Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
wwf

I need to track the progress of students over time

Our event lists the answer to one question on a test. Our test numbers are unique to one set of test questions by one...
by wwf New Member in Splunk Search 07-28-2015
0 7
0
7
sspinner

Can automated lookups be defined on a search head but not pushed to search peers?

I have a 60MB lookup file on my ES search head that is only used for automated lookups against data indexed locally o...
by sspinner Explorer in Splunk Search 07-28-2015
0 3
0
3
jlosee

Is there a way to use regex on a standalone string to pull out each value, then append "field!=" to the front to exclude these values from a search?

I have a large list of values for a field that I would like to exclude from my search. Rather than having a huge sear...
by jlosee Path Finder in Splunk Search 07-28-2015
0 9
0
9
patelaa

How to search two indexes to find if an event in index B does not occur within certain time range of an event in index A?

I hope the following makes sense...I have two indexes for separate application logs, index A and index B. I need help...
by patelaa Explorer in Splunk Search 07-28-2015
1 2
1
2
athorat

How do I use the "AND" operator or any other way to list all values of a field that have both statuses FAIL and SUCCESS?

I have a search where the transaction status of a policy was set to FAIL. It was processed manually and now it has c...
by athorat Communicator in Splunk Search 07-28-2015
0 9
0
9
cmamer

How to search the sum of transactions where the times do not overlap?

I want to be able to show the sum of time that users have had licenses checked out (historically). But if a user has ...
by cmamer New Member in Splunk Search 07-28-2015
0 4
0
4
JDukeSplunk

How to combine my two searches for Windows WMI Data (Host, OS, Version, SP and Number of Installed updates) into one report?

Hello, I have two different searches that return the data that I would like to see in one report. However, I am havi...
by JDukeSplunk Builder in Splunk Search 07-28-2015
0 2
0
2
chris1

How to search two events that occurred right before a specific event showing a certain error to analyze what happened?

Hello, When I search for some events (i.e index=main *password fail), I want to get the events with two lines before...
by chris1 Explorer in Splunk Search 07-28-2015
0 1
0
1
magicfletch

Multiple instances of Splunk w/ Boot-start

How can I have multiple splunk instances on linux and use boot-start? The command "./splunk enable boot-start" will ...
by magicfletch Engager in Splunk Search 07-28-2015
1 3
1
3
newbiesplunk

How to write a regular expression to filter out any data after a second semi-colon per line?

Hi, I have a file that contains the following format and I wish to only index information before the 1st two semi-co...
by newbiesplunk Path Finder in Splunk Search 07-28-2015
0 3
0
3
splunkman341

How to edit XML to set certain colors for bars in a chart based on percentage values from my data?

Hi guys, I am trying to edit a chart I have to have certain colors corresponding to the data inside. I have 5 server...
by splunkman341 Communicator in Splunk Search 07-28-2015
0 2
0
2
pkeller

How do I edit my search to remove duplicates of a field that appear in a table column?

Say I have a table ... host, IP, destinationHostname, Port, count host1 10.10.10.1 desthost1 9999, 33 host1 10.10.1...
by pkeller Contributor in Splunk Search 07-28-2015
0 4
0
4
mriley_cpmi

Trouble reading log lines with large JSON or multiline Java exceptions from slf4j

My question is similar to others around extracting new fields, but the answers I've tried to date haven't worked. Wh...
by mriley_cpmi Explorer in Splunk Search 07-28-2015
0 3
0
3
efrenette11

can't extract field in json

Hi, I try to extract fields fron this json. I've tried with jsonkv and spath and it looks like that ' does generate...
by efrenette11 Path Finder in Splunk Search 07-28-2015
0 5
0
5
Alan_Bradley

How do index TAB delimited files?

I am looking to read into SPLUNK a tab delimited file. But most of what I see is key based Field Extractions (, space...
by Alan_Bradley Path Finder in Splunk Search 07-28-2015
1 8
1
8
LuiesCui

How to filter out events by regex in transforms.conf?

Hi guys, I'm new to Splunk and I need ur help! I was trying to discard some specific events by regex and failed. He...
by LuiesCui Communicator in Splunk Search 07-28-2015
0 3
0
3
arber

Missing logs on sos index

Hi, we are using the SoS app, basically most of the searches are working. However we have noticed that the index sos...
by arber Communicator in Splunk Search 07-28-2015
0 1
0
1
valentin_bogdan

Count unique values of a field in one result

I have the following result from a simple search: I, [2015-07-23T15:30:39+02:00 (1437658239.654) #38640] INFO -- cc...
by valentin_bogdan Explorer in Splunk Search 07-28-2015
1 5
1
5
daniel_knights

How do I run my search to find missing events on 80 Windows Domain Controllers running Splunk 6.1.4?

We have Splunk running on all of our Windows Domain Controller servers (80 of them), but we seem to be missing events...
by daniel_knights New Member in Splunk Search 07-28-2015
0 1
0
1
jwquah

Why is Search Head "search" performance in a distributed search setup slower than the same search on a single instance?

Hi Everyone, I'm testing a simple setup of a search head on a single 24 core host. The setup basically consists of 1...
by jwquah Path Finder in Splunk Search 07-27-2015
0 8
0
8
Ant1D

Drilldown from Flashchart object

Hey, I have a column flashchart on a dashboard called dash_usage.xml. When I click on a bar(e.g. called User where v...
by Ant1D Motivator in Splunk Search 07-27-2015
2 5
2
5
mcvr

How to extract these fields from my sample data?

I wanted to extract the below values. Time TakenResponse code in the string - HTTP/1.1" 200 example, I need to know ...
by mcvr New Member in Splunk Search 07-27-2015
0 2
0
2
JohnSwansson

How to display two field values in a single table column?

I have the following search: index=cashflow host=atm source=income OR source=outcome | eval accountStatus="Income: ...
by JohnSwansson Explorer in Splunk Search 07-27-2015
1 7
1
7
faramarz

How to aggregate a percentage of a total before another search?

Hey! I am trying to figure out how to aggregate a percentage of the total before another search like this: eventName...
by faramarz Path Finder in Splunk Search 07-27-2015
0 2
0
2
Madhan45

How to use "NOT" condition in regular expression?

for example i have the string "update event from remote cache". i need to use NOT condition for this to capture ab ev...
by Madhan45 Path Finder in Splunk Search 07-27-2015
0 3
0
3
Top Labels
Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...