Splunk Search

Community Activity

Help with Splunk search query and Lookup Hi, I am struggling to form my search query along with lookup. So the scenarios is like this - I have a search query ... by Shashank_87 Explorer in Splunk Search 08-05-2019 0 3	0	3
Join consecutive events in same index Hi, I thought this would be easy but no! I'm doing the query below on the Sample data below but the FileTime_END valu... by intelli2019 New Member in Splunk Search 08-05-2019 0 7	0	7
Search results in dispatch command message "The minimum free disk space (18446744073709551615MB) reached" Recently I migrated one of our indexers to a new machine. Sometimes searches result in the below message despite t... by dccrain New Member in Splunk Search 08-05-2019 0 3	0	3
Value in location field gets truncated when search is ran Hi, In my Splunk logs, I have a field called location which stores values like" SINGAPORE (ABC) WASHINGTON DC (ABC)... by amahesh3 New Member in Splunk Search 08-05-2019 0 10	0	10
average count by day I have a search looking for the events I want to look at. Then i want to have the average of the events per day. I ... by hartfoml Motivator in Splunk Search 08-05-2019 4 16	4	16
search.log: SearchEvaluator - using old evaluator Seeing lots of "SearchEvaluator - using old evaluator" in search.log for TSTAT with DMA. Could someone please explai... by simpkins1958 Contributor in Splunk Search 08-05-2019 0 1	0	1
Unable to calculate a difference after using mvindex with _time field I am using a transaction to combine events and I want to calculate the difference in time between the two events. I a... by tewarbit New Member in Splunk Search 08-05-2019 0 3	0	3
eval calculations how to solve the above issue using eval function. (1 * 100) / (1 + 2) = % . by Dsrao12345 New Member in Splunk Search 08-05-2019 0 2	0	2
AD FS ip field extraction Stuck on regex question for Ad FS logs. I am trying to extract all ips following a field ("Client IP: ") in a AD FS ... by jig004 Engager in Splunk Search 08-05-2019 1 2	1	2
Convert Transaction Search I made the following search to group exceptions together that happened within 1 second but I want to be able to view ... by bah5663_98 Explorer in Splunk Search 08-05-2019 0 2	0	2
Read CSV and use with index info (first four rows) JOB_NAME,Description ATUALIZACAOATIVOS,BATCH-PRO-AGRO BLOQUEIO-EMISSORES,BATCH-PRO-AGRO CONCATENAPD... by nsantiago17 Explorer in Splunk Search 08-05-2019 0 2	0	2
Timechart fillnull with append search So, I'm trying to come up with a way to compare data from this year and last year into a Single Value Graph but I am ... by ecedwards Engager in Splunk Search 08-05-2019 0 1	0	1
I am getting mostly info=denied events for specific users while searching for _audit index. While user can no longer query any indexes. Does that info indicates permission issues? or something else. I am getting info=denied events for specific users while searching for _audit index. What is the significance of this... by pateriaak Explorer in Splunk Search 08-05-2019 0 3	0	3
How to generate a search to find which Splunk user and URL is generating queries? I need queries like: which Splunk user generating the query? Output need [ Username, Time, Search Query] Which Sp... by dpraveen88 Explorer in Splunk Search 08-05-2019 0 3	0	3
Help with creating an earliest/latest event table (Using Splunk 6.1.2 for...reasons) Background: We send out a push notification to a third party. The third party som... by katharsys Path Finder in Splunk Search 08-05-2019 0 6	0	6
Use of Lookup with search query Hi, I need some help related to a search query. My search query has a field called "holdings" which contain data like... by Shashank_87 Explorer in Splunk Search 08-05-2019 0 3	0	3
Can someone help me with Regex or rex command? I have a field name called Column1 with the following data below... Data1: \|Transitioned to:Team1\|Transition Reason:... by trem0re09 Explorer in Splunk Search 08-05-2019 0 6	0	6
Difference between _time and -indextime Hi, We have splunk UF installed on our streamers. The splunk UF sends logs to splunk forwarder of our analytics set... by strive Influencer in Splunk Search 08-05-2019 1 8	1	8
How to calculate date based upon a patch lot value. How can we apply below logic in splunk. We have the data in Splunk which is coming out as below. Host Patching L... by sbhatnagar88 Path Finder in Splunk Search 08-05-2019 0 2	0	2
how to copy of entire splunk instances to another instance? Hii Everyone, I want to move all the knowledge objects and everything from one splunk instance to another instance...... by marisstella Explorer in Splunk Search 08-05-2019 0 5	0	5
Extract Fields Apache Logs Hi i have raw data like this: 192.0.100.3 - - [30/Jul/2019:00:06:05 -0500] "GET /test/ HTTP/1.1" 403 207 "-" "Mozill... by miguelebf New Member in Splunk Search 08-04-2019 0 2	0	2
column name updated how to keep both query results ini same dashboard Hi, index="spectrum" * \| eval foo=_cd \| rename "ns1.alarm.ns1.attribute{}.$" as value "ns1.alarm.ns1.attribute{}.@i... by surekhasplunk Communicator in Splunk Search 08-04-2019 0 4	0	4
Discrepany in total count Hello guys, I have the following syntax and data: However, there is a discrepancy with the total count per catego... by chinkeeparco Explorer in Splunk Search 08-04-2019 0 10	0	10
How to produce multiple values graphs We have a log of some metrics that look like this: 20:45:00 10.10.71.01 values : [12035313, 233658, 0, 0, 24249, 13... by jhuysing Explorer in Splunk Search 08-04-2019 0 6	0	6
Help with Regex extracting fields Can someone please help with extracting the bold highlighted field from below /07981368-d226-4cf6-8d88-9853c843bcb9... by saikumarsplunkt New Member in Splunk Search 08-04-2019 0 1	0	1