Splunk Search

Community Activity

Comma separated number in sum function going negative in the following situation: ... \| stats sum(SumofCoreSecs) as total \| eval Total = tostring(total, "commas") \| table ... by mjones414 Contributor in Splunk Search 08-04-2014 0 3	0	3
How to match start and end dates with search? I have the following result from as search and would like help matching the start and end dates. These are two separa... by sndegwa Explorer in Splunk Search 08-04-2014 0 8	0	8
MS SQL Server Perfmon multiple Install instances I am trying to create generic MSSQL for data collection. While installing SQL you are able to use the DEFAULT_INSTAN... by bmacias84 Champion in Splunk Search 08-04-2014 0 2	0	2
Using 2 lookup tables in one search? Hi, trying to use two lookup tables in one search. Is this possible? Basically I have a list of email domains in one... by bcusick Communicator in Splunk Search 08-04-2014 0 3	0	3
How to show the alert results in a perl script Hello I have an alert scheduled to run every 5 mins with custom conditions. What I need to do is to use these search... by theouhuios Motivator in Splunk Search 08-04-2014 1 7	1	7
How to group data by time from csv? Hi, I have a csv with two columns, where 1st column is of datetime format : "%d-%b-%Y %H:%M:%S" i.e. 01-Jan-2014 ... by harshal_chakran Builder in Splunk Search 08-04-2014 0 6	0	6
manual inputs.conf issues I am having trouble with manual inputs.conf. I have been able to successfully setup a windows universal forwarder, ... by ulikabbq Path Finder in Splunk Search 08-04-2014 0 6	0	6
Search filter shortcut for "NOT" I know, that I can double click on pretty much anything in the log lines to transfer this term to the search box. But... by paterler Explorer in Splunk Search 08-04-2014 2 5	2	5
How to view percentages in column chart instead of total values without calculating percentages in search? Hi, I'm using a column visualization and the stack mode "100%". It would be nice to have the percentages in the char... by HeinzWaescher Motivator in Splunk Search 08-04-2014 2 3	2	3
How to change time interval on x-axis of a graph to 10 minutes instead of 1 hour using dbquery? Hi All, Is there any way we can change the time interval on x-axis to be 10 mins instead of 1 hour using dbquery. My... by usha_nittala New Member in Splunk Search 08-03-2014 0 3	0	3
How to search for the most common word used? Hi, I've a file which contains a chunk of words. What I wanted to do is to find the top 10 most common word used fro... by NoisyClip Engager in Splunk Search 08-03-2014 0 2	0	2
set of last events for several tags Hello, I am trying to find a way to analyze the last occurrence of different events. The data I work with is structu... by wsw70 Communicator in Splunk Search 08-03-2014 0 9	0	9
How to replace characters in string from field extraction? I have a field extraction as below which extracts a date into a field called my_date EXTRACT-my_date = (?i)StopDate... by pradeepkumarg Influencer in Splunk Search 08-02-2014 0 6	0	6
Regex Error - Regex: PCRE does not support \L, \l, \N{name}, \U, or \u A little help needed. Regex below is throwing the error in title of question... rex field=source "N:\\logs\\(?P<UID>... by snoobzilla Builder in Splunk Search 08-02-2014 0 5	0	5
Fields extraction from access log I would like to list below log in 8 parts and I'm not sure how to do it in with Regex. Please help me {Field 1] ... by pavan_bhumanapa New Member in Splunk Search 08-01-2014 0 1	0	1
How to search top 5 IPs with highest distinct count emails per day? Hello, In each line of the logs ,there is an email, an IP address and a timestamp. I'd like to calculate for each d... by niboucher Explorer in Splunk Search 08-01-2014 1 5	1	5
Searching Max values in a span/range I'm not sure of the proper approach for this query. I have a list of events,one event per day, with fields min,max a... by jlkokko Path Finder in Splunk Search 08-01-2014 0 4	0	4
Pie chart max value Hello Splunkers, I'm working on a pie chart where I am trying to show the total number of assets and then show that s... by lbogle Contributor in Splunk Search 08-01-2014 0 4	0	4
What is the most efficient way to filter search results by list? Hello, I am looking to filter my search results by the 'UniqueID' field so that I only get results from the devices ... by AlexMcDuffMille Communicator in Splunk Search 08-01-2014 0 5	0	5
Timechart with Time (X-) Axis delineated in "T-minutes before now"? I have a timechart that shows latency in minutes for the last 24 hours snapped to the hour. What I would like to see... by woodcock Esteemed Legend in Splunk Search 08-01-2014 0 2	0	2
REGEX pattern to extract the hostname in transforms.conf Please provide the REGEX pattern to extract from host and assign the value to index name, In the below example, we ne... by dhavamanis Builder in Splunk Search 08-01-2014 0 2	0	2
Transforms.conf - Hide values or make them anonymous I have a log that look like this: <ReceivedPermissions>EMULATION = [ EMULATEANOTHERUSER = Deny ], APPLICATION = [ PR... by celsohso Path Finder in Splunk Search 08-01-2014 3 11	3	11
Automatic lookup field not displayed I created the below automatic lookup through Splunk 6 web. app_info host AS host gate AS gate OUTPUTNEW app AS app ... by sc0tt Builder in Splunk Search 08-01-2014 0 3	0	3
Field extraction regex conditional if-then-else Here are 2 events from an apache log. I have a field extraction regex which works unless the content-type contains a... by cdstealer Contributor in Splunk Search 08-01-2014 1 2	1	2
How to add column of last login date/time for Target users? How can I add a column for my below search that displays a result for the Target_Account_Name's last login date/ time... by dmcavoy New Member in Splunk Search 08-01-2014 0 3	0	3