Splunk Search

Community Activity

What are the best practice searches for virtualization monitoring? I'd like to implement some basic searches for virtualization monitoring without getting caught up in the differences ... by sloshburch Ultra Champion in Splunk Search 01-29-2020 0 3	0	3
What are the best event-data inputs for basic server & OS monitoring? I want to implement the basic key searches defined in What are the best practice searches for Server & OS monitoring.... by sloshburch Ultra Champion in Splunk Search 01-29-2020 0 2	0	2
What are the best practice searches for application lifecycle & release analytics? I'd like to implement some basic searches for application lifecycle and release analytics without getting caught up i... by sloshburch Ultra Champion in Splunk Search 01-29-2020 0 6	0	6
Difference between two string date fields Hi, i searched but i don't found any solution. I wont the difference between two fields that are date in string forma... by perryd Engager in Splunk Search 01-29-2020 0 11	0	11
Limit search to top 10 by specific fields Hi everyone We're using Splunk in a SIEM environment and I have a search that returns all the bad event signatures w... by tiny3001 Path Finder in Splunk Search 01-29-2020 1 9	1	9
How to pass key & value array into macro? Just checking if there is a smart way of passing "key" and "value" (ideally key-value array) into a macro Ideally i'... by koshyk Super Champion in Splunk Search 01-29-2020 0 1	0	1
Input Lookup: How can I Edit a Lookup Field with 'eval' command or 'RegEx' to narrow down my search results? Apologies if the title of the question is a bit vague! I have search that is creating a table based on events that c... by driva Path Finder in Splunk Search 01-29-2020 0 6	0	6
How to include dropdown tokens with pivots in dashboards How do I include dropdown tokens with pivots in my dashboards? ich have pivot. query \|bla Club.......a nd a dropdown... by david1395 New Member in Splunk Search 01-29-2020 0 1	0	1
Can we add new indexer through UI and what happens to the data when indexers are removed 1.What are the steps to add new indexer through the WEB UI? . what are steps to be taken to remove indexers from clu... by vrmandadi Builder in Splunk Search 01-29-2020 0 4	0	4
If an IP is put into a table, how would I get the username from a seperate log? Hi, I know my question is a little bland, so I'll elaborate here: If I have a user with IP 10.7.102.36 going to www.... by henryessinghigh New Member in Splunk Search 01-29-2020 0 2	0	2
Kvstore lookup file location on the server Hi Guys, I have created a kvstore lookup file with collection name as kvstore_collection and corresponding lookup fi... by kranthimutyala Path Finder in Splunk Search 01-29-2020 0 2	0	2
Example of how to measure SSL transactions per second? Does anyone have examples of how to use Splunk to measure SSL transactions per second? by sloshburch Ultra Champion in Splunk Search 01-29-2020 0 1	0	1
Example of how to measure network traffic round trip time? Does anyone have examples of how to use Splunk to measure network traffic round trip time? by sloshburch Ultra Champion in Splunk Search 01-29-2020 0 1	0	1
Example of how to measure database query response time? Does anyone have examples of how to use Splunk to measure database query response time? by sloshburch Ultra Champion in Splunk Search 01-29-2020 0 1	0	1
How to add addcoltotals functionality to show average instead of the total? I have a table of technologies (WindowsOS, LinuxOS, OracleDB, JBossWeb, etc) and associated security compliance ratin... by tgrogan_dc New Member in Splunk Search 01-29-2020 0 3	0	3
regex to remove first occuring numeric values with coma I want to remove the numeric value and comma which is occurring on the first line beginning 1,Woolworths appoints n... by DataOrg Builder in Splunk Search 01-29-2020 0 6	0	6
No cookie support detected. Check your browser configuration. Does anyone have any insight into this issue? We are very new to Splunk and running IE9, in non-compatibility mode, a... by bozza Engager in Splunk Search 01-29-2020 0 8	0	8
How to extract these fields? Hi, let's say we have events with _raw data like this: <XY>aaa,bbbb,priority,high<XY>aaa,bbb,login,failed<XY>aaa,bb... by HeinzWaescher Motivator in Splunk Search 01-29-2020 0 3	0	3
Select data from the most recent file logged this month over multiple hosts I have a clustered application running in active/passive configuration. We run a report at the beginning of every m... by splunk-support0 Explorer in Splunk Search 01-29-2020 0 8	0	8
How to group by in nested JSON? Hi all, i have a json file like this. { "JOB_NUM" : "1", "JOB_TIME" : "1/1/2020", "JOB_STATUS" : "PASS", "JOB_DU... by anooshac Communicator in Splunk Search 01-29-2020 0 18	0	18
search to show me all my splunk enterprise devices Hi Is there a search in splunk which I can run from search head which will show me all splunk enterprise devices? by net1993 Path Finder in Splunk Search 01-29-2020 0 4	0	4
predict future_timespan value as a calculated variable Hi, I am trying to use the predict function to predict hourly values through to the end of the current day. To do thi... by danan5 Path Finder in Splunk Search 01-28-2020 0 1	0	1
How to find difference between events for a transaction? Hello Everyone, I want to find duration between the events in a transaction. Let's say I have 100 events In a transac... by marisstella Explorer in Splunk Search 01-28-2020 0 1	0	1
Custom expand table row visulization Hi Team, I have a simple table that I want to show in a dashboard - user search history. Columns "_time" and "search... by tomasmoser Contributor in Splunk Search 01-28-2020 0 1	0	1
Alternate to dedup Hi, I need to remove duplicates in my results, is there anyway to do this other than using dedup. I used stats, eve... by rupesh26 Path Finder in Splunk Search 01-28-2020 2 10	2	10