Splunk Search

Community Activity

Tabulate list of exception in logs Hi Splunkers, My logs are like below with same set of logs for different WAS ear's.. earFile=abc.ear ................. by thaara Explorer in Splunk Search 05-27-2020 0 4	0	4
How to find the User ID that was used for the original splunk installation I want to upgrade a system. How do I find the ID for the user that installed it? Is it somewhere in the system? by jlongworth Explorer in Splunk Search 05-27-2020 0 1	0	1
Can't we use NOT in searchmatch function Hi Splunkers! I've a doubt regarding searchmatch function, when I tried excluding some string using NOT boolean insi... by sarahnazzar Explorer in Splunk Search 05-27-2020 0 1	0	1
Calculate disk space growth over time I am providing summarized reports on disk space over several hosts using this query: index=os sourcetype=df host=hos... by jackpal Path Finder in Splunk Search 05-27-2020 0 0	0	0
calculate min and max time of event hello im trying to calculate min and max time of event (the time when the event started and when its ended) when im a... by sarit_s Communicator in Splunk Search 05-27-2020 0 7	0	7
How to rex field in unstructured flat file events I am breaking every line in flat file and trying to fetch the field using rex, this is how my events looks like: 98... by jhantuSplunk New Member in Splunk Search 05-27-2020 0 3	0	3
extract json files fields I have json logs that I want to extract.I did All items related to field extraction in props.conf file. my log {"expo... by khanlarloo Explorer in Splunk Search 05-26-2020 0 9	0	9
count problem I have following dataemail\|country\|licenseaa\|HK\|365E1bb\|US\|365E2cc\|HK\|non-officedd\|HK\|non-officeee\|UK\|non-office I wo... by keyu921 Explorer in Splunk Search 05-26-2020 0 3	0	3
Unable to get the matching files using join command. We used the inner join command to get the matching files. However, the same command does not work with the current fo... by chinmay25 Path Finder in Splunk Search 05-26-2020 0 6	0	6
How to search buckets to find one index of many, and limit how many to unfreeze? After searching the answered questions, I do not see my question addressed. If I have several indexes that are frozen... by stevenshea New Member in Splunk Search 05-26-2020 0 3	0	3
Timechart - How to add trendlines based on column total Hi, I am new to splunk and trying to create a timeline with several individual calculated trend lines, but I simply c... by hethu Path Finder in Splunk Search 05-26-2020 0 3	0	3
How to split event data? Hi! In the Event column, I get the following: 26/05/2020 11:24:51 > Invoice Val Increase on History Report process c... by nwoolley Engager in Splunk Search 05-26-2020 0 2	0	2
The maximum number of concurrent historical scheduled searches on this instance has been reached I often see the below entries in the scheduler.log[1] which are getting skipped. We have 15 alerts set in which 2 run... by pdantuuri0411 Explorer in Splunk Search 05-26-2020 1 3	1	3
split transactions in exported excel Hello, I have a list of strings that are more meaningful when grouped and viewed together by time. This is great and... by user93 Communicator in Splunk Search 05-26-2020 0 2	0	2
How to create an alert threshold for value by count (current search gives error "Application.errorMessage)? I have a search using timechart count by [value] and I'd like to set up an alert for when any of the values reach mo... by trever Loves-to-Learn in Splunk Search 05-26-2020 0 0	0	0
How to convert time format? I have a column duration with this time format: 01:20:00.000000. How do I convert time format from 01:20:00.000000 ... by ashanka Explorer in Splunk Search 05-26-2020 0 3	0	3
What is the best way to get 100ish Greeen/Yellow/Red circles as tightly as possible in a visualization? I am doing it with Pie Chart and Trellis but that starts paginating at 20 and there is no way to expand that (JIRAs =... by woodcock Esteemed Legend in Splunk Search 05-26-2020 0 11	0	11
Why is my time wrongly mapped whenever I tabulate the results from transactions? When I run this SPL, the transaction commands gives the correct output index=* source=/var/log/secure* (TERM(sudo) ... by xnx_1012 Explorer in Splunk Search 05-26-2020 0 1	0	1
How to search for multiple error codes, one code at a time? I have 400+ error codes and want to search them. The issue is my search for multiple codes for 5 months freezes (th... by gnshah12345 Observer in Splunk Search 05-26-2020 0 2	0	2
How to get evaluated result for every item in list I have the following working Query for a single product AHSDFKSD1 ns=a* DECISION IN (ELIGIBLE, INELIGIBLE) PRODUCT I... by angersleek Path Finder in Splunk Search 05-26-2020 0 2	0	2
Calculating the average duration of an entire group Good morning Splunkers, I trust everyone is remaining safe. Ultimately, I'm attempting to obtain the overage connecti... by yepyepyayyooo New Member in Splunk Search 05-26-2020 0 2	0	2
Subsearch multi queries Hi Team I have requirement to get api's triggered by per custkey in a single query query 1: /token host="test-host-... by srinivreddy New Member in Splunk Search 05-26-2020 0 4	0	4
Queries Template for McAfee ePO Hello everyone, We just integrate Splunk with McAfee ePO via DB Connect. We're trying to get some informations from... by raphaalmeida New Member in Splunk Search 05-26-2020 0 6	0	6
Why aren't alerts triggering in my search on Splunk 8? I created an alert w/ a basic search: index=_internal \| stats count Cron Expression: /1 * * * Al... by guo_dc Explorer in Splunk Search 05-26-2020 0 3	0	3
inputlookup csv I setup testing.csv lookup as followinghost,location123,HK234,US345,UK I would like to basic search if host matched i... by keyu921 Explorer in Splunk Search 05-25-2020 0 3	0	3