Splunk Search

Community Activity

Anyway to make tags.conf case insensitive? We use tags frequently in our environment. I recently added some new servers with differing case for their host names... by jodros Builder in Splunk Search 06-20-2020 0 6	0	6
Method to copy over the value Hello, is there any way for the ip address to be copied over to the top... The condition is whenever the root's comm... by xnx_1012 Explorer in Splunk Search 06-20-2020 0 3	0	3
Splunk 7 upgrade - "ERROR DispatchThread - Failed to read runtime settings: File :/opt/splunk/var/run/splunk/dispatch/subsearch_***/runtime.csv does not exist" Hi All, We just upgraded to Splunk 7 and a subsearch started auto-finalizing after 9000s timeout. Running this searc... by splunkyouverymu Explorer in Splunk Search 06-20-2020 1 4	1	4
Multiple inputs in dashboard I have multiple inputs(3 INPUTS) in a dashboard, I run a sql in the panels. I want to execute a query if the other tw... by Raging_Rags Engager in Splunk Search 06-20-2020 0 3	0	3
Append results in a single line. \| dbxquery connection="" query="select STOREENT_ID,count() O_C from table1 "\| appendcols[\| dbxquery connection="*"... by Raging_Rags Engager in Splunk Search 06-20-2020 0 3	0	3
Unable to query on multiple extracted fields I've a log like below and I want to extract the fields "country", "currency""{"id":1, "message":"country=US&currency... by sivathemass Engager in Splunk Search 06-20-2020 0 1	0	1
Finding Average of Time Column How do we find the average of a table column filled with time values? by michaelsplunk1 Path Finder in Splunk Search 06-19-2020 0 1	0	1
Table Displaying Lookup and Search Results; Wrapped Columns Hello,I would like to create a table for the past 14 days of events. 13 of the table cells will contain output from a... by genesiusj Builder in Splunk Search 06-19-2020 0 3	0	3
How to exclude from stats Hello,I'm trying to exclude the results that I obtain from this search. Essentially, this yields all bots hitting my ... by chuckeelos New Member in Splunk Search 06-19-2020 0 1	0	1
How to get an RSS feed for the whole community? In answers.splunk.com, there was an rss feed for whenever anyone posted a new question.When someone posts a question,... by efavreau Motivator in Splunk Search 06-19-2020 0 3	0	3
Different results when search is run in web UI then in python script. When I run this search in the Web UI I get the correct results. When it is run in a python script the "count(eval(Re... by tbeason Engager in Splunk Search 06-19-2020 0 3	0	3
Ldapsearch throwing spurious errors. Hello,I have a Search head cluster and an indexer cluster. When I am on one of the searchheads and run this ldapsearc... by ifeldshteyn Communicator in Splunk Search 06-19-2020 0 0	0	0
Email Report Only When No Results Greetings,I have a search string for the event and have been asked to figure out how to create a report that only ema... by vwilson3 Path Finder in Splunk Search 06-19-2020 0 4	0	4
Field not in logs but we need it from csv I am using the below query : index=rxc sourcetype="rxcapp" type=ERROR [\| inputlookup abc.csv \| rename id as i_d \| fi... by ksharma7 Path Finder in Splunk Search 06-19-2020 0 2	0	2
How to check application running status hosted in Linux server using application log Hello Team, Here is my requirement: I have to check the application running status, which is installed in Linux serve... by mnarmada Path Finder in Splunk Search 06-19-2020 0 4	0	4
Field extract I want to extract the client ip and user "DELTA\Kelly" from the windows event messagesMessage=The following client pe... by keyu921 Explorer in Splunk Search 06-18-2020 0 1	0	1
Viewing all Indexes and sourcetypes in use. We are in the midst of a migration from one server to the next, and need to see if there are queries running against ... by Abraham1234 Loves-to-Learn Lots in Splunk Search 06-18-2020 0 3	0	3
Improve App & Search Performance I'm currently looking at increasing the performance of our Splunk Search Head. I'm running a number of Apps at the re... by TitanAE2020 Loves-to-Learn in Splunk Search 06-18-2020 0 1	0	1
Can I read the dmc_forwarder_assets lookup using the rest api? Can I read the dmc_forwarder_assets lookup using the rest api of the Monitoring Console? by danielbb Motivator in Splunk Search 06-18-2020 0 0	0	0
Finding common strings in a field brought back from search I'm trying to run a search and find the most common strings in a field of the results. It seems like there is a way b... by __bryon Observer in Splunk Search 06-18-2020 0 9	0	9
How can I correlate a variable number of fields with a similar prefix in a single event? We have a web api that orchestrates calls to other services. So for example we may have an incoming call to `/api`, w... by kalldrexx Observer in Splunk Search 06-18-2020 0 1	0	1
How to use the stored results in variables after stats command using by clause in calculation ? Hi, I'm using the below query in order retrieve average and standard deviation for the respective days (mon,tue,wed,... by vinaybandaru Path Finder in Splunk Search 06-18-2020 0 3	0	3
max successfull VPN users per day by monthly. Initially I have query with successful VPN user logings.(usernames) Now I want to get the max(high) nubmber of users ... by riqbal47010 Path Finder in Splunk Search 06-18-2020 0 1	0	1
Does the Mobile Access Server work with the Mobile Device Management (MDM) solution Microsoft Intune? Mobile Access Server is an application typically accessed from the internet. Therefore, some customers require a MDM ... by ehorjus Explorer in Splunk Search 06-18-2020 0 3	0	3
How to search the top messages in the last 24 hours and count those same messages in the same 24 hour period from the previous week? I'm trying to create a search for the top 15 messages that occurred in the last 24 hours. Then take those top 15 mess... by kcanrah New Member in Splunk Search 06-18-2020 0 5	0	5