Splunk Search

Community Activity

addTotals not including a column Hello, this is my search: source=tcp:5544 STAT_VE="YES" OR STAT_VE="NO" \|eval Transac=case(D_LAB_ERR="TIMEOUT_REAC... by LauraBre Communicator in Splunk Search 07-07-2015 0 1	0	1
How to use where clause usage with log files.? Hi Can anyone help me in getting the below requirement I have SRC_IP,DST_IP in my log files. I am writing the query... by SanthoshSreshta Contributor in Splunk Search 07-07-2015 1 3	1	3
Error in model "JVM" : Cannot add field 'cpu_time_supported' because it already exists in object 'Threading'. hi !!! i got this error when trying to create a data model:"Error in model "JVM" : Cannot add field 'cpu_time_support... by jeandez Explorer in Splunk Search 07-07-2015 1 3	1	3
How to run a postprocess search to load a table taking values from a static pulldown? Hi, I am trying to achieve the below format in advanced xml --MainSearch ---Pulldown with static options ----Postpro... by harshal_chakran Builder in Splunk Search 07-07-2015 0 2	0	2
curl fields order on export csv When running a curl for servicesNS/-/-/search/jobs/export -d search="savedsearch temp" -d output_mode=csv I see that... by sloshburch Ultra Champion in Splunk Search 07-07-2015 1 3	1	3
Sort data in a Bar Chart I have a bar chart using the query below: index=ctap host=sc58* sourcetype=gateway screen_clicks != "CALL TRACKER I... by kmccowen Path Finder in Splunk Search 07-07-2015 1 2	1	2
Token for embedded search job not allowed 07-07-2015 09:19:07.692 +0200 ERROR HandleJobsDataProvider - Token for an embedded search job not allowed to access s... by Joannelr Explorer in Splunk Search 07-07-2015 0 2	0	2
Alert Behavior differs from Search that includes Where command I'm running a search that does exactly what I want. The search is: tag = authentication \| transaction host user \| w... by ksextonmacb Path Finder in Splunk Search 07-06-2015 0 13	0	13
How to group by a field when the values have random words in between? I have a field which has a random value in between (value can be anything. representing it by * here). Field= tes... by arnabsen1234 New Member in Splunk Search 07-06-2015 0 2	0	2
Key value pair extraction not working Sample Event: 2015-07-01 09:17:22,962\|CACHE-NAME:upf-cccc-ttt-yyy2-zzz-cache\|BACK-CACHE-ENTRIES:0\|BACK-CACHE-SIZE-IN... by viswanathsd Path Finder in Splunk Search 07-06-2015 0 1	0	1
cant use "\\" in search using django I have search like this: \| crawl \| eval path=substr(source,51,50) \| eval dir=mvindex(split(path,"\"),0) But i get ... by bontet99 New Member in Splunk Search 07-06-2015 0 2	0	2
Why is the Splunk eval command in my search returning a limited number of results (10,000)? I am writing a search where I am subtracting values of 2 fields and inserting into a new field using the eval command... by priyankshah New Member in Splunk Search 07-06-2015 0 4	0	4
clean up user account that errors from automatic lookup My user account I created some automatic lookup, but now I can't delete them in the browser. The problem was a fat f... by jkeellogic Explorer in Splunk Search 07-06-2015 0 1	0	1
How do I better understand the noise/static? Having fun with temperature sensors inside of bee hives. In the attached picture, BaitHive2, yellow, has more noise/... by talbot7 Path Finder in Splunk Search 07-06-2015 1 7	1	7
Why am I unable to select "Accelerate this search" or "Schedule this search" under "Searches, reports, and alerts"? When running "Searches, reports, and alerts » Add new", using Splunk 6.2.3, on Windows 2008/R2, I cannot select eithe... by hibbardc New Member in Splunk Search 07-06-2015 0 1	0	1
Splunk to Splunk communication stuck in CLOSE_WAIT A Splunk environment in one data center configured with multiple indexers became completely unresponsive to the data ... by rbal_splunk Splunk Employee in Splunk Search 07-06-2015 7 2	7	2
how to have 2 stats How can i have those 2 stats? \| dbquery PROD-UOL7-MANUT-MONITORACAO "select dat_collect_transaction as \"data\", T... by felipesewaybric Contributor in Splunk Search 07-06-2015 0 3	0	3
question on makemv and mvexpand i have search query that seperate multivalue and expand them into various result. It work for entry that has data but... by sg5258 Explorer in Splunk Search 07-06-2015 1 1	1	1
Timechart for three different actions : Browse, View, Download Hi guys, So I have a query which displays elapsedTime values for three different actions which are browse, view, and... by splunkman341 Communicator in Splunk Search 07-06-2015 0 13	0	13
Joining two similar tabular search results? I'm trying to collate result sets from two different, slightly similar subsearches. I have one search like this: `s... by dbryan Path Finder in Splunk Search 07-06-2015 0 3	0	3
Check status in progress with closed/resolved Hi, I am trying to create an alert that I need check if status "work in progress" was opened for more than 1 hour, i... by l-mss-n3 New Member in Splunk Search 07-06-2015 0 2	0	2
How to edit my search to create a moving average based on 3 parameters? I have the following data. The count field is calculated based on the method, status and date (I would also have the ... by cameo_cameo New Member in Splunk Search 07-06-2015 0 2	0	2
How do I export a chart as a high-quality image? Struggling a bit to find an answer to this. Can anyone suggest a way to create a sharp, high-quality image export fr... by peamc Explorer in Splunk Search 07-06-2015 6 2	6	2
How to extract curly brackets in regular expression Hi, I am having a problem extracting fields that have curly brackets {} I have the log file line; 2015.06.24 11:55:1... by ssaenger Communicator in Splunk Search 07-06-2015 0 4	0	4
Multiline table column header I have a table that has long column headers. Can i make these headers multi-line formatted? old table headers: Servi... by yumlu Engager in Splunk Search 07-05-2015 0 1	0	1