Splunk Search

Community Activity

What's your best Humans vs Zombies query? As a spin on the rabbit/coyote population cycle I've come up with one for humans vs zombies (somewhat at boss' reques... by Runals Motivator in Splunk Search 09-04-2015 12 8	12	8
Rename a Column? I'm processing some IIS log files with a search: stats count max(time_taken) avg(time_taken) as avgTT by cs_uri_stem ... by JohnWright8 Path Finder in Splunk Search 09-04-2015 2 2	2	2
Field Extract returns different results than inline rex field Using Splunk 6.2, I have a few regex commands that return drastically different results when they are set up using f... by coshea Engager in Splunk Search 09-04-2015 0 3	0	3
How to grep a number from a string? Hi, I have a column in my source with different severity levels, for example - Severity 1 - High 2 - Medium 3 - Mo... by nilotpaldutta Explorer in Splunk Search 09-04-2015 0 1	0	1
Using the Splunk Python SDK, how do I get my custom generating search command to use the result of a subsearch as parameter? I am in the process of writing a custom command using the Python SDK. It is a generating command. I would like the ... by kierencrossland Path Finder in Splunk Search 09-03-2015 0 1	0	1
How to compare and filter results from an inputlookup table? Hi all, So I have a search that currently is giving me a stats table where one of the fields is "Bundle", and what ... by raby1996 Path Finder in Splunk Search 09-03-2015 0 3	0	3
Is it possible to use dedup or "\|" commands in the base search of a data model? I have an instance using ServiceNow data where I want to dedup the data based on sys_updated_on to get the last updat... by bwindham Path Finder in Splunk Search 09-03-2015 0 2	0	2
How to chart a varying number of fields? I have message data similar to as follows, which is the count of active user processes on a host: host=hostA user1:0... by andrewjgriffin Engager in Splunk Search 09-03-2015 0 4	0	4
Search gives no hits for my _meta added fields When adding an _meta entry into inputs.conf such as: [monitor:///tmp/fwdtest] sourcetype = sun_jvm _meta env::prd W... by ahattrell_splun Splunk Employee in Splunk Search 09-03-2015 0 4	0	4
How to export the last 25 hours of data using curl? I have a saved search in splunk which has a default start time of 7 days. I have a curl command that works perfectly ... by zackh123 Path Finder in Splunk Search 09-03-2015 0 3	0	3
Why is time column different from date in transaction? If I run the following search for the previous month, the number of days that appears next to Sunday is 8? If I look ... by RVDowning Contributor in Splunk Search 09-03-2015 0 3	0	3
Is there a way I can hardcode a search to 2 drilldown values? Is there a way I can hardcode a search to 2 drilldown values? Basically this is what I am trying to achieve: Drilldow... by muralianup Communicator in Splunk Search 09-03-2015 0 3	0	3
How to use a lookup file to suppress alerts? We have a network load balancer (NLB) that generates syslog messages when servers fail to respond to health probes fr... by mjshoaf New Member in Splunk Search 09-03-2015 0 10	0	10
How to get the top 10 values of a column by another column? 2015-09-02T14:01:02.228 Name=UPS6Z444706F2 Chkd_Out=Y DomID="Upstreamaccts\\racantr" Model="ProLiant WS460c Gen8 WS B... by vrmandadi Builder in Splunk Search 09-03-2015 0 2	0	2
How to search web logs for all destination IPs that only a single source IP has requested? So I have web logs  , weblogs contain source IP, destination IP and other info. I am trying to write a search that w... by ng87 Path Finder in Splunk Search 09-03-2015 0 2	0	2
How to concatenate strings with special characters? Hi, How can I concatenate Start time and duration in below format. Right now I am using this, but it is only half wo... by tondapi New Member in Splunk Search 09-03-2015 0 1	0	1
how to convert seconds to HH:MM format ? Hi, How to convert seconds to HH:MM format. thanks by tondapi New Member in Splunk Search 09-03-2015 0 1	0	1
How do I search if HTTP status for error codes is more than 5% of the overall request, but exclude error code 401? Hi All, I need helping writing a search. If HTTP status for error codes is more than 5% of the overall request (exc... by marees123 Path Finder in Splunk Search 09-03-2015 0 4	0	4
How to extract the Referrer Field from the first event of a Transaction? I've broken my events up into transactions to determine whether a user purchased and subscribed, and once narrowed do... by faramarz Path Finder in Splunk Search 09-02-2015 1 3	1	3
Method to rename field to value of another field I would like to be able to rename a field to the value associated with another specified field. Can anyone think of ... by dstaulcu Builder in Splunk Search 09-02-2015 4 6	4	6
How to Set an Alert to Fire on The Total Count? I have an alert set which will compare the errors for the current day's previous hour to yesterday's previous hour.. ... by skoelpin SplunkTrust in Splunk Search 09-02-2015 1 7	1	7
How to search and display the average time disk transfers took to complete in seconds? Hi , Is there an easier way to write a search to separate and display stats values within a 1min interval/bucket for... by idab Path Finder in Splunk Search 09-02-2015 0 9	0	9
How to exclude weekends (Saturday and Sunday) from a transaction search and and order the days chronologically? I have the following search: source="c:\\logs\\aaaa" \| transaction bbbb startswith=("CCCC STARTED") endswith=("CCC... by RVDowning Contributor in Splunk Search 09-02-2015 1 1	1	1
How to change Inline Search based on the click.value in Simple XML? Hello I am trying to implement an inline chart whose search criteria will change based on the $click.value$ on the t... by theouhuios Motivator in Splunk Search 09-02-2015 0 2	0	2
I Need Help Filling Null Fields with Zero I have 2 tax calls (CalculateTax and LookupTax) and want to count their errors for the previous day's hour. I then ad... by skoelpin SplunkTrust in Splunk Search 09-02-2015 0 10	0	10