Splunk Search

Community Activity

I get results for metadata searches, but why do I get 0 search results running regular searches on my new Splunk 6.2.3 search head? Hello Splunkverse, I've recently set up a new Search Head to test 6.2.3 and it looks awesome. I do have one major i... by ltrand Contributor in Splunk Search 06-12-2015 0 4	0	4
How to create and declare a reuseable calculated eval expression that each of my data model's eval fields can access? In my data model, I have a number of calculated fields that are derived from an Eval Expression. As the same expressi... by therockhead Path Finder in Splunk Search 06-12-2015 0 2	0	2
Splunk DB Connect 1: Is it possible to use an eval before dbquery? Hi everybody, I want to know if it's possible to use an eval before [dbquery "select blablabla"] For example: inde... by sfatnass Contributor in Splunk Search 06-12-2015 0 4	0	4
How to block access to the search bar for users in an app? Hello, I would like to create an app where users can only check out the existing dashboards, but cannot run searches... by DavidHourani Super Champion in Splunk Search 06-12-2015 1 8	1	8
List All Lookups in An App? Is there a way to list all of the lookups in a given app (w/o using Sideview utils)? Or, how can I use sideview look... by andrewkenth Communicator in Splunk Search 06-12-2015 2 9	2	9
Search to determine what is missing in Lookup table I have a lookup tabled defined with two columns Host and Source. I am trying to do a search to determine which hosts... by tmurray3 Path Finder in Splunk Search 06-11-2015 3 5	3	5
Rename a column name to yesterday's date in 'dd-mon-yy' format Hi All, I want to rename a column name to yesterday's date written in 'dd-mon-yy' format. Search: sourcetype=shma... by kabiraj Path Finder in Splunk Search 06-11-2015 0 2	0	2
using eval on a field after using the predict function I have the follwoing search that does prediction, and what I want to do is add another column to this graph, in this ... by HattrickNZ Motivator in Splunk Search 06-11-2015 0 4	0	4
Removing duplicate substrings from a multivalue field? Hello everyone, I am creating a custom asset inventory and am combining data from multiple sources. These sources do... by smlrwd Explorer in Splunk Search 06-11-2015 1 7	1	7
Table showing highest usage by host where usage is comma separated Here is the search I'm using: index="_internal" source="*metrics.log" per_host_thruput series NOT splunk \| eval kb ... by jeck11 Path Finder in Splunk Search 06-11-2015 0 3	0	3
How to make transactions that keep groupings in chronological order I am working with time-series data, and I want to groups events based on the same values in three fields: field1, fie... by rjthibod Champion in Splunk Search 06-11-2015 1 7	1	7
hunk search-time field extraction not working Hunk v6.2.2 to hortonworks hadoop v2.2.4.2. My search-time field extraction for client_host is not consistent. It w... by suarezry Builder in Splunk Search 06-11-2015 1 5	1	5
Need Solution to Edit Lookup Files via Web Form We are creating a solution to monitor servers that are behind a network load balancer (NLB). The NLB sends health pro... by mjshoaf New Member in Splunk Search 06-11-2015 0 1	0	1
How to edit my search to determine IP Segment using a lookup? Splunk newbie here.... Looking to determine IP Segment Name using a lookup table. I have a csv file that has three f... by wtaylor149 Explorer in Splunk Search 06-11-2015 0 4	0	4
How to search the latest timestamp each user received their last email? Hi, I need to search when (timestamp) each user has received the last email. Is this possible? I tried to="<*@domain.... by Mufu Engager in Splunk Search 06-11-2015 0 4	0	4
[beginner] Provide simple stat with different string from the field _raw Hi, if I have some logs like this: ID DATE _RAW 1 10/06/2015 text .. ERROR text... 2 10/06/2015 text ..... by chrispappo Explorer in Splunk Search 06-11-2015 0 8	0	8
How to join two search events that have a common field without using Join? Hi All, I am looking for options to use to join two searches which has a common field. I have already tried the JOI... by Murali2888_bad New Member in Splunk Search 06-10-2015 0 13	0	13
How to table the count of each instance of fieldA, but also show fieldB as an additional column next to it for reference? Hi all, I am trying to search some logs that have event_name and event_number. I want to produce a table that shows... by stage1v8 Engager in Splunk Search 06-10-2015 0 1	0	1
New to Splunk and its alternatives Hi there, How is it possible to analyze windows log, lotus notes file and sample sap log files in the system. The pu... by xracerx New Member in Splunk Search 06-10-2015 0 2	0	2
Difference between NOT and != Operators index="aws-cloudtrail" errorCode!=success returns the results I expect, i.e., events that have error codes other than... by jli001 Explorer in Splunk Search 06-10-2015 0 2	0	2
Why does my autolookup definition produce unexpected results with different search strings? I am having an odd issue. I created an autolookup definition that seems to be working under certain circumstances. ... by Cuyose Builder in Splunk Search 06-10-2015 0 3	0	3
Using eval to change text color in single value module. I am trying to create a single value visualization where the text changes colors based on its value. The criteria for... by donfarland Explorer in Splunk Search 06-10-2015 0 1	0	1
Why doesn't Splunk believe that date_mday = today_mday? (5 is equal to 5, right?) So, I need to compare counts over multiple days, but I also need to filter the results to only show the count differe... by masonmorales Influencer in Splunk Search 06-10-2015 0 13	0	13
tonumber command returns a null value why does the tonumber command return a null value when the string being evaluated contains a space? example: string ... by rphillips_splk Splunk Employee in Splunk Search 06-10-2015 1 1	1	1
Count based on extracted field Hi I have an event which has something like /getproxy..... size:1 /getproxy..... size:10 /getproxy..... si... by athorat Communicator in Splunk Search 06-10-2015 0 2	0	2