Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
pdjhh

How to configure props.conf and transforms.conf to filter out a Windows eventcode?

Hi guys, I am ingesting Windows event logs including event code 5156 which is chewing up a lot of license. I have ha...
by pdjhh Communicator in Splunk Search 08-11-2015
0 13
0
13
antifreke

How to edit my search to get a count of FieldA per FieldB and per FieldC where the number of FieldB is greater than 3?

Good afternoon and happy monday! I'm working on trying to figure out a way to do the following : Count of vulnerabi...
by antifreke Path Finder in Splunk Search 08-11-2015
0 2
0
2
pinzer

Change destination search clicking on a pie report

Hi all, i need to change the destination of a report when clicking on the pie slice of a pie report. the query that ...
by pinzer Path Finder in Splunk Search 08-11-2015
0 1
0
1
brieucjulou

How to display logs that have the same _time value from two different fields?

Hello everyone, I have been looking for an answer all over the forum and documentation, but it still won't work.. I...
by brieucjulou Engager in Splunk Search 08-11-2015
0 2
0
2
Federica_92

How to edit my current rex search to extract path names?

Hi everyone, I have a problem building an SPL query with the regular expression: This is an example of my data: Th...
by Federica_92 Communicator in Splunk Search 08-11-2015
0 6
0
6
splunked38

How to combine two searches into one and display a table with the results of search1, search2, and the difference between both results?

Hi, I've got two distinct searches producing tables for each, and I'd like to know if I can combine the two in one t...
by splunked38 Communicator in Splunk Search 08-11-2015
0 4
0
4
antonyhan

How to order the bars within each time segment of a timechart (bar style) by the sum of the field from largest to smallest?

I am trying to order the bars within each time segment from largest to smallest? is there a way of doing it?
by antonyhan Path Finder in Splunk Search 08-10-2015
0 5
0
5
meenal901

Custom calculated Field-Extraction

Hi, I have a data of the form: Source,Date,Time Source1,20120904,000000 Source3,20120904,000000 Source1,20120904,000...
by meenal901 Communicator in Splunk Search 08-10-2015
0 4
0
4
changux

Calculating the time difference between fields, how do I properly convert the resulting value to a human readable format?

Hi all. I have two fields, in with values like 2015-08-04 05:52:42 and out with values like "2015-08-04 06:18:30" in...
by changux Builder in Splunk Search 08-10-2015
0 5
0
5
sameeripro

Using the transaction command, why are events from the same directory not collated when they took place at the same time?

I am using the transaction command, but the events are not collated when they took place at the same time and directo...
by sameeripro Path Finder in Splunk Search 08-10-2015
0 1
0
1
eriklenaerts

How to plot durations in a stacked area chart?

Hey, I'm a first time user and I'd like to use splunk for observing performance issues in an application. We want t...
by eriklenaerts New Member in Splunk Search 08-10-2015
0 1
0
1
mgpspr

How can I chart the numbers from these two strings in my data into one graph?

Hello community, I have a string .net clearing cache request for user took this many miliseconds: and .net clearing ...
by mgpspr New Member in Splunk Search 08-10-2015
0 8
0
8
msalaverry

How to find the difference between the results of two different searches in one search to display in a table panel?

Hi, I hope you can help me with this, I have 2 search results and I want to get the difference between both in the ...
by msalaverry New Member in Splunk Search 08-10-2015
0 11
0
11
mikaelbje

IP version agnostic regular expression

Just wondering if anybody's succeeded in creating an IP version agnostic regular expression? I'd like one regex to m...
by mikaelbje Motivator in Splunk Search 08-10-2015
1 2
1
2
slatta

How to use Transaction and the sum of the same name field in a rangemap and run stats?

Trying to use the sum of "docCount" in a transaction and use that value for the range and then run statistics by the ...
by slatta Explorer in Splunk Search 08-10-2015
0 3
0
3
Roopaul

What is the difference between search and real-time search? Doesn't a search provide real-time data?

What is the difference between search and real-time search? Doesn't the search provide the real-time data?
by Roopaul Explorer in Splunk Search 08-10-2015
0 2
0
2
SilviaGebel

How to search the correlation and chart temperature by failures?

Hi, currently I am trying to figure out how to chart the temperature by failures. The search I am creating is this:...
by SilviaGebel Path Finder in Splunk Search 08-10-2015
0 5
0
5
kmcarrol

Can someone explain why Search A has 0 results, but the refined Search B has multiple results?

Can someone explain to me how Search A can have 0 results, but the refined Search B has multiple results? They are ex...
by kmcarrol Path Finder in Splunk Search 08-10-2015
0 4
0
4
collier31200

latest for eventstats does not work

Hello, I try to use the latest() option of eventstats in the following way: | eventstats latest(Status) AS Status_l...
by collier31200 Explorer in Splunk Search 08-10-2015
0 4
0
4
elekanne

How to get the timestamp of the most recent event in the title of a pie chart?

I want to have the (sub)title of a pie chart changed to something like "value since 29 July 2015 21:58". That timesta...
by elekanne Explorer in Splunk Search 08-10-2015
0 4
0
4
faramarz

How to search the count of unique users in a certain time range?

Hi! I am trying to run a search where it counts the number of new users who have made purchases in the previous day,...
by faramarz Path Finder in Splunk Search 08-09-2015
0 12
0
12
bsanch2

Is there a way to extract a field that contains the delimiter within it?

I have a file that is delimited by " so that is what I am using to extract the fields, however, some events have a fi...
by bsanch2 Path Finder in Splunk Search 08-09-2015
1 4
1
4
mjbroekman

Is it possible to add a field automatically to events with using lookups in a search?

I am indexing web logs in Splunk and one thing I am trying to do is attempt to match the URI against a list of regexe...
by mjbroekman New Member in Splunk Search 08-09-2015
0 2
0
2
mjesudasan

What is the best way categorize environments for different sets of IIS logs to improve organization and efficient searching?

Hi, My question is regarding indexing IIS logs. We have about 50 websites on a single server. 4 websites make up 1...
by mjesudasan New Member in Splunk Search 08-09-2015
0 1
0
1
seregaserega

Why is my search producing "Error in 'geostats' command: The argument 'lon1' is invalid."?

Hi, I'm trying to use the geostats command and got confusion. I'm running my search without geostats: some_stuff_h...
by seregaserega Explorer in Splunk Search 08-09-2015
0 4
0
4
Top Labels
Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...