Splunk Search

Community Activity

Chart overlay is invisbile Hi, I am using line chart overlay on column chart. but It's not displaying overlay line chart, even though data poi... by AKG1_old1 Builder in Splunk Search 09-02-2019 1 5	1	5
Alert time range not saving correctly; get "Your changes to the time range of this alert will not be saved. " when I attempt to fix it I've set up a very simple alert to fire when my indexing volume exceeds a specific value. index=_internal source=*li... by di2esysadmin Path Finder in Splunk Search 09-02-2019 4 8	4	8
How to display 86400 points on timechart? Hi, I need your helps. I am trying to display 86400 points with timechart. I did applied configuration below. The ver... by brandy81 Path Finder in Splunk Search 09-01-2019 0 16	0	16
How to round the average in stats statement? Here is what i have index="docker" (env = region1 OR env = region2) "job-time" \|eval time_in_mins = ('time')/(1000... by balash1979 Path Finder in Splunk Search 09-01-2019 0 7	0	7
Remove Text after Numbers in Field How can I remove everything after the zeroes in a field with results like this '000000000' Thanks! by chrisschum Path Finder in Splunk Search 09-01-2019 0 5	0	5
Transactions not showing any data after clicking on "show lines" Hey guys, My transaction gives me the option to "show 10 lines", but when clicked on it nothing shows up and the labe... by pkol Explorer in Splunk Search 09-01-2019 0 1	0	1
user!=xxx user!=yyy VS. NOT user IN (xxx yyy) Hi, when building queries I'm all for their clean look and readability - of course performance always matters more. ... by fedejko Explorer in Splunk Search 09-01-2019 0 1	0	1
How to parse a log file with multiple types of records? I have a log file with multiple line patterns. Something like this: [name] [surname] [address] ... by vtsco New Member in Splunk Search 09-01-2019 0 1	0	1
Using the Splunk Tutorial data, how to find the number of hits and top 20 category and top 20 domain? How to find the number of hits and top 20 category and top 20 domain using the tutorial data on Splunk. Please help, ... by rishabh4 New Member in Splunk Search 08-31-2019 0 4	0	4
Regex error, exceeded configured match_limit Hi Splunkers, I'm running Splunk 7.0.1 and having some problems to parse variables using regex in a search. This is... by prsepulv Explorer in Splunk Search 08-31-2019 0 2	0	2
How to improve the performance of our Splunk search query? We have indexed access logs into index="mpsapp", When we do a stats search or filter any records for these data for a... by dhavamanis Builder in Splunk Search 08-31-2019 2 7	2	7
How to get results for how often each alarm type occurs in percentage I have uploaded alarm logs into Splunk. I would like to be able to show results for how often each alarm type occurs ... by marenastrauss New Member in Splunk Search 08-30-2019 0 3	0	3
How to compare single value field from index 1 with that of multivalue field in index 2 and display the results? Hi, I am trying to correlate two security indexes and display the output. Index 1 has a CVE_Id and index 2 also has... by Navanitha Path Finder in Splunk Search 08-30-2019 0 3	0	3
How to create field from one to many fields of a certain format? Here is my data (linux_audit): type=EXECVE msg=audit(1567181894.530:909): argc=2 a0="cat" a1="audit.log" type=EXECVE... by ejwade Contributor in Splunk Search 08-30-2019 0 2	0	2
timechart not using correct _time timeframe I have a dashboard with 2 columns of panels, each containing the same 5 panels, 5 on the left and 5 on the right. th... by weidertc Contributor in Splunk Search 08-30-2019 0 9	0	9
To identify unused/unsearches data in Splunk Is there a way to find unused/unsearched data in Splunk? Example: In an Index=XYZ we are ingesting 100GB of data on ... by rahulhoney New Member in Splunk Search 08-30-2019 0 3	0	3
How to detect trending or spike for given timespan How to detect trending or spike for given timespan. So we column of users and activities column. How do we detect ... by duenguyen Explorer in Splunk Search 08-30-2019 0 1	0	1
Trying to search a Workday index for direct deposit change requests from unknown addressess We use Workday as our payroll system and have a Workday add-on with logs in an index called dmc_workday_index. I want... by blmclaws Engager in Splunk Search 08-30-2019 0 2	0	2
How to join two searches, consider first and not second (subsearch)? I tried to use the NOT command to get the events from the first search but not in the second (subsearch) but in the r... by rodrigobortolon New Member in Splunk Search 08-30-2019 0 7	0	7
How to access a property on the last element in an array,accessing last element in json array? Hi I have json events that have an array with objects and i want to extract a property from it Some pseudo search co... by marcovdlinden New Member in Splunk Search 08-30-2019 0 2	0	2
Why is search not executing? Hello I am using Splunk to analyze results from Qualys Vulnerability Scanning I have noticed that one of my searche... by mmor New Member in Splunk Search 08-30-2019 0 3	0	3
How to round down time to nearest 10th minute Hi, I want to convert my now() time to round down to nearest 10th minute. For e.g. If now returns 10:02 I want it t... by sammyshinde14 New Member in Splunk Search 08-30-2019 0 3	0	3
splunk command to repair buckets hi, can i please know the splunk command to rebuild the buckets in a directory . I used splunk rebuild directory_nam... by kteng2024 Path Finder in Splunk Search 08-30-2019 0 4	0	4
Check if IP address from search not in list of IP address I am still learning Splunk and trying to understand best way to find if IP addresses in my search results are NOT in ... by ashishmgupta Explorer in Splunk Search 08-29-2019 0 2	0	2
How to access the raw data collected by Splunk? I want to access the log files from Web servers, Micro Services, by protocol (HTTP, SOAP, FTP, etc.) or Databases. Wh... by sc2019 New Member in Splunk Search 08-29-2019 0 2	0	2