Splunk Search

Community Activity

How to search the peak CPU usage and duration of that peak usage for each machine from Windows performance logs? I am getting performance logs from several Windows servers. The value field shows the % of usage for each machine. I ... by rwiley Explorer in Splunk Search 01-26-2020 0 8	0	8
Need to combine nearest _time values for each field Hi Splunker, In my application when there is action, 3 events will be created for it. Eg : _time ... by SathyaNarayanan Path Finder in Splunk Search 01-26-2020 0 3	0	3
need help with rex to extract responseMessage as ==> Declined - Do not Honor so that I can stats count by rspCode and respMesage with detail 2019-12-03 17:31:27.633 INFO ,aabbe872bbf3f848,aabbe872bbf3f848,false] 15 --- [nio-8080-exec-5] c.u.f.p.api.impl.: In... by harishnpandey Explorer in Splunk Search 01-25-2020 0 3	0	3
How to regex over nested jsons with foreach and rex? Hi everyone, Currently I have a log record in the form of nested jsons, not arrays of jsons: {"root_key": {"subkey_... by neuromantik Engager in Splunk Search 01-25-2020 0 1	0	1
Static field value I have created a dashboard to show windows server uptime. Now I would like to add application name of all servers. F... by bsaujla131984 Path Finder in Splunk Search 01-24-2020 0 4	0	4
How do I make my lookup file public? I'm a Splunk n00b, apologies. How do I make my csv lookup file public so other people can use it??? Editing my Job S... by hollybross1219 Path Finder in Splunk Search 01-24-2020 0 3	0	3
Event timestamp behavior is inconsistent when DATETIME_CONFIG = NONE I want to use a file's modification timestamp as the Splunk timestamp for the events it contains. Accordingly, I've s... by sylim_splunk Splunk Employee in Splunk Search 01-24-2020 1 1	1	1
Calculate percent of missing events I swear I have done this before but I want to use the existence of events from a log file to calculate if the service... by Cuyose Builder in Splunk Search 01-24-2020 0 1	0	1
Mapping by Zip code When I am trying to map by Zipcode I get the stats table to genereate but when switching to geostats it takes 4 resu... by ryankrieger Loves-to-Learn in Splunk Search 01-24-2020 0 8	0	8
How can I define column-color when I do not know in advance what my fields are named? I want to query data collected from running containers, indexed into a data set. The particular results will be prese... by Jaff New Member in Splunk Search 01-24-2020 0 3	0	3
Need help visualizing a search which contains a main query, then a small subset of the main query and putting this all in one visualization Basically, I am trying to visualize all events which match up to the initial query, and provide a bar graph output. T... by z432u4kvfkcg Engager in Splunk Search 01-24-2020 0 7	0	7
Chunked=True SmartStreamingCommand to support large data sets - requires change to internals.py - remove flush at maxresultrows To support large dataset (1mil + rows) using custom commands and Chunked=true I implemented SmartStreamingCommand pe... by onthebay Path Finder in Splunk Search 01-24-2020 0 3	0	3
URLDECODE I would like to know how can I use the urldecorder command for all URLs in the reqHdr.referer field (Akamai) index=a... by erlindemberg Explorer in Splunk Search 01-24-2020 0 11	0	11
Append Search Performance Slow Hi, I'm trying to create a search that returns certain hosts that are NOT found returning data. I know I can do this ... by chrisboy68 Contributor in Splunk Search 01-24-2020 1 2	1	2
How to pass Appname in query ? Hi, can appname be passed in the query ? I have 2 different app names in splunk and need to pass them in queries App... by msrama5 Explorer in Splunk Search 01-24-2020 0 2	0	2
What's the difference between using "By" and having another field in top command? Don't have a specific example, but would like to understand for my education. For example, I don't understand what C... by hollybross1219 Path Finder in Splunk Search 01-24-2020 0 3	0	3
How to compare list of hosts? I have a large amount of hostnames and IP's (approx. 1850) I need to validate are sending logs to Splunk. I do not be... by vlape_SCWX New Member in Splunk Search 01-24-2020 0 6	0	6
Subsearch or ‘let stats sort it out’? Hey folks. Help! I have two indexes. Index 1 - Contains an authoritative list of AWSconfig accounts it.index 2 - C... by RocIngersol Explorer in Splunk Search 01-24-2020 0 5	0	5
Is there a reference for the syntax of configuration files? The pages in [this section][1] give some pointers about what syntax is allowed, but I cannot find a full reference. I... by nohyei6v Explorer in Splunk Search 01-24-2020 0 2	0	2
append command is not working Hi All, Updated I have 70,535 records in first query and 201776 from second query. when i am append these two searc... by harishalipaka Motivator in Splunk Search 01-24-2020 0 4	0	4
コマンド制限について「sort 0」や「join max=0」などコマンドに件数制限がかかっているケースが見受けられれます。上記は制限解除のオプションは用意されていますが、制限を解除することでの影響はあるのでしょうか。制限以上件数に見合う速度や負荷以... by nishida_tada_ca Loves-to-Learn Lots in Splunk Search 01-24-2020 0 1	0	1
Setting earliest and latest. I want to search data from "earliest" to "earliest" + 5 minutes later. How should I implement it ? I tried the fol... by shikata74 New Member in Splunk Search 01-24-2020 0 13	0	13
How to trigger alert only when the result is changed? I want to trigger an alert only when the results are changed. The frequency of my alert is 15 mins, So the next Alert... by keskash Loves-to-Learn in Splunk Search 01-24-2020 0 1	0	1
help on where command which is malformed hi I have an issue in the where command below (The expression is malformed) What is the problem please?? \| eval PRO... by jip31 Motivator in Splunk Search 01-23-2020 0 1	0	1
Show a message even when no events are returned using Sttats with by clause Hi All, I have situation where I want to show a message instead of empty cell. I am using below query to get some d... by rkmaggidi New Member in Splunk Search 01-23-2020 0 2	0	2