Splunk Search

Community Activity

How to run a search query with a scheduler (crontab) I would like to run a search query every few min, how can i do that.E.g. index = "a" sourcetype = "b"Any help is appr... by YungLee Engager in Splunk Search 05-26-2022 0 1	0	1
How to get a count of active transactions to visualize in timechart? I have a transactions defined by users logging in and out. The Goal is to have a timechart showing count of active t... by giovere Path Finder in Splunk Search 05-26-2022 0 8	0	8
WinEventLog - Appliction and Services Logs- Does anyone have a doc or suggestion? Trying to collect information from a sub folder in a Windows server event log. Specifically in the Applications and S... by ttiller Engager in Splunk Search 05-26-2022 0 5	0	5
Appending lookup fields into search Hi guys, I'm a splunk noob here and I'm going nuts. I know this is an extremely simple search and I can't get it ri... by weetabixsplunk Explorer in Splunk Search 05-26-2022 0 11	0	11
Legacy users have issue with how splunk work, How can I help them use Splunk effectively? HiSome users complain about Splunk search. Before Splunk, they simply open the log file and look for issues. 1-As you... by indeed_2000 Motivator in Splunk Search 05-26-2022 0 4	0	4
How to update the table token results depending on the dynamic token selected on radio and passit to multiple link list? Hi Splunkers, Is it possible to make a dynamic token results based on the radio and multiple link with same token val... by kelz Explorer in Splunk Search 05-25-2022 0 1	0	1
How to create custom command search? Hi guys, I'm using splunk 8.0 I want to create a command that can send some infos to another via web or api. I read t... by lnn2204 Path Finder in Splunk Search 05-25-2022 0 4	0	4
Why am I receiving error on cidrmatch case statement? I am having trouble getting this case statement to work (I receive "Error in eval command"): \| eval match=case(ci... by mistydennis Communicator in Splunk Search 05-25-2022 0 2	0	2
How to split multi-line events at search time? I have events that look like this: [abc] logline1 [def] logline 2 [ghi] logline 3 and I would like to split those ... by aa123s Explorer in Splunk Search 05-25-2022 1 9	1	9
How to find values that are larger than average? Hi, I am trying to create a query to get all values that are larger than the average value. I have a file size field... by splunkuser320 Path Finder in Splunk Search 05-25-2022 0 1	0	1
How to rex extract two last word? Hi how can I extract only last 2 word that exist in className I have log like this: 2022-05-24 16:29:51,918 INFO [APP... by indeed_2000 Motivator in Splunk Search 05-25-2022 0 2	0	2
How to divide the results of a timechart by statement? Hi I have a basic statement, however, I want the answers to be in per second. So I need to provide all the results by... by robertlynch2020 Influencer in Splunk Search 05-25-2022 0 2	0	2
How to write search with multiple BY clause in chart/stat column? Hello,I have a query which returns Planned_Sprint, Total Hours,Actual Hours,Team,Type. Now i want a stacked bar and l... by GOSWAMIGAURAV Explorer in Splunk Search 05-25-2022 0 8	0	8
How would I write the following if statements in Splunk? How would I write the following statements in Splunk?Variables are start_access and last_accessStatementIf 20 days ha... by troy44112 Explorer in Splunk Search 05-25-2022 0 1	0	1
How to search Data correlation solution Hi Community, I have this problem about data correlation, here's the detail. The source file is a test result summary... by cecilia_cheng1 Explorer in Splunk Search 05-25-2022 0 10	0	10
Why do we have the --not exporting configurations globally to system-- message? We have this message popping out - -- Search peer SH name has the following message: Health Check: One or more apps... by danielbb Motivator in Splunk Search 05-25-2022 0 7	0	7
How to Fill Null for fail or exception Hi here is my spl, that show different status: index="myindex" \| rex "status\[(?<status>\w+)"\| stats count(status) by... by indeed_2000 Motivator in Splunk Search 05-25-2022 0 4	0	4
Help comparing outputcsv to inputcsv Hi Team.I have a big ol search that tables a bunch of resource usage data. Now i smack and outputcsv on that badboy, ... by michaelnorup Communicator in Splunk Search 05-24-2022 0 4	0	4
How to create a search to check single user having multiple transaction? Hello Team @SPL, Was working on some of the development activity, got stuck at some level. We have a scenario where I... by splkjk Explorer in Splunk Search 05-24-2022 0 3	0	3
Indexing data rather than the log file containing the data? Is it possible to ship only specific statements from a log file, to be indexed on Splunk rather than indexing the ent... by asamurphy Engager in Splunk Search 05-24-2022 0 2	0	2
How to add Dynamic Json path addition in splunk query Hi Team, I have below JSON structure data.searchByUserName.customerDetails.... data.searchByLastName.customerDetail... by mayurkale471757 Explorer in Splunk Search 05-24-2022 0 1	0	1
Why are eval fields not in table? Hi, Iam trying a simple query where i want to see the percentage of calls with a particular response time in splunk a... by Span Engager in Splunk Search 05-24-2022 0 1	0	1
Is there Documentation on Sumo logic data migration to Splunk? Hello, we are trying to find a way to import sumo logic data into Splunk, existing sumo logic is getting replace by ... by deveshbais New Member in Splunk Search 05-24-2022 0 1	0	1
Lookup Editor: Can I open a specific lookup file from a link in my dashboard? Hello All,I am wanting to create a user-defined "dictionary" for a dashboard and would desire for the user to click o... by actionabledata Path Finder in Splunk Search 05-24-2022 0 1	0	1
How can I index logs to a specific splunk cloud? Hi there, If I have several splunk clouds and a heavy forwarder on-premise, how can I configure the heavy forwarder t... by zcx01067 Explorer in Splunk Search 05-24-2022 0 1	0	1