Splunk Search

Community Activity

Rename a column name to yesterday's date in 'dd-mon-yy' format Hi All, I want to rename a column name to yesterday's date written in 'dd-mon-yy' format. Search: sourcetype=shma... by kabiraj Path Finder in Splunk Search 06-11-2015 0 2	0	2
using eval on a field after using the predict function I have the follwoing search that does prediction, and what I want to do is add another column to this graph, in this ... by HattrickNZ Motivator in Splunk Search 06-11-2015 0 4	0	4
Removing duplicate substrings from a multivalue field? Hello everyone, I am creating a custom asset inventory and am combining data from multiple sources. These sources do... by smlrwd Explorer in Splunk Search 06-11-2015 1 7	1	7
Table showing highest usage by host where usage is comma separated Here is the search I'm using: index="_internal" source="*metrics.log" per_host_thruput series NOT splunk \| eval kb ... by jeck11 Path Finder in Splunk Search 06-11-2015 0 3	0	3
How to make transactions that keep groupings in chronological order I am working with time-series data, and I want to groups events based on the same values in three fields: field1, fie... by rjthibod Champion in Splunk Search 06-11-2015 1 7	1	7
hunk search-time field extraction not working Hunk v6.2.2 to hortonworks hadoop v2.2.4.2. My search-time field extraction for client_host is not consistent. It w... by suarezry Builder in Splunk Search 06-11-2015 1 5	1	5
Need Solution to Edit Lookup Files via Web Form We are creating a solution to monitor servers that are behind a network load balancer (NLB). The NLB sends health pro... by mjshoaf New Member in Splunk Search 06-11-2015 0 1	0	1
How to edit my search to determine IP Segment using a lookup? Splunk newbie here.... Looking to determine IP Segment Name using a lookup table. I have a csv file that has three f... by wtaylor149 Explorer in Splunk Search 06-11-2015 0 4	0	4
How to search the latest timestamp each user received their last email? Hi, I need to search when (timestamp) each user has received the last email. Is this possible? I tried to="<*@domain.... by Mufu Engager in Splunk Search 06-11-2015 0 4	0	4
[beginner] Provide simple stat with different string from the field _raw Hi, if I have some logs like this: ID DATE _RAW 1 10/06/2015 text .. ERROR text... 2 10/06/2015 text ..... by chrispappo Explorer in Splunk Search 06-11-2015 0 8	0	8
How to join two search events that have a common field without using Join? Hi All, I am looking for options to use to join two searches which has a common field. I have already tried the JOI... by Murali2888_bad New Member in Splunk Search 06-10-2015 0 13	0	13
How to table the count of each instance of fieldA, but also show fieldB as an additional column next to it for reference? Hi all, I am trying to search some logs that have event_name and event_number. I want to produce a table that shows... by stage1v8 Engager in Splunk Search 06-10-2015 0 1	0	1
New to Splunk and its alternatives Hi there, How is it possible to analyze windows log, lotus notes file and sample sap log files in the system. The pu... by xracerx New Member in Splunk Search 06-10-2015 0 2	0	2
Difference between NOT and != Operators index="aws-cloudtrail" errorCode!=success returns the results I expect, i.e., events that have error codes other than... by jli001 Explorer in Splunk Search 06-10-2015 0 2	0	2
Why does my autolookup definition produce unexpected results with different search strings? I am having an odd issue. I created an autolookup definition that seems to be working under certain circumstances. ... by Cuyose Builder in Splunk Search 06-10-2015 0 3	0	3
Using eval to change text color in single value module. I am trying to create a single value visualization where the text changes colors based on its value. The criteria for... by donfarland Explorer in Splunk Search 06-10-2015 0 1	0	1
Why doesn't Splunk believe that date_mday = today_mday? (5 is equal to 5, right?) So, I need to compare counts over multiple days, but I also need to filter the results to only show the count differe... by masonmorales Influencer in Splunk Search 06-10-2015 0 13	0	13
tonumber command returns a null value why does the tonumber command return a null value when the string being evaluated contains a space? example: string ... by rphillips_splk Splunk Employee in Splunk Search 06-10-2015 1 1	1	1
Count based on extracted field Hi I have an event which has something like /getproxy..... size:1 /getproxy..... size:10 /getproxy..... si... by athorat Communicator in Splunk Search 06-10-2015 0 2	0	2
DBConnect - Is there a way to limit first-time data read volume? Hi, We are using DBConnect version 1.1.6 to fetch data from an Oracle Database. We have a huge amount of data presen... by SwatiApte Path Finder in Splunk Search 06-10-2015 0 1	0	1
how to set priority for each server based on their performance Hi all, Currently I can search out the tablet name which has no data sent for more than 24 hours with below command ... by tenyang New Member in Splunk Search 06-10-2015 0 3	0	3
How to find five most common used categories specific to my data Hi guys, So I am trying to pull out the five most commonly used categories, and five most commonly used subcategorie... by splunkman341 Communicator in Splunk Search 06-10-2015 0 9	0	9
How to reassemble indexed multiline events that were not split properly using either join or another search-time option? I have multiline events that were split by the default 256 line limit (MAX_EVENTS). While I have read all on how to f... by drodman29 Path Finder in Splunk Search 06-10-2015 0 3	0	3
why is Streamstats not working ? Hi, I am trying to find cumulative sum of unique IPAddress by IsManuallyInstalled monthly. IsManuallyInstalled has t... by adityaanand Explorer in Splunk Search 06-10-2015 0 7	0	7
How does the searchtxn command work? Hello i have a problem with searchtxn: "Error in 'searchtxn' command: This command must be the first command of a se... by kozhin New Member in Splunk Search 06-10-2015 0 3	0	3