Splunk Search

Community Activity

Most common events/issues/words Hello guys, I'm new in SPLUNK. Just wanted to ask for an advice :). Currently, I have 11,000 ticket data and I'm tr... by chinkeeparco Explorer in Splunk Search 08-07-2019 0 5	0	5
Splunk Daemonset for kubernetes not indexing data due to read only filesystem I have configured splunk daemonset for k8s cluster. Agent logs are flowing. However the application logs are not gett... by vidhijain333 Loves-to-Learn in Splunk Search 08-06-2019 0 0	0	0
Challenges Joining tables and returning values from both indexes Hello, Based on some suggested changes by @jawaharas I was able to successfully lookup the value of user from the Va... by lbrhyne Path Finder in Splunk Search 08-06-2019 0 10	0	10
how to get the first event time and last event time for field value Hi Splunkers, My events will look like below. 2019-08-06 10:14:00 TYPE="PLB_1", STATUS="true", CAR="A", PLACE="ABC... by SathyaNarayanan Path Finder in Splunk Search 08-06-2019 0 4	0	4
How to sum values from specific rows to then display in pie graph Hey guys, I'm trying to add the values that correspond to specific rows in a search, to then display on a dashboard ... by hamishcross Engager in Splunk Search 08-06-2019 0 3	0	3
Comparing/Merging/Grouping timestamp with timespan Hey there! I have logs from two different sources in one search. One source provides a time range, while the other p... by Bastelhoff Path Finder in Splunk Search 08-06-2019 0 2	0	2
Help with splunk query, searchmatch finding false positives Hey All, Very new to using splunk and love the power of dashboards. I'm executing the following index=my_app ("C4C... by hamishcross Engager in Splunk Search 08-06-2019 0 4	0	4
Does splunk support forwarding data from an IBM IFS (Integrated file system)? Hello, There is an Add-on or connector in splunk to forward data from IFS (Integrated File System) IBM ? Thank yo... by Kawtar Path Finder in Splunk Search 08-06-2019 0 3	0	3
How to trigger rs.slaveOk() from Splunk MongoDB (Hunk) app to query data from secondary instance We have a requirement of querying MongoDB collections from secondary instance using Splunk MongoDB app (Hunk). The vi... by sandeepkumar23 Explorer in Splunk Search 08-06-2019 0 0	0	0
Help with an API one shot search time discrepancy I see significant search time discrepancy when I run a one-shot search via the python SDK as opposed to when I run th... by tonymorin Explorer in Splunk Search 08-06-2019 0 0	0	0
Ignore or Remove characters from search results I have a need to ignore specific characters in my search results. I'm assuming this can be done with REGEX or somethi... by hagjos43 Contributor in Splunk Search 08-06-2019 1 8	1	8
both stats and timechart gives different values Hi all I was wondering if i can get some help in this. as I have some fields in stats and i want span=1w of that. w... by splunkuseradmin Path Finder in Splunk Search 08-06-2019 0 2	0	2
How to allow user to enter a value that doesn't exist in a dropdown I have a dropdown that reads from a lookup but would like to allow the user to enter in a value that doesn't exist in... by w564432 Explorer in Splunk Search 08-06-2019 0 3	0	3
Line graph: Count per hour with a trendline that plots the average count every 24 hours. I have a line graph that displays the number of transactions per hour. I want a trendline to go with it, but I want i... by 3666142 Path Finder in Splunk Search 08-06-2019 0 8	0	8
To compare today's Index size with yesterday's I use the below query to find the index size, how can I modify the query to get the comparision between todays's inde... by VijaySrrie Builder in Splunk Search 08-06-2019 0 10	0	10
Splunk display 0 when no results found from last x minutes Hi Team, Need help in creating a query. I want to display 0 when no data/events found. But I am getting "No results ... by sahil237888 Path Finder in Splunk Search 08-06-2019 0 3	0	3
Why is one interesting field not always displayed, and what change do we need to make to have this field always appear by default? I am not always getting one interesting field, even though I have selected all fields from the fields bar on the left... by sivapuvvada Path Finder in Splunk Search 08-06-2019 0 4	0	4
INTERESTING FIELDS missing in Search&Reporting app (default app) HI Friends, In Search&Reporting app (default app) when I search anything, I see only 3 INTERESTING FIELDS coming up... by pkumar9610 Explorer in Splunk Search 08-06-2019 0 1	0	1
How to aggregate data in an index Right now we receive and store several data points per second in an index and do reporting on it. In the future we wo... by philipfritsch New Member in Splunk Search 08-06-2019 0 1	0	1
Can't query for Metrics I have create a metric Index called "my_metric_index". I see, that the index is populated with events. I have added ... by joerglang Engager in Splunk Search 08-06-2019 0 0	0	0
How do I find the "Event" that directly proceeds the selected "Event"? Let's say I perform this search: index=mysecretindex host=mysecrethost* source="/my.log" error-3005 Then say I s... by philrego Path Finder in Splunk Search 08-06-2019 0 5	0	5
Need help with eval my search query : index=index1"PrepareResponseTime= " \| rex "PreResponseTime= (?[0-9]*) ms" \| where PrepareRespon... by Dsrao12345 New Member in Splunk Search 08-06-2019 0 1	0	1
Unable to stat the splunk indexer missing: /app/splunk/openssl directory Hi, We are unable to start the our one of the indexer in cluster getting the below error. Can we copy the directory... by Mayanakhan Explorer in Splunk Search 08-06-2019 0 1	0	1
How to use Where condition in lookup .csv file Hi, I have created a lookup file name file1.csv . There are two columns in the file "Application" and "Allow" and ... by bagarwal Path Finder in Splunk Search 08-05-2019 0 4	0	4
Can I map multiple groups to be bound to one role? All, Can I map multiple AD groups to one role in authentication.conf? Example? by daniel333 Builder in Splunk Search 08-05-2019 0 1	0	1