Splunk Search

Community Activity

How to rex field in unstructured flat file events I am breaking every line in flat file and trying to fetch the field using rex, this is how my events looks like: 98... by jhantuSplunk New Member in Splunk Search 05-27-2020 0 3	0	3
extract json files fields I have json logs that I want to extract.I did All items related to field extraction in props.conf file. my log {"expo... by khanlarloo Explorer in Splunk Search 05-26-2020 0 9	0	9
count problem I have following dataemail\|country\|licenseaa\|HK\|365E1bb\|US\|365E2cc\|HK\|non-officedd\|HK\|non-officeee\|UK\|non-office I wo... by keyu921 Explorer in Splunk Search 05-26-2020 0 3	0	3
Unable to get the matching files using join command. We used the inner join command to get the matching files. However, the same command does not work with the current fo... by chinmay25 Path Finder in Splunk Search 05-26-2020 0 6	0	6
How to search buckets to find one index of many, and limit how many to unfreeze? After searching the answered questions, I do not see my question addressed. If I have several indexes that are frozen... by stevenshea New Member in Splunk Search 05-26-2020 0 3	0	3
Timechart - How to add trendlines based on column total Hi, I am new to splunk and trying to create a timeline with several individual calculated trend lines, but I simply c... by hethu Path Finder in Splunk Search 05-26-2020 0 3	0	3
How to split event data? Hi! In the Event column, I get the following: 26/05/2020 11:24:51 > Invoice Val Increase on History Report process c... by nwoolley Engager in Splunk Search 05-26-2020 0 2	0	2
The maximum number of concurrent historical scheduled searches on this instance has been reached I often see the below entries in the scheduler.log[1] which are getting skipped. We have 15 alerts set in which 2 run... by pdantuuri0411 Explorer in Splunk Search 05-26-2020 1 3	1	3
split transactions in exported excel Hello, I have a list of strings that are more meaningful when grouped and viewed together by time. This is great and... by user93 Communicator in Splunk Search 05-26-2020 0 2	0	2
How to create an alert threshold for value by count (current search gives error "Application.errorMessage)? I have a search using timechart count by [value] and I'd like to set up an alert for when any of the values reach mo... by trever Loves-to-Learn in Splunk Search 05-26-2020 0 0	0	0
How to convert time format? I have a column duration with this time format: 01:20:00.000000. How do I convert time format from 01:20:00.000000 ... by ashanka Explorer in Splunk Search 05-26-2020 0 3	0	3
What is the best way to get 100ish Greeen/Yellow/Red circles as tightly as possible in a visualization? I am doing it with Pie Chart and Trellis but that starts paginating at 20 and there is no way to expand that (JIRAs =... by woodcock Esteemed Legend in Splunk Search 05-26-2020 0 11	0	11
Why is my time wrongly mapped whenever I tabulate the results from transactions? When I run this SPL, the transaction commands gives the correct output index=* source=/var/log/secure* (TERM(sudo) ... by xnx_1012 Explorer in Splunk Search 05-26-2020 0 1	0	1
How to search for multiple error codes, one code at a time? I have 400+ error codes and want to search them. The issue is my search for multiple codes for 5 months freezes (th... by gnshah12345 Observer in Splunk Search 05-26-2020 0 2	0	2
How to get evaluated result for every item in list I have the following working Query for a single product AHSDFKSD1 ns=a* DECISION IN (ELIGIBLE, INELIGIBLE) PRODUCT I... by angersleek Path Finder in Splunk Search 05-26-2020 0 2	0	2
Calculating the average duration of an entire group Good morning Splunkers, I trust everyone is remaining safe. Ultimately, I'm attempting to obtain the overage connecti... by yepyepyayyooo New Member in Splunk Search 05-26-2020 0 2	0	2
Subsearch multi queries Hi Team I have requirement to get api's triggered by per custkey in a single query query 1: /token host="test-host-... by srinivreddy New Member in Splunk Search 05-26-2020 0 4	0	4
Queries Template for McAfee ePO Hello everyone, We just integrate Splunk with McAfee ePO via DB Connect. We're trying to get some informations from... by raphaalmeida New Member in Splunk Search 05-26-2020 0 6	0	6
Why aren't alerts triggering in my search on Splunk 8? I created an alert w/ a basic search: index=_internal \| stats count Cron Expression: /1 * * * Al... by guo_dc Explorer in Splunk Search 05-26-2020 0 3	0	3
inputlookup csv I setup testing.csv lookup as followinghost,location123,HK234,US345,UK I would like to basic search if host matched i... by keyu921 Explorer in Splunk Search 05-25-2020 0 3	0	3
How to configure Chrome as a search engine for Splunk queries? Hi there, I couldn't find this question already on here. Hopefully it's a simple one. I use Splunk regularly in my ... by oxnard Engager in Splunk Search 05-25-2020 6 6	6	6
How to represent fluctuating values? Hi all, I have this search: \|table a b date \|eval c=a-b \|stats sum() as by date date a b c 2019-01 5 3 2 2019-02... by pipipipi Path Finder in Splunk Search 05-25-2020 0 1	0	1
CSV lookup only updating 10 entries in the same day. II am using this lookup for bot status. I am using the "submit" button to save the status info. (disconnected or con... by hrs2019 Path Finder in Splunk Search 05-25-2020 0 5	0	5
Rename command What does \|rename field* AS * do. How to rename the fields when there are more no.of fields. Thanks by prettysunshinez Explorer in Splunk Search 05-24-2020 0 1	0	1
How to create "for cycle" routine to generate panels/rows from a search using Splunk XML? Hi. I would like to know if there is a simple way, via Splunk XML, to create a "for cycle" like routine, to generate ... by verbal_666 Builder in Splunk Search 05-24-2020 0 6	0	6