Splunk Search

Community Activity

How to allow user to enter a value that doesn't exist in a dropdown I have a dropdown that reads from a lookup but would like to allow the user to enter in a value that doesn't exist in... by w564432 Explorer in Splunk Search 08-06-2019 0 3	0	3
Line graph: Count per hour with a trendline that plots the average count every 24 hours. I have a line graph that displays the number of transactions per hour. I want a trendline to go with it, but I want i... by 3666142 Path Finder in Splunk Search 08-06-2019 0 8	0	8
To compare today's Index size with yesterday's I use the below query to find the index size, how can I modify the query to get the comparision between todays's inde... by VijaySrrie Builder in Splunk Search 08-06-2019 0 10	0	10
Splunk display 0 when no results found from last x minutes Hi Team, Need help in creating a query. I want to display 0 when no data/events found. But I am getting "No results ... by sahil237888 Path Finder in Splunk Search 08-06-2019 0 3	0	3
Why is one interesting field not always displayed, and what change do we need to make to have this field always appear by default? I am not always getting one interesting field, even though I have selected all fields from the fields bar on the left... by sivapuvvada Path Finder in Splunk Search 08-06-2019 0 4	0	4
INTERESTING FIELDS missing in Search&Reporting app (default app) HI Friends, In Search&Reporting app (default app) when I search anything, I see only 3 INTERESTING FIELDS coming up... by pkumar9610 Explorer in Splunk Search 08-06-2019 0 1	0	1
How to aggregate data in an index Right now we receive and store several data points per second in an index and do reporting on it. In the future we wo... by philipfritsch New Member in Splunk Search 08-06-2019 0 1	0	1
Can't query for Metrics I have create a metric Index called "my_metric_index". I see, that the index is populated with events. I have added ... by joerglang Engager in Splunk Search 08-06-2019 0 0	0	0
How do I find the "Event" that directly proceeds the selected "Event"? Let's say I perform this search: index=mysecretindex host=mysecrethost* source="/my.log" error-3005 Then say I s... by philrego Path Finder in Splunk Search 08-06-2019 0 5	0	5
Need help with eval my search query : index=index1"PrepareResponseTime= " \| rex "PreResponseTime= (?[0-9]*) ms" \| where PrepareRespon... by Dsrao12345 New Member in Splunk Search 08-06-2019 0 1	0	1
Unable to stat the splunk indexer missing: /app/splunk/openssl directory Hi, We are unable to start the our one of the indexer in cluster getting the below error. Can we copy the directory... by Mayanakhan Explorer in Splunk Search 08-06-2019 0 1	0	1
How to use Where condition in lookup .csv file Hi, I have created a lookup file name file1.csv . There are two columns in the file "Application" and "Allow" and ... by bagarwal Path Finder in Splunk Search 08-05-2019 0 4	0	4
Can I map multiple groups to be bound to one role? All, Can I map multiple AD groups to one role in authentication.conf? Example? by daniel333 Builder in Splunk Search 08-05-2019 0 1	0	1
Help with Splunk search query and Lookup Hi, I am struggling to form my search query along with lookup. So the scenarios is like this - I have a search query ... by Shashank_87 Explorer in Splunk Search 08-05-2019 0 3	0	3
Join consecutive events in same index Hi, I thought this would be easy but no! I'm doing the query below on the Sample data below but the FileTime_END valu... by intelli2019 New Member in Splunk Search 08-05-2019 0 7	0	7
Search results in dispatch command message "The minimum free disk space (18446744073709551615MB) reached" Recently I migrated one of our indexers to a new machine. Sometimes searches result in the below message despite t... by dccrain New Member in Splunk Search 08-05-2019 0 3	0	3
Value in location field gets truncated when search is ran Hi, In my Splunk logs, I have a field called location which stores values like" SINGAPORE (ABC) WASHINGTON DC (ABC)... by amahesh3 New Member in Splunk Search 08-05-2019 0 10	0	10
average count by day I have a search looking for the events I want to look at. Then i want to have the average of the events per day. I ... by hartfoml Motivator in Splunk Search 08-05-2019 4 16	4	16
search.log: SearchEvaluator - using old evaluator Seeing lots of "SearchEvaluator - using old evaluator" in search.log for TSTAT with DMA. Could someone please explai... by simpkins1958 Contributor in Splunk Search 08-05-2019 0 1	0	1
Unable to calculate a difference after using mvindex with _time field I am using a transaction to combine events and I want to calculate the difference in time between the two events. I a... by tewarbit New Member in Splunk Search 08-05-2019 0 3	0	3
eval calculations how to solve the above issue using eval function. (1 * 100) / (1 + 2) = % . by Dsrao12345 New Member in Splunk Search 08-05-2019 0 2	0	2
AD FS ip field extraction Stuck on regex question for Ad FS logs. I am trying to extract all ips following a field ("Client IP: ") in a AD FS ... by jig004 Engager in Splunk Search 08-05-2019 1 2	1	2
Convert Transaction Search I made the following search to group exceptions together that happened within 1 second but I want to be able to view ... by bah5663_98 Explorer in Splunk Search 08-05-2019 0 2	0	2
Read CSV and use with index info (first four rows) JOB_NAME,Description ATUALIZACAOATIVOS,BATCH-PRO-AGRO BLOQUEIO-EMISSORES,BATCH-PRO-AGRO CONCATENAPD... by nsantiago17 Explorer in Splunk Search 08-05-2019 0 2	0	2
Timechart fillnull with append search So, I'm trying to come up with a way to compare data from this year and last year into a Single Value Graph but I am ... by ecedwards Engager in Splunk Search 08-05-2019 0 1	0	1