Splunk Search

Community Activity

How to search the difference between the start and end time for each command from a script log and timechart the durations? How do I search the difference between the start and end timestamps for each command in my script log and timechart t... by vasavigangana Explorer in Splunk Search 03-25-2015 0 2	0	2
Whats the best way to improve the performance of my search? I have a report, which is based on a DataModel, and I'm interested in how best to optimize/tune it, and improve perfo... by greenwayb Explorer in Splunk Search 03-25-2015 0 3	0	3
loadjob command has issues with colons in my saved search name? I've got a saved search name with colons, like this: savedsearch_name="Mysearch: has a colon" The loadjob command d... by the_wolverine Champion in Splunk Search 03-25-2015 0 4	0	4
How to find the sum of several transactions, including a zero result? Now, what troubles most is how to find the sum of several transactions, including a zero result. I want to run the f... by dovelsh12223621 Path Finder in Splunk Search 03-25-2015 0 12	0	12
How to create a data summary panel containing the host and the date of its last update? I want to make a panel that contains the host and the date of the last update, such as shown in the link. I used this... by nidet Explorer in Splunk Search 03-25-2015 0 4	0	4
Extracting fields from Microsoft Internet Authentication Service (IAS) logs? I'm trying to figure out a strategy to perform field extractions from Microsoft Internet Authentication Service (IAS)... by mfrost8 Builder in Splunk Search 03-25-2015 0 7	0	7
How to write the regex in transforms.conf to filter and only index logs with "login time"? Hello, i need to implement a regex to filter contents of logs of vmware infrastructure. The only logs I want to rece... by skenkz New Member in Splunk Search 03-25-2015 0 1	0	1
How to use eval on JSON data I'm going to suggest this is a bug, and I believe I've a workaround. I wonder if I've missed something. My JSON is ... by janoonan Explorer in Splunk Search 03-25-2015 0 2	0	2
How to split a field value and create multiple new fields at search-time? I have a search which returns drive usage of Windows servers. The information comes up like below in the field: C: 5... by anoopambli Communicator in Splunk Search 03-25-2015 0 5	0	5
How to remove a blank visualization table from my report and only keep the statistics table? I have this following search which gives me data, but i get a visualization table which is blank. I do not want this ... by mehtas Explorer in Splunk Search 03-25-2015 0 6	0	6
How to fix metadata error "5000000 entries have been received...and this search will not return metadata information for anymore entries."? Hi, I have increased the maxcount value to 5000000, but still I am getting the error: "Metadata results may be inc... by splunksurekha Path Finder in Splunk Search 03-25-2015 0 3	0	3
When running a search like "blablabla \| table ", is there a way to determine empty fields and only table fields with values? When using a search like this: blablabla \| table is there a way to determine empty fields and remove them so that ... by stephane_cyrill Builder in Splunk Search 03-25-2015 1 2	1	2
Why can't I find savedsearches over REST with permissions set to "App" ? We want to run a couple analyses over all our savedsearches in a particular app. The permissions of these savedsearch... by fvo Explorer in Splunk Search 03-25-2015 0 2	0	2
How to create a dashboard that runs searches against a CSV of devices in our subnet to display new/unauthorized devices? Hi, Sorry I am sure this is a noob question, but I am struggling after searching to find the best way to obtain the ... by crossap Path Finder in Splunk Search 03-25-2015 0 1	0	1
How to extract multiple values in a single event into one multivalue field? This is something that I feel should be relatively simple, but no matter what I try I can't get the results I want. B... by Ossian Explorer in Splunk Search 03-25-2015 3 4	3	4
How to edit my search to display "VPN UP" or "VPN DOWN" based on the result of a field value? Hy, I'm searching to monitor my VPN. I found a way to search the latest values of my field "vpntype" in the last 2 m... by jd Explorer in Splunk Search 03-25-2015 2 5	2	5
How to compare a dynamic list of possible names in a drop-down to the token value for searching events? Background I have a dashboard with a drop-down box that is populated with the names of queues which i get from an ind... by pacrip Path Finder in Splunk Search 03-25-2015 0 4	0	4
Why does the Splunk Web Search app on our search head only display "waiting for data" and nothing can be searched? Why does the Splunk Web Search app on our search head only display "waiting for data" and nothing can be searched? by sapact New Member in Splunk Search 03-25-2015 0 4	0	4
How to search which forwarder in my environment is sending the most data? Morning Guys Over the last week or so, my license usage has gone up by around 10 gig. I have looked in our Deploymen... by AaronMoorcroft Communicator in Splunk Search 03-25-2015 0 3	0	3
is there a command that can do the same work of span in a search like ...\|timechart spans=600s count ? Hi Folks, I'm unable to pass a variable to span (e.i span=duration s) where duration is an integer. Is there a comma... by stephane_cyrill Builder in Splunk Search 03-25-2015 0 5	0	5
How to find the difference between two timestamp string fields in two different indexes? Hi, In my Splunk instance there are two indexes which I need to use for arithmetic operations on the timestamp field... by varunnair26 Explorer in Splunk Search 03-24-2015 0 10	0	10
How to calculate the percentage of results within a range against the total number of events? All I want to do like this: - The calculation of each page the bandwidth consumed. - Calculate the total bandwidth ... by dovelsh12223621 Path Finder in Splunk Search 03-24-2015 2 2	2	2
Why is my rex search not extracting the expected value? I have a string like this: dps.qsz=0,dps.lck=false,dps.dis=false,dps.mx=2,dps.ac=0 Now, I want to extract dps.mx= ... by chsanth New Member in Splunk Search 03-24-2015 0 2	0	2
Field parsing works for admin, not for general user I am using DB Connect to insert some data into an index. Query 'A' inserts data in mkv format, and sourcetype 'ItimPr... by wegscd Contributor in Splunk Search 03-24-2015 0 5	0	5
Help with RegEX Hello to all.. I am attempting (partially succesfully so far) to extract some text. The problem I am having is that ... by ahogbin Communicator in Splunk Search 03-24-2015 0 16	0	16

