Splunk Search

Community Activity

Find how many times source type stopped sending data with in a month? Have to find a source type how many times it is not sending data to index within a month or some period of time Than... by Reddi694325 Path Finder in Splunk Search 08-20-2019 0 1	0	1
get process time and group by status Hello everyone I'm using this query `\|eval Status = case (eventId="endProcess" ,"Completed" ,eventId="error","Term... by hazemfarajallah Explorer in Splunk Search 08-19-2019 0 6	0	6
How do I get a list of users who can log into splunk? All, Is there an Api call or search I can run to get a list of users who can log into Splunk? bonus points if we ca... by daniel333 Builder in Splunk Search 08-19-2019 0 1	0	1
Error in 'rex' command: Invalid argument: ' ' -- How do I fix this issue? Hi, I have a daily search that suddenly stopped working (upgraded from 6.7 to 7.1 before it stopped working, I believ... by russell120 Communicator in Splunk Search 08-19-2019 0 6	0	6
How to get duration for a transaction with multiple start and end points? Hi, I'm looking to get a duration for a transaction that has multiple pairs of StartsWith and EndsWith conditions. ... by amunag439 Explorer in Splunk Search 08-19-2019 0 1	0	1
subsearch to combine multiple queries and sum up example log data project_name=abc category=xyz job_id=1 stage_begin=compile time=2019-08-16 15:00:00 project_name=ab... by vanakkam New Member in Splunk Search 08-19-2019 0 10	0	10
How to create an alert when searched index has no data I have the following search, and i want to be able to only show the indexes that have 0 data during a specified time ... by dmws New Member in Splunk Search 08-19-2019 0 4	0	4
Help returning stats with a value of 0 I'm trying to return an inventory dashboard panel that shows event count by data source for the given custom eventtyp... by johnward4 Communicator in Splunk Search 08-19-2019 0 4	0	4
How do I add an additional search condition to my table? index= client_snsr_tcg_unix_webservices source="/var/log/tomcat8/catalina.out" \| rex "^\[(?[^\]]+)\].*\[(?[^\]]+)\]\... by elijahm Explorer in Splunk Search 08-19-2019 0 4	0	4
Calculate earliest, latest with timepicker My case is that I have got a dashboard with panels where I have a global time picker $global_pckr$ I need to calculat... by igschloessl Explorer in Splunk Search 08-19-2019 0 3	0	3
How to parse JSON with multiple array ? Hi, Here is a sample : { columnNames: [ usersession.city Browser name ... by jegron New Member in Splunk Search 08-19-2019 0 4	0	4
Search for all events that has part of a string in a field I am looking for how to search for all events where a field might have values of sub-string. For Example if I have ... by ram_sistla Engager in Splunk Search 08-19-2019 0 3	0	3
How to put multiple charts into a single chart I'm trying to get a visualization together that will mark growth at 30, 60, and 90 days into a single graph with dif... by codedtech Path Finder in Splunk Search 08-19-2019 0 2	0	2
How to have only common values for 2 fields in the same search? I have a table like this: Shops Location Total 1. CK SF ... by tjosm New Member in Splunk Search 08-19-2019 0 2	0	2
Adding a new indexed meta field to inputs.conf not showing up in fastmode We see it in smart mode but not in fast mode. What are we missing and where does this get defined? by brent_weaver Builder in Splunk Search 08-19-2019 0 2	0	2
help with map command needed I have a custom command "sleep60", which is a python script doing as per name. Now, I would like to execute it in my ... by damucka Builder in Splunk Search 08-19-2019 0 2	0	2
how can i change inputtext: text to password hi, i try to change the type of an inputtext : from text to password Used Jquery $("[id^=my_field]").attr('type','n... by uppukumar Explorer in Splunk Search 08-19-2019 0 3	0	3
Field values as column name I've search results something like this: customerid tracingid API Status 1221 ab3d3 API1... by email2vimalraj New Member in Splunk Search 08-19-2019 0 2	0	2
Lookup table not work. Hi Splunker; I have three search head cluster, and I running search automatically every day for update this the look... by aalhabbash1 Path Finder in Splunk Search 08-18-2019 0 1	0	1
NIX add-on for Splunk: How to return a value from a subsearch and populating it in a field for each entry I'm using the *NIX add-on for Splunk. We receive "TOP.sh" information into Splunk. Top provides the process infor... by vader13 Explorer in Splunk Search 08-17-2019 0 6	0	6
Does the date range in the Base search carry forward to the Post Process search, or can they have different time ranges? Hi, I just wonder whether someone may be able to help me please. I'm trying to put together a Post Process - Base ... by IRHM73 Motivator in Splunk Search 08-17-2019 0 4	0	4
What is the best way to deal with lookup and multi tenancy set-ups? Hi Gurus, Hoping someone out there might be able to provide some guidance on how best to deal with the current situa... by kozanic_FF Path Finder in Splunk Search 08-17-2019 1 10	1	10
Is my rex right? Rex has exceeded configured match_limit, consider raising the value in limits.conf I am trying to extract about 20 fields from a log file each lines have about 800 charachers, I can only extract to fi... by samlinsongguo Communicator in Splunk Search 08-16-2019 0 5	0	5
How to timechart results of stats or transaction? I am trying to identify client IP addresses that recur across multiple days and then graph just those that meet a cer... by jmartinf5 Engager in Splunk Search 08-16-2019 0 8	0	8
How to extract date separated by period Hi everyone, I'm looking to take data such as 201908.1 from a field I've renamed in my search as "Operating System V... by jkordis New Member in Splunk Search 08-16-2019 0 2	0	2