Splunk Search

Community Activity

How to track memory/cpu usage per search execution (on Search Head/Indexer)? Hi I am looking for a way to track memory/cpu usage per search execution on search head and indexer. I thought I co... by melonman Motivator in Splunk Search 07-19-2020 1 4	1	4
Extract a Particular value from a already extracted field Hi Team, I have extracted a field which contains some response. From that response in that field I need only certain ... by sen8sen Engager in Splunk Search 07-19-2020 0 6	0	6
Search and display results of a single field among two sourcetypes Hello, I have a sourcetype called "signons" and it has a field called "Session_ID" and "System_Account"In my search, ... by aaroncherian Path Finder in Splunk Search 07-18-2020 0 4	0	4
Source IP not plotting on cluster map I'm trying to plot source IP Addresses (src_ip) from web events on a cluster map but it does not seem to work. It on... by dcraven02 New Member in Splunk Search 07-18-2020 0 2	0	2
rex I'm trying to extract this line from my linux logs in splunk using rex but I'm not sure how to extract itTCP 191.174... by rkris Explorer in Splunk Search 07-18-2020 0 2	0	2
using eval results of a search with my base search I'm currently trying to use the results of my eval fields in my base search For example, I would like for my search t... by payton_tayvion Path Finder in Splunk Search 07-18-2020 0 3	0	3
Alert when certain event occurs outside of time period of other event I have an event that logs the following . . startTime: 2020-07-17T17:48:46Z endTime: 2020-07-17T17:52:27Z . . I ca... by tbrown Path Finder in Splunk Search 07-17-2020 0 1	0	1
Optimizing Query with Join to with out join I have the below query which seemingly working okay. I was looking things that I can use to optimize the below query ... by durgave Engager in Splunk Search 07-17-2020 0 3	0	3
Parse nested json array without direct key-value mapping Hi, I have a json that looks like the following - {<!-- -->"id": "123","uri": "http://xyz.com/api","method": "POST","headers"... by rashmeet Explorer in Splunk Search 07-17-2020 0 5	0	5
foreach variable and search I have variables that I am trying to use to get in a search with a foreach loop...for example.. I have customers: a,... by raychamber Explorer in Splunk Search 07-17-2020 1 13	1	13
Alert for specific PC I have an alert for excessive login failures configured to fire off when a PC reports greater than normal login attem... by CaptainThoadar Engager in Splunk Search 07-17-2020 0 1	0	1
Search results might be incomplete: the search process on the peer After spending two days reading almost all forum posts related to this error message, including translating questions... by splunkcol Builder in Splunk Search 07-17-2020 0 1	0	1
Adding Values from Different Graphs Together Hello,Still rather new at Splunk, I have 4 hosts that I need to add the values of 3 different graphs I obtained from ... by andresvelazq Explorer in Splunk Search 07-17-2020 0 5	0	5
Change the size of panels Hi All,need help to get the width adjusted for the panel. out of the 3 all are in equal width. Can i make one smalle... by jerinvarghese Communicator in Splunk Search 07-17-2020 0 1	0	1
Office 365 Plugin: How to create alerts for attempted logins that also exclude specific user ID's and domains? Hello All, I have the Office 365 plugin, and looking to refine some alerts I have setup. The alert is to notify me of... by ryanbarnes306 Explorer in Splunk Search 07-17-2020 0 6	0	6
'user' field within default install of Splunk 8.0.2 free I am going to assume this is a simple question but having a severe brain fart - I have installed Splunk free in the p... by Simple_Search Path Finder in Splunk Search 07-17-2020 0 1	0	1
Automatic extraction of fields not happening for json data input to Splunk through udp I have a process to send json format data to Splunk on an udp port. In settings I have mentioned sourcetype = _json. ... by sanchitguptaiit Explorer in Splunk Search 07-17-2020 3 6	3	6
i want to exclude some field in the before indexing because i do not want to ingest fields into Splunk anymore. Hear is the below fields we want to exclude fields valuesaction_flags ... by mahendra559 New Member in Splunk Search 07-16-2020 0 1	0	1
How to update a lookup table with certain fields but leave rest of the columns with its custom values Hi There,I have a lookup table that generate one lookup table yet it has some custom column that do not have values b... by justinchen Explorer in Splunk Search 07-16-2020 0 3	0	3
Alpha based y axis Hello I'm new to splunk and was wondering if there is a way where the values on the y axis can be non numeric.I'm try... by koreanfather Observer in Splunk Search 07-16-2020 0 3	0	3
XML with namespace Parsing I have a filed with xml as below, can some onehelp me how can parse out ErrorDescription"<?xml version="1.0" encoding... by durgave Engager in Splunk Search 07-16-2020 0 1	0	1
Syntax highlighting for Splunk code [in editor on Answers] Why do you not support syntax highlighting for SPL in the Code Sample widget here on Answers? You do it in the main ... by pm771 Communicator in Splunk Search 07-16-2020 1 1	1	1
How to pass indexes from a macro to another search Hello experts,I am using makeresults command to create a macro like below:\| `get_indexes_by_args(1)`And the macro wil... by thinhdinh Path Finder in Splunk Search 07-16-2020 0 6	0	6
Multiple uses of the same lookup table - how to simplify? I have a stream of events that have names and each name belongs to a certain category.For this example, it will be tw... by pm771 Communicator in Splunk Search 07-16-2020 0 1	0	1
Splunk Search Heads in infinite loop of refreshing We had one search head have to be rebuilt because of JAVA issues. We had another search head, due to a network switc... by dkrichards16 Path Finder in Splunk Search 07-16-2020 0 0	0	0