Splunk Search

Community Activity

Regex for extraction of Pattern from existing field I want to extract a pattern from existing field "source" whose value is /abc/Prod/log/p123ot12. I want to extract p12... by Sourabhv05 Communicator in Splunk Search 05-24-2015 0 8	0	8
Splunk 6.0.1 recusrsive directory search not hapening Hi, I have a series of Particular file types in a Direcotry of Directories, I tried to index them with monitor on \.... by anirudhk Explorer in Splunk Search 05-24-2015 0 1	0	1
Exporting search results to a specified path I have looked at commands "outputlookup" and "outputcsv". Is there a way to export your search results to a specifie... by bleung93 Path Finder in Splunk Search 05-24-2015 0 1	0	1
Find rogue splunk servers I have a list of computers running splunkweb , I am trying to remove results that are logging to the _internal index ... by omgwut56k Path Finder in Splunk Search 05-24-2015 0 3	0	3
Line breaks being removed from raw data in email alerts after upgrade to 6.1 Hi all, I have tried modifying the scheduled alert email actions to use raw and table format for the emailed alert, ... by nvonkorff Path Finder in Splunk Search 05-24-2015 7 6	7	6
exclude asterisk character from a search Hi at all, I have a field (called uid) with some values = "*" and I'd like to exclude them from the results of my se... by gcusello SplunkTrust in Splunk Search 05-24-2015 0 4	0	4
How do I write a combined search query that allows me to pick a time from the first search and then use this time to look for log events in the second search that happened witthin 30 seconds of the first. I would like to write a search query that allows me to pick a _time from the first and use it to search all the event... by ahuseid New Member in Splunk Search 05-24-2015 0 1	0	1
Index time field extraction: regexp issue Hello, Since I often search a specific expression in a large set of events, I would like to index it. Every single ... by Super_Knulps Explorer in Splunk Search 05-24-2015 0 36	0	36
Help to Write the Custom Query Dear Experts, I am creating the custom search in ES app , \| tstats allow_old_summaries=true dc(Authentication.src)... by sumit29 Path Finder in Splunk Search 05-23-2015 0 4	0	4
strip off a part of a search field I have a search query that goes like this: sourcetype="inv" Inv name=* \| table name, intf, model, serialnum, mfgname ... by sugethakch New Member in Splunk Search 05-23-2015 0 3	0	3
Bundle Replication in Splunk What is Bundle Replication in Splunk? How it works in Search Head and Indexer? In below link they explained about se... by Arun_N_007 Communicator in Splunk Search 05-23-2015 0 4	0	4
I want to change the style of the chart I made a chart using a django-tag. I want to change the style of the chart. How should I do? by ryuch2002 Explorer in Splunk Search 05-23-2015 0 2	0	2
i have a query that outputs a chart with 3 columns. I want to output another column that has the delta between the column 2 and 3. Query : MSTC>0 run_id=123 OR run_id=456 \| sort 0 MSTC \| rename "Actual Battery Power _B0AP" as Battp \| chart avg(Batt... by shrey12 Explorer in Splunk Search 05-22-2015 0 1	0	1
Need help for Predict command Need your help, We need to get the prediction for each business unit and sub business unit. But the below query givi... by dhavamanis Builder in Splunk Search 05-22-2015 0 1	0	1
Need help formatting query output as needed I have a set of mail logs and I need to generate output that shows daily counts of specific from or to addresses. Thi... by dhlevine New Member in Splunk Search 05-22-2015 0 2	0	2
Legend in Pie Chart Dashboard I made a dashboard which has 2 pie charts and their status codes. How do I include a legend showing what the status c... by skoelpin SplunkTrust in Splunk Search 05-22-2015 0 1	0	1
Tstats sort and get top values Here is my search \| tstats sum(Accounting.Input) as Inp, sum(Accounting.Output) as out from datamodel="Accounting" b... by sushmitha_mj Communicator in Splunk Search 05-22-2015 0 2	0	2
Search using NOT I have a query like this to llist thread from datasummary1 which does'nt exist in datasummary2. (something like this ... by Sriram Communicator in Splunk Search 05-22-2015 0 9	0	9
Passing search result fields into a drilldown search through a drilldown link? Hi, I have a parent dashboard search which display a chart(status) by hostname, module eg: hostname ... by ashwinipatil198 Explorer in Splunk Search 05-22-2015 1 1	1	1
Chart Overlay in 6.0 - Horizontal Information Lines Hi, I would like to create an information line on a chart, as a chart overlay in 6.0.5, I require a red and a yellow,... by markthompson Builder in Splunk Search 05-22-2015 2 1	2	1
Field in field I have following message format. 2013-06-17 15:33:01+0200 appid="myapplication" responsetimems="155" message="Callin... by MicTech Explorer in Splunk Search 05-22-2015 0 5	0	5
iplocation draws blank This doesn't returns anything: \| stats c \| eval ip="107.181.233.178" \| iplocation ip allfields=1 \| table ip, Country,... by gesman Communicator in Splunk Search 05-21-2015 0 3	0	3
Subsearch on results Hi Answers, hopefully someone can help me figure this out. I need to see a list of all results and a distinct count ... by omgwut56k Path Finder in Splunk Search 05-21-2015 0 4	0	4
Why are users automatically getting logged out of Splunk the past few days and any running searches have to be re-run? Since last few days the users that are logged in Splunk get logged out automatically. If any search is kept running i... by shreyasathavale Communicator in Splunk Search 05-21-2015 1 3	1	3
Will splitting our data into separate indexes provide better performance of real-time searches? We are currently running into issues where our indexers become overloaded and cannot process all of the search and in... by campbellj1977 Explorer in Splunk Search 05-21-2015 0 3	0	3