Splunk Search

Community Activity

Example of a bubble chart Is there an example of the correct xml syntax to use to define a bubble chart in a dashboard? I cannot find one in th... by raoul Path Finder in Splunk Search 11-25-2019 3 3	3	3
How to graph multiple series graphs with null values using both gaps and connect Splunk 7.2.3 I have been trying to use timechart to graph synthetic transaction application response times. The ca... by david_keough Explorer in Splunk Search 11-25-2019 0 2	0	2
Strptime bug with fields with spaces or periods I came across this bug today when using strptime. Strptime does not work on field names that have spaces or periods. ... by jlucas4 Explorer in Splunk Search 11-25-2019 0 6	0	6
How would I create a search for event that happens but exclude the first 45 minutes? I am new to Splunk and trying to create an alert for a message however I keep getting false positives on the message ... by mrkala New Member in Splunk Search 11-25-2019 0 3	0	3
How to convert milliseconds to minutes or seconds base search \| spath "body.totalTime" \| search "body.totalTime"=426287 How to convert milliseconds to minutes or sec... by monipinni Explorer in Splunk Search 11-25-2019 0 6	0	6
How to extract a field out of JSON, and then use to get a count Hi. I am trying to get a count on the first field within my logs, of the requestBody json input. Below is an example ... by chktlm New Member in Splunk Search 11-25-2019 0 2	0	2
How to join two searches and table it? Hello, I'm trying to join two searches, and i need to use host in the other one, to be able to table it by DesktopGr... by janitka Explorer in Splunk Search 11-25-2019 0 9	0	9
help for displaying events that have collected in one index but never in other hi I tried to find host from my csv file which have connected in one specific index but never in others I have done t... by jip31 Motivator in Splunk Search 11-25-2019 0 2	0	2
metric index and mcollect , mstats issue pls help I have used mcollect command to populate my metric index later i tried to pull up that data via mstats command but fo... by anem Explorer in Splunk Search 11-25-2019 0 0	0	0
Dashboard PDF email failing A dashboard will export to PDF correctly, but anytime we try to send it via email (be it a test email or scheduled) n... by elumpkin_caisgr Engager in Splunk Search 11-25-2019 0 8	0	8
Passing tokens dynamically to search query I have a drop down which I populate with the query and editing field values index="myindex"\|stats values(Category) as... by k_harini Communicator in Splunk Search 11-24-2019 0 6	0	6
Extracting fields for a specific text hi All, Am trying to extract the fields for only the text when it contains start or end as my test_status field that... by datamine Loves-to-Learn Lots in Splunk Search 11-24-2019 0 2	0	2
How to display column results in descending order? It shows the result in the below format uri 208 400 ... .... ... I want ... by prannoy93singh Engager in Splunk Search 11-24-2019 0 5	0	5
help on eval condition Hi I use the search below which works fine but I have an issue with my eval command why i can retrieve the "No SPLUNK... by jip31 Motivator in Splunk Search 11-24-2019 1 9	1	9
Is there a difference in efficiency between this sort and reverse? Delta cites an example using sort - _time. Is there a difference in efficiency between this sort and reverse? by yuanliu SplunkTrust in Splunk Search 11-23-2019 1 3	1	3
Event count from 2 dates How do we get event count from 2 dates. Something like this - 2/11/18 3/11/18 4/1... by ataunk Explorer in Splunk Search 11-23-2019 1 8	1	8
Why do some events display date fields and other don't? Hi, I noticed that one of my custom feeds has date fields (date_hour, date_mday...), but other ones, which are nativ... by a212830 Champion in Splunk Search 11-23-2019 2 4	2	4
One Value from one field should compare every other value from other field and return the 3rd field value. Query: index=data_core sourcetype=data_log is_scheduled=1 \| rex max_match=0 field=search "savedsearch\s{0,}\"{1}(?(... by nomadichunters Explorer in Splunk Search 11-23-2019 0 5	0	5
How to query a lookup table based on time HI All I have a lookup table which is populated by a scheduled search once everyday. The lookup table looks like bel... by nirmalya2006 Path Finder in Splunk Search 11-23-2019 0 7	0	7
How to separate a search by groups of hosts? Hello! If I run this query, I'll get a graph of the # of queries over time aggregated for all of my hosts. host=* \|... by meleschi Explorer in Splunk Search 11-22-2019 0 4	0	4
Why is CSV data with multiple values in one cell parsing incorrectly? I'm trying to upload a CSV file into Splunk, however, it doesn't seem to parse it correctly for the multiple values f... by kimle Engager in Splunk Search 11-22-2019 0 3	0	3
How to extract substring in a string for eval case? Hi All, I have a field "CATEGORY3," with strings for example:- Log 1.2 Bundle With 12 INC Log 1.2 Bundle With 3 INC... by Chandras11 Communicator in Splunk Search 11-22-2019 0 5	0	5
Field extraction receiving error message Any time I try using the Extract Field option in an event list the next page returns this error: Error in 'rex' comm... by atatistcheff Explorer in Splunk Search 11-22-2019 0 7	0	7
Help with regex for field extraction Hi, I have a field value as below. These are all fixed positions all across. /COMPANY LOCATIONS/PA/PHILADELPHIA/AB... by mbasharat Builder in Splunk Search 11-22-2019 0 4	0	4
Escape a period in transforms regex to drop log? I'm collecting DNS logs and I'm trying to drop all logs with sub.domain.com as the query. In my transforms.conf I ha... by reswob4 Builder in Splunk Search 11-22-2019 0 3	0	3