Splunk Search

Community Activity

Help with script to make Splunk status up automatically if Splunk is down Please help me with the script below. This script is not running in Unix and Windows machine. Please help tweak and ... by rajaguru2790 Explorer in Splunk Search 11-03-2019 1 2	1	2
Splunk to verify output of the Splunk query I have created a splunk alert which runs after every one hour to check for certain pattern in last one hour. Most of ... by bsaujla131984 Path Finder in Splunk Search 11-02-2019 0 1	0	1
Tutorial seems inaccurate or my instance of Splunk Cloud is busted Specifically at this stage of the tutorial "https://docs.splunk.com/Documentation/SplunkCloud/8.0.0/SearchTutorial/Ab... by whitehaven Explorer in Splunk Search 11-02-2019 1 1	1	1
How to calculate two months of deviation with count index=proxy earliest=-1month@month latest=@month\|fields host month \| eval month=strftime(_time, "%m") \| stats count b... by igschloessl Explorer in Splunk Search 11-02-2019 0 7	0	7
Need help displaying null results in a table Hi, With the search below, I would like to be able to display in my table the host which have also "No SPLUNK Agent"... by jip31 Motivator in Splunk Search 11-02-2019 0 9	0	9
My Splunk Light license expired, so I switched to free, but why did I immediately get license violations and search was disabled? All, I had Splunk Light installed (version 6.4.0). Tried to log in, but noticed that the license had expired, so I s... by staze Path Finder in Splunk Search 11-02-2019 0 5	0	5
Transaction command doesn't work for all events when the 'endswith' event is seen next day. I am trying to run a transaction command for all the patrons where startswith=(Action=CardIn) endswith=(Action=CardOu... by aishwaryabh New Member in Splunk Search 11-02-2019 0 3	0	3
How to efficiently query all indexes for a list of IPs BACKGROUND: My Disaster Recovery team is compiling a list of all IPs endpoints, and has requested that I query all of... by asearson Explorer in Splunk Search 11-01-2019 0 4	0	4
How to generate timechart for eventstats per minute for multisearch index=something \| rex field=_raw ".\&WST=(?P<MMMId>[^&]+)." \| search Googly \| dedup MMMId \| bucket_... by rithick New Member in Splunk Search 11-01-2019 0 2	0	2
How can i disable the search that opens when i click on chart?! Hi I created a chart panel in a dashboard. The panel is based on an sql query. Everytime i click on the chart it sel... by alkhaldi Engager in Splunk Search 11-01-2019 0 4	0	4
Updating a lookup table with new row ? Hello All, I have an existing lookup file newlookupfile.csv. I'm trying to update the lookupfile with new row. I di... by iamsplunker31 Path Finder in Splunk Search 11-01-2019 0 6	0	6
Can you help me write a regular expression Need to extract Insurer , User , Dealer name 2019-11-01 06:54:20 W3SVC4 AUSYD11AS90 172.29.5.28 GET /Areas/Framewor... by rashi83 Path Finder in Splunk Search 11-01-2019 0 7	0	7
How to set up alerts with multiple fields with different thresholds Trying to setup up an alert with multiple fields extracted through Field. For example A,B, C etc and each having a d... by abhishekbhasin Explorer in Splunk Search 11-01-2019 1 12	1	12
How to improve performance of stats sum Hi I want to improve my search for better search performance, please find the attachment enclosed.![alt text by bapun18 Communicator in Splunk Search 11-01-2019 0 8	0	8
検索結果の指定フィールド列で別ソースタイプを検索し結果を右列に追加する方法についてお世話になります。サーチ文の書き方についてご教示ください。まず、以下の検索結果を出しています。・サーチ文「soucetype="test1" \| table host, user, state」・サーチ結果－－－－－－... by mozukun3 New Member in Splunk Search 11-01-2019 0 5	0	5
Problem extracting fields from auto extracted field Hello, I have events in the following format: 20/08/19 16:34:17 login1 command RunAsUsers="web,tomcat,embed" wit... by ktn01 Path Finder in Splunk Search 11-01-2019 0 2	0	2
How to append data to a lookup without overwriting anything AND also not adding duplicate data entries into the lookup? Hi guys, I was wondering if anyone knew of a method of appending data to a lookup, but not overwriting anything in ... by Robbie1194 Communicator in Splunk Search 11-01-2019 0 2	0	2
Splunk to verify splunk query results I have created an alert which basically checks the occurrence in particular keyword in two log files , however there ... by bsaujla131984 Path Finder in Splunk Search 11-01-2019 0 1	0	1
How to join two searches on a common field where the value of the left search matches all values of the right search? I need to join two searches on a common field in which I want a value of the left search matches all the values of t... by ahuseid New Member in Splunk Search 11-01-2019 0 6	0	6
How to continue with last known value on a simple timechart Simple search to look at the battery status on my UPS: UPS_BATT \| timechart max(UPS_BATT) span=1m But the UPS_BATT... by ajtalbot1 Engager in Splunk Search 11-01-2019 0 4	0	4
Searching string with patterns Hi, I would want to search for all results for this specific string pattern 'record has not been created for id XXXXX... by akki2428 New Member in Splunk Search 11-01-2019 0 9	0	9
After upgrade from 7.0.x to 7.2.7, search time with multiple subsearch increase from several seconds to more than 1 hr Have a search with many subsearch and append command like below pattern. \| makeresults \| eval abcd="acded" \| appe... by daniel_splunk Splunk Employee in Splunk Search 11-01-2019 0 1	0	1
si versus collect Hi, Is there any benefit to using the old method when using summary indexing? Basically I would like to the know dif... by mansel_scheffel Explorer in Splunk Search 11-01-2019 0 6	0	6
Sum to have a value as zero in case not found Hi All, I have some search criteria followed by stats as: Search ns=app1 Error \| stats sum(eval(AcctNo="'1000394'")... by kdulhan Explorer in Splunk Search 10-31-2019 1 8	1	8
How to display details in table I need to display a table with 4 columns and date is like this: Colum A Col B Col C Col D x ... by rashi83 Path Finder in Splunk Search 10-31-2019 0 2	0	2