Splunk Search

Community Activity

Cannot update .js files on local server I have updated the .js files of a local host of an app. I have been unable to update using url commands when trying t... by lachlanmcgrath New Member in Splunk Search 04-23-2020 0 5	0	5
Splunk data for a particular time span Hi , I am looking to get a data in the format from tomcat access logs for particular time span. by aditya22 New Member in Splunk Search 04-23-2020 0 2	0	2
How to disable a search for a dashboard panel? I have a dashboard (really a form) with few panels each doing a search and export and several input fields each (all ... by avilandau Path Finder in Splunk Search 04-23-2020 1 7	1	7
rex not working as expected What is wrong with this rex?? This is the rex that the system gives me when I do a extract fields option. index=x ..... by HattrickNZ Motivator in Splunk Search 04-23-2020 0 3	0	3
how to enable Annotation based on token value. Hello, I am using event Annotation on timechart. but I want to activate only in case of specific services/ based o... by AKG1_old1 Builder in Splunk Search 04-23-2020 1 2	1	2
How to get timestamps from first and last transaction events to calculate the time difference in hours? I have multiple events in a server that I would like to get the timestamp from the very first transaction and the tim... by felipesodre Path Finder in Splunk Search 04-23-2020 0 5	0	5
How to create a conditional rex statement on file extension or directory? I'm trying to figure out how to do a conditional rex statement that looks at a windows file path and determines if th... by mjones414 Contributor in Splunk Search 04-23-2020 0 3	0	3
How to calculate the difference between the first and the last row for each page in search results? My search produced the following CSV: Date Page_1 Page_2 Page_3 Page_4 Page_5 Page_6.... by reverse Contributor in Splunk Search 04-23-2020 0 5	0	5
nested eval with stats count not working while using Data Model Below is my query: \|datamodel testing search \|search wells.API="enroll" \|stats count(eval(wells.resp_code="S" OR (we... by nagar57 Communicator in Splunk Search 04-23-2020 0 4	0	4
Splunk chart for time interval HI , I am trying to get the number of hits of users for very 3 minutes . And am able to generate the chart with bel... by aditya22 New Member in Splunk Search 04-23-2020 0 5	0	5
How to extract the username from a raw event? Here is the raw event log: Apr 22 08:04:46 10.14.10.66 1 2020-04-22T08:04:47-07:00 connect.abcd.com PulseSecure: - -... by vasuparvatham New Member in Splunk Search 04-23-2020 0 5	0	5
how to send Splunk email alert to inbox not junk mailbox? Recently, i have created an splunk search alert. It had successfully triggered the alert, while the alert mail sent t... by pinkyyu Explorer in Splunk Search 04-23-2020 0 4	0	4
extract content of brackets how can i extract content of first bracket if it is string? e.g: 2020-04-21 23:59:59,093 INFO xxx.xxx-zz-00000 [pro... by indeed_2000 Motivator in Splunk Search 04-23-2020 0 3	0	3
Efficiently counting the occurrences of a delimited substring across events. In my event data, I have a field called "blocks", the content of that field is a comma separated list of blocks. Fo... by hugh_lacey New Member in Splunk Search 04-23-2020 0 2	0	2
How to display two queries output as single output. Hi Team, How to display two queries output as single output. Please help. index = * sourcetype=test earliest=@d late... by thomas6m New Member in Splunk Search 04-23-2020 0 1	0	1
How to exclude invoices with ID = 350 Hello, I'm training on splunk, I need help. I have an invoice list, extracted via this query : sourcetype="*_inv... by vita86 Explorer in Splunk Search 04-23-2020 0 5	0	5
strptime(x,y) usage hi all, I confused about strptime. My goal search is this.(this is a sample. I have month field. I get token in my da... by pipipipi Path Finder in Splunk Search 04-23-2020 0 3	0	3
Eval Condition Search Hi, Am looking for conditional eval search for my results, could you please help me with correct query. index=myind... by kpavan Path Finder in Splunk Search 04-23-2020 0 2	0	2
Splunk SPL join Hi Experts, Please suggest how to join two Splunk index output. I have two indexes in first index i want to fetch on... by arun_kant_sharm Path Finder in Splunk Search 04-22-2020 0 1	0	1
Why do wildcards in the middle of a string produce inconsistent results? The studying material says that - -- Wildcards in the middle of a string produce inconsistent results. Why is it? by ddrillic Ultra Champion in Splunk Search 04-22-2020 0 6	0	6
List of newly created indexes in splunk in the last 30 days I need a list of indexes that are newly created in the last 30 days and need the creation date of those indexes. I h... by sumaitasiddiky New Member in Splunk Search 04-22-2020 0 4	0	4
Combine 2 values of multi value fields Hi, I am looking to merge 2 values of a multi valued fields and put it in a table. For example my current query is ex... by Shashank_87 Explorer in Splunk Search 04-22-2020 0 1	0	1
How to create an alert that adds the previous results to an hourly running total for a 24-hour period Hi, I need to monitor "host failure events" per hour over last 24 hours for a group of 50 hosts. When the total rea... by Glasses Builder in Splunk Search 04-22-2020 0 7	0	7
use latest as part of where clause Right now I have a search set up that compares the previous hours events to the same hour 1 week ago: foo \| timechar... by jasonmadesometh Explorer in Splunk Search 04-22-2020 0 5	0	5
How to create timechart overlap of counts of 2 different dates I want to create a visualization that combines the 2 queries like below and give a overlapping timechart of counts Q... by nytins Engager in Splunk Search 04-22-2020 0 1	0	1