Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
smashedpumpkins

Why regex in search query is now failing, but used to work for months prior?

Today or sometime in the last week a query of mine stopped working. It worked before and should work now. The followi...
by smashedpumpkins Explorer in Splunk Search 11-20-2014
0 3
0
3
edookati

How to write a search to get a table of eventstats perc95 and avg by a certain field?

I need a table which gives me both perc95(response_time) and avg(response_time) by service_name I am using the below ...
by edookati Path Finder in Splunk Search 11-20-2014
1 2
1
2
r2r2

Monitoring logons of domain users (EventCode 4624)

Hello! I have logs from Domain Controller Active Directory in Splunk and try to configure monitoring of user logons ...
by r2r2 Explorer in Splunk Search 11-20-2014
1 8
1
8
hlarimer

Calculations off of results of two stats searches

I have 2 searches: index=av_log sourcetype=sophos_threat_events | dedup ComputerName FullFilePath | stats count by T...
by hlarimer Communicator in Splunk Search 11-19-2014
0 7
0
7
Bhuavana

Timechart dynamic drilldown

Hi, I have a timechart as my first dashboard to display all the exception types over the time and below query is use...
by Bhuavana Explorer in Splunk Search 11-18-2014
0 1
0
1
hlarimer

How to overlay two searches on the same chart in Splunk 6.1 or 6.2?

I have 2 searches and would like to overlay them on the same chart. The first creates a stacked column chart: index...
by hlarimer Communicator in Splunk Search 11-18-2014
1 3
1
3
ateterine

Finding multiple events for same user

Ok, so title might not say exactly what I'm looking for but here is my scenario. a. We have users who received error...
by ateterine Path Finder in Splunk Search 11-18-2014
0 3
0
3
yoho

Building transactions with randomly ordered events

I have a log file with repeating patterns looking like this. Notice there are only 3 distinct field names and pay att...
by yoho Contributor in Splunk Search 11-18-2014
0 6
0
6
brettcave

ordering of fields in a transaction (mvfind bug?)

I am trying to determine the sequence of pageviews that a visitor visits. I have the following query: eventtype="Ana...
by brettcave Builder in Splunk Search 11-18-2014
0 4
0
4
icyfeverr

The Lovely Transaction Command

When using the transaction command, I am getting unexpected results. Search: sourcetype=abc source="/u/spool/zlogs/a...
by icyfeverr Path Finder in Splunk Search 11-18-2014
0 12
0
12
feickertmd

Convert epoch time from drilldown parameter

I have set up a drilldown to jump from a timechart graph to another dashboard. <link> <![CDATA[ ...
by feickertmd Communicator in Splunk Search 11-18-2014
0 3
0
3
diggin

How to pass the counts from two panels into a third panel to get a percentage of the whole and use a speed meter?

I am wanting to add a panel to a dashboard which shows a percentage of total vulnerable hosts to total hosts in the e...
by diggin New Member in Splunk Search 11-18-2014
0 5
0
5
bcarr12

Manipulating fields within a transaction

What would be the best way to go about manipulating fields within a transaction? For example, let's say I have the f...
by bcarr12 Path Finder in Splunk Search 11-18-2014
0 2
0
2
Notinocrunch

Is it possible to extract the name of the day and month from an event date field in the format dd/mm/yyyy?

Assuming all my eventdate fields are in the following format: dd/mm/yyyy i.e 12/06/2014 Is it possible to work with...
by Notinocrunch New Member in Splunk Search 11-18-2014
0 3
0
3
clayton_bell_ag

How to configure Splunk to extract key value pairs for a particular sourcetype with JSON log data?

How do I tell splunk that a particular source_type should have specific extract command parameters applied so as to c...
by clayton_bell_ag Engager in Splunk Search 11-18-2014
1 1
1
1
guilmxm

how can I query against a time range if i have renamed datetime to _time?

Hi, Thanks you so much for this very great application that opens Splunk to many information system reality! This Ap...
by guilmxm Influencer in Splunk Search 11-18-2014
0 2
0
2
cwl

earliest=0 is not overriding the time range selected in dropdown menu

When I did a search like "index=_internal earliest=0" + "Last 15 minutes" in drop down menu I could not see below mes...
by cwl Contributor in Splunk Search 11-18-2014
0 2
0
2
mohitab

How to search for the first record for each group of data for a field?

Data: I have CSV data indexed containing sensory information. The structure is timestamp, Flight_ID, lon, lat, alt. ...
by mohitab Path Finder in Splunk Search 11-18-2014
0 5
0
5
cruschke_bde

How to search for hosts that are not forwarding data of a specific source or sourcetype?

I am running a lot of Splunkforwarders and use source=system sourcetype=foo for some custom Solaris OS metrics. All t...
by cruschke_bde Explorer in Splunk Search 11-18-2014
1 4
1
4
nishan_perera

How to count each tupple values by day of the week

I got a query like this, %asa deny OR denied | eval dest_port = if(isnum(dest_port),dest_port,00)| eval denyTuppleVa...
by nishan_perera Explorer in Splunk Search 11-17-2014
0 6
0
6
david_rundle_fi

How to automatically extract domain from URL through conf files at search-time?

I have CSV inputs that include a URL field. I would like to extract the top level domain from that URL, and perform...
by david_rundle_fi Explorer in Splunk Search 11-17-2014
1 3
1
3
mcronkrite

DB Connect: Why am I not able to connect to DB2 database and getting error "JDBC driver for database type DB2 is not installed"?

Encountered the following error while trying to save: In handler 'databases': JDBC driver (com.ibm.db2.jcc.DB2Driver...
by mcronkrite Splunk Employee Splunk Employee in Splunk Search 11-17-2014
0 1
0
1
vrmerlin

Why is the limit I set for jschart resultTruncationLimit not being applied?

I have a jschart in advanced XML that is plotting data from a dbquery; I expect it to get several thousand datapoints...
by vrmerlin New Member in Splunk Search 11-17-2014
0 4
0
4
jrodriguezap

How to prevent field names with periods (.) OR hyphens (-) from getting replaced with underscores (_)?

Hi I have the following logs: 10/01/2014 00:00:00 -0500, client_host="172.24.1.41", client_id=db01, report_id=RAS04,...
by jrodriguezap Contributor in Splunk Search 11-17-2014
0 9
0
9
billconnell

Is there a repository for queries folks use?

I am hoping there is a place were sample queries that stored? I'm new to splunk and hope there is a repository of q...
by billconnell Engager in Splunk Search 11-17-2014
2 3
2
3
Top Labels
Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...