Splunk Search

Community Activity

Splunk service on indexer server gets killed by OOM killer when it should not. We operates splunk platform of 10+ SHC members & indexer cluster with 100+, version 7.2.9. From time to time we see ... by sylim_splunk Splunk Employee in Splunk Search 12-17-2019 2 2	2	2
How to properly display trend comparison of values over Hour by Day for multiple days? The following query will display a simple chart for trend comparison. This works well if you keep the days you're com... by ten_yard_fight Path Finder in Splunk Search 12-17-2019 0 2	0	2
Access Field for Value in Drop Down loaded by an input lookup file Hi, I have prepared an input lookup file which has the following contents: OperationCode,Meaning,Direction 1001,Cre... by mhornste Path Finder in Splunk Search 12-17-2019 0 6	0	6
how to exclude a holiday from search splunk using lookup csv Hi everyone , I would like to exclude a holiday list from my search using a lookup.csv . how to do ? thanks all of y... by ruben993 New Member in Splunk Search 12-17-2019 0 1	0	1
How to set specific options for certain fields in a chart I am trying to get one of the fields in my timechart to not connect points on null values, whilst still allowing the ... by jakethomso Explorer in Splunk Search 12-17-2019 0 6	0	6
filed extraction on specific path Hi I want to create "field extract" on all logs that exist in below address. /opt/logs/file1.log /opt/logs/file2.log... by indeed_2000 Motivator in Splunk Search 12-17-2019 0 11	0	11
help on complex dynamic pie chart Hello I use the search below in order to display datas in a pie chart As you can see in my eval command, I agregate ... by jip31 Motivator in Splunk Search 12-17-2019 0 5	0	5
LookUp Files Issues I have a lookup file called PriceFactot.csv. I have defined this lookup table and then in query I use \| inputlookup ... by zacksoft Contributor in Splunk Search 12-17-2019 0 5	0	5
Is there any way to decode an encoded html values saved in a log file? I want decode all the encoded html values present in an log file while indexing itself. Is there any way to do it ? by Boopalan New Member in Splunk Search 12-17-2019 0 8	0	8
how to reduce SQL connections from splunk to oracle DB for good performance? we are building various dashboards for monitoring purpose. Most of the dashboards need the data from database, which ... by sagar0907 Engager in Splunk Search 12-16-2019 0 4	0	4
Splunk table and regex filter I have following data in "log" field, date1 name : message one date2 name : message two date3 name : message one date... by mnjmht18 New Member in Splunk Search 12-16-2019 0 2	0	2
Combining results in a search I have a search that graphs the number of events based on host name. It even colour codes into Windows and Linux hos... by balcv Contributor in Splunk Search 12-16-2019 0 3	0	3
Range Marker I am trying to achieve the same visualization as documented over here: https://wiki.splunk.com/Community:Search_Repor... by Stevelim Communicator in Splunk Search 12-16-2019 0 3	0	3
Is there an Equivalent of splParser? I am trying to parse Splunk queries, is there an equivalent of splParser ? splParser outputs parse trees of SPL queri... by rosh_dsa New Member in Splunk Search 12-16-2019 0 1	0	1
How to configure props.conf and transforms.conf to route data matching a certain regex to a specific index and drop all other events? Hi, I'm running a test setup with some live syslog data and I want to do the following on my forwarder: 1) Route al... by Sloefke Path Finder in Splunk Search 12-16-2019 1 5	1	5
network device Inventory check with splunk Hi I would like to know what is best way to get network inventory on splunk? Just started some search and it appear... by hanyeolk Observer in Splunk Search 12-16-2019 0 1	0	1
US state abbreviations to full state names - Choropleth map I have a field [Driver State] which contains all the US states in abbreviated format (MD = Maryland). I want to gener... by corky42 Engager in Splunk Search 12-16-2019 0 3	0	3
Search Event from ID in a lookup Hello everybody ! probably this is a very easy thing to do, however I'm struggling here as my experience in splunk is... by Oaknoy New Member in Splunk Search 12-16-2019 0 3	0	3
Remove highlight from table most left column Hi, In my dashboard I have a table with 5 columns. Once I hover with my mouse on one of the cells, 2 cells are highl... by shayhibah Path Finder in Splunk Search 12-16-2019 0 2	0	2
Displaying results for events in same index but having different data format We had a report for which the input CSV data format was 'value-only', but the format was modified to 'key-value' pair... by swarjs Explorer in Splunk Search 12-16-2019 1 2	1	2
Why do we get a "Failed to create a bundles setup with server name GUID" message? We get a message such as - *[indexer name] Failed to create a bundles setup with server name GUID : Using peer's loca... by ddrillic Ultra Champion in Splunk Search 12-16-2019 0 5	0	5
Why is base search only showing several hours of events instead of 24 hours? I have a dashboard where I have used base search in each panel. Within the dashboard, I have 40 different panels and ... by Snigdha95 New Member in Splunk Search 12-16-2019 0 2	0	2
Is a lookup definition necessary? I've uploaded a lookup csv file, and was immediately able to use it from a inputlookup and lookup (referencing the fi... by Junie Loves-to-Learn in Splunk Search 12-16-2019 0 1	0	1
How do I find top 10 ports used by attackers? I'm not using Regex. There are over 370,00 events, and the payload of the data reads like this: payload: {"attackerP... by jpsnlyle New Member in Splunk Search 12-15-2019 0 4	0	4
How to show all current day transactions whose amount is higher than the previous month average Hi all, I have a bank transaction XML log with DATE, CC, AMOUNT. I need to show all transactions of the current day ... by dorismustovic New Member in Splunk Search 12-15-2019 0 5	0	5