 0 10	0	10
Getting Count of specific value in json formatted log I have a json splunk log, and I need to get the count of the number of times the "message" field is equal to "Total r... by kahlerb Explorer in Splunk Search 09-24-2015 0 2	0	2
Is there something similar to addtotals to sum by a field I'm trying to run a calculation that will average all values over a day, then add all values by a field (Building in ... by rrustong Explorer in Splunk Search 09-24-2015 0 3	0	3
How to filter events by date fields in lookup table I have a lookup table that consists of the follow fields: Account_Name, Name, Start Date, Return Date. I want to sea... by kvandegrift New Member in Splunk Search 09-24-2015 0 2	0	2
Put results in one row table Hello, I have got a question about a Query. This is the query: index=security-mijnssp "View rendered = /error.jspx"... by lgroot Explorer in Splunk Search 09-24-2015 0 1	0	1
Combine table rows Hi everyone, I've got a question about a query i have made: index=security-mijnssp "View rendered = /error.jspx" OR... by lgroot Explorer in Splunk Search 09-24-2015 0 1	0	1
Issue with conitnously monitoring a folder Hi Team I have a folder that consists of logs added every day i have given this folder as input to splunk to continu... by deepthi5 Path Finder in Splunk Search 09-24-2015 0 1	0	1
How to chart months on the X-axis in chronological order, not alphabetical? Hi, My database query returns the following columns monthNum,month,year,value 01, Jan, 2014, 20 01, Jan, 2015, 30 02... by hkosuru Explorer in Splunk Search 09-24-2015 0 4	0	4
I have an stats result that has a latest(_time) in the config and want to only include items where the latest is N minutes old index=product_iround_prod Level=INFO Message="Form Synchronizer complete" \| stats latest(_time) AS timestamp, latest(... by leonardr New Member in Splunk Search 09-24-2015 0 2	0	2
Why is my real-time post process dashboard showing different results from running the same search directly? Hi folks, I'm experiencing a strange behavior on one of my splunk real-time postprocess dashboards. The numbers show... by DennisMohn Path Finder in Splunk Search 09-24-2015 1 7	1	7
Extract not giving the exact result Hi, I have an extract with the name "remotesystemid" but when i am executing the below query it is giving values wit... by sunnyparmar Communicator in Splunk Search 09-23-2015 0 29	0	29
Grouping multiple times Basically I would like to run one stats command where i do some arithmetic and correlation based on one grouping, but... by raby1996 Path Finder in Splunk Search 09-23-2015 0 5	0	5