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Splunk Search

How to search the difference between the start and end time for each command from a script log and timechart the durations?

Whats the best way to improve the performance of my search?

loadjob command has issues with colons in my saved search name?

How to find the sum of several transactions, including a zero result?

How to create a data summary panel containing the host and the date of its last update?

Extracting fields from Microsoft Internet Authentication Service (IAS) logs?

How to write the regex in transforms.conf to filter and only index logs with "login time"?

How to use eval on JSON data

How to split a field value and create multiple new fields at search-time?

How to remove a blank visualization table from my report and only keep the statistics table?

How to fix metadata error "5000000 entries have been received...and this search will not return metadata information for anymore entries."?

When running a search like "blablabla | table *", is there a way to determine empty fields and only table fields with values?

Why can't I find savedsearches over REST with permissions set to "App" ?

How to create a dashboard that runs searches against a CSV of devices in our subnet to display new/unauthorized devices?

How to extract multiple values in a single event into one multivalue field?

How to edit my search to display "VPN UP" or "VPN DOWN" based on the result of a field value?

How to compare a dynamic list of possible names in a drop-down to the token value for searching events?

Why does the Splunk Web Search app on our search head only display "waiting for data" and nothing can be searched?

How to search which forwarder in my environment is sending the most data?

is there a command that can do the same work of span in a search like ...|timechart spans=600s count ?

How to find the difference between two timestamp string fields in two different indexes?

How to calculate the percentage of results within a range against the total number of events?

Why is my rex search not extracting the expected value?

Field parsing works for admin, not for general user

Help with RegEX

Announcing Modern Navigation: A New Era of Splunk User Experience

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Datamodel summaries not visible

How to get an extract of threshold values set in s...

how to query OCI Audit logs from Datasafe

SPLUNK ES 8.2.3 Drill Down not appearing

Using Splunk to Analyze Web Traffic & Machine-Gene...

Splunk Search

Join the Conversation