Splunk Search

Community Activity

How do I pass an input parameter to the search string of another input? I have multiple inputs in the dashboard. The first input is for various environments (hard coded). And the second inp... by srizan Path Finder in Splunk Search 06-03-2020 0 3	0	3
String matches I have an events for each device with multiple checks as below and i want to find the device count which has "Pass" o... by dustintroop Explorer in Splunk Search 06-03-2020 0 3	0	3
How to build an alert based on status code? Hi,i have 10 stats codes from 200 to 210, i need to set up an alert. That alert will look at the last 10 mins, if a s... by vemurisurya Path Finder in Splunk Search 06-03-2020 1 18	1	18
Two overlays, using different time span I have the following timechart, that I display in a column chart, where I use the average value as an overlay. timech... by robingg New Member in Splunk Search 06-03-2020 0 0	0	0
Modifying x-axis format I am trying to re-format the x-axis time to read cleaner. Here is my spl:index="servers" source="/var/log/secure" act... by user789 New Member in Splunk Search 06-03-2020 0 5	0	5
How to identify drops in traffic with bucket and streamstats? Hi guys, I am making a really cool alert to identify drops in traffic. At the moment I am searching over a 10 minute ... by tomjones101 Explorer in Splunk Search 06-03-2020 0 9	0	9
To check logs and the status Hi, I would like to run a search,which gives me the list of host with status' - normal,warning and critical Where Cri... by prettysunshinez Explorer in Splunk Search 06-03-2020 0 2	0	2
Problems with average duration Hi,folks. I trying timechart the average duration but the I'm not get the average values for all spa's of times. The ... by mattheuslima Explorer in Splunk Search 06-02-2020 0 1	0	1
How to extract only one value in a regex search? How do I get only the value that is before the ms? Remember that this log is multiline, each statement is an event. ... by leandrodematosp New Member in Splunk Search 06-02-2020 0 2	0	2
Splunk query issue Dear All, I have two columns Id and relationalId below is the sample of it. Id CorrelationalId 1 2 2 3 ... by santosh11 New Member in Splunk Search 06-02-2020 0 4	0	4
Questions about inclusion and exclusion in relation to field extraction? Hello, I have two questions that are quite confusing to me, can you please explain this to me in layman terms? Field ... by hjainreddy New Member in Splunk Search 06-02-2020 0 2	0	2
Using timechart command isn't working for renaming. Hello,When using timechart without a BY this works. index IN (idx) AND host IN (server) AND source IN (ssl_ac... by genesiusj Builder in Splunk Search 06-02-2020 0 7	0	7
How to Top 10 table from Index-A and match hostnames in index-B? Hi, I am trying to get the top 10 table from Index-A to have corresponding asset information from Index-B as additio... by munisb Explorer in Splunk Search 06-02-2020 0 3	0	3
Is it possible to use wildcards in tag definitions? Hi, is it possible to use a wildcard in the field value pair settings? This way doesn't work for me: field value pair... by HeinzWaescher Motivator in Splunk Search 06-02-2020 2 3	2	3
Unable to get the correct min and max values. I'm a newbie as far as Splunk is concerned with modest regex skills. We have events with the following patterns fall... by maverick2701 Engager in Splunk Search 06-02-2020 1 2	1	2
Can you explain the syntax of the foreach command beyond what's in the Docs? Hi, I'm trying to understand the syntax of foreach, I've had a look at the documentation, but it's just too difficult... by mahbs Path Finder in Splunk Search 06-02-2020 0 8	0	8
Issue with real-time searches for metadata running because of ui-prefs.conf settings. When we launch Splunk Home or Search page, there is this metadata that runs in real-time eating up our resources avai... by simranrathi123 Engager in Splunk Search 06-02-2020 0 0	0	0
Error when trying to add token to limit table results in a search? I recreated the dashboard using the report search and have the search returning all of the table results. I have an i... by 3618475 Engager in Splunk Search 06-02-2020 0 3	0	3
CEF app, Create output group button missing in New CEF Output step during CEF output app creation We are trying to use the CEF App, to create a new Output App to be deployed to our two indexers. However during the "... by cku1 Engager in Splunk Search 06-02-2020 0 1	0	1
multisearch Dear, couple hours i am trying to get: i have one log with no similar way of words in one line... because of that i ... by vmicovic2 Explorer in Splunk Search 06-02-2020 0 17	0	17
How to separate fields and create a pie chart of status count? Hi Splunkers, Please guide us on the requirement below: Input: server, env, req no, input field,status host-1,PROD,16... by thaara Explorer in Splunk Search 06-02-2020 0 6	0	6
How to create a search that compares two log files and displays results in a table format? I have below 2 log files with 4 identical columns and in that, status is different: Status1.log host1,PROD,1666680,mo... by thaara Explorer in Splunk Search 06-02-2020 1 11	1	11
Using fieldformat and rename Hey there, I'm trying to do two things and it looks like I can't. I have some fields with ugly names like "Current_Su... by tyleraball Engager in Splunk Search 06-02-2020 5 9	5	9
Link to search in new tab Hi Team, Link to search on a new tab for raw events when we click on a particular value in the line chart? Is it po... by manish_singh_77 Builder in Splunk Search 06-02-2020 0 8	0	8
Two evals in one query , query not returning results Hi All, I have the following query with 5 source types and 2 evals in one query, common field between source types i... by msrama5 Explorer in Splunk Search 06-02-2020 0 1	0	1