Splunk Search

Community Activity

INTERESTING FIELDS missing in Search&Reporting app (default app) HI Friends, In Search&Reporting app (default app) when I search anything, I see only 3 INTERESTING FIELDS coming up... by pkumar9610 Explorer in Splunk Search 08-06-2019 0 1	0	1
How to aggregate data in an index Right now we receive and store several data points per second in an index and do reporting on it. In the future we wo... by philipfritsch New Member in Splunk Search 08-06-2019 0 1	0	1
Can't query for Metrics I have create a metric Index called "my_metric_index". I see, that the index is populated with events. I have added ... by joerglang Engager in Splunk Search 08-06-2019 0 0	0	0
How do I find the "Event" that directly proceeds the selected "Event"? Let's say I perform this search: index=mysecretindex host=mysecrethost* source="/my.log" error-3005 Then say I s... by philrego Path Finder in Splunk Search 08-06-2019 0 5	0	5
Need help with eval my search query : index=index1"PrepareResponseTime= " \| rex "PreResponseTime= (?[0-9]*) ms" \| where PrepareRespon... by Dsrao12345 New Member in Splunk Search 08-06-2019 0 1	0	1
Unable to stat the splunk indexer missing: /app/splunk/openssl directory Hi, We are unable to start the our one of the indexer in cluster getting the below error. Can we copy the directory... by Mayanakhan Explorer in Splunk Search 08-06-2019 0 1	0	1
How to use Where condition in lookup .csv file Hi, I have created a lookup file name file1.csv . There are two columns in the file "Application" and "Allow" and ... by bagarwal Path Finder in Splunk Search 08-05-2019 0 4	0	4
Can I map multiple groups to be bound to one role? All, Can I map multiple AD groups to one role in authentication.conf? Example? by daniel333 Builder in Splunk Search 08-05-2019 0 1	0	1
Help with Splunk search query and Lookup Hi, I am struggling to form my search query along with lookup. So the scenarios is like this - I have a search query ... by Shashank_87 Explorer in Splunk Search 08-05-2019 0 3	0	3
Join consecutive events in same index Hi, I thought this would be easy but no! I'm doing the query below on the Sample data below but the FileTime_END valu... by intelli2019 New Member in Splunk Search 08-05-2019 0 7	0	7
Search results in dispatch command message "The minimum free disk space (18446744073709551615MB) reached" Recently I migrated one of our indexers to a new machine. Sometimes searches result in the below message despite t... by dccrain New Member in Splunk Search 08-05-2019 0 3	0	3
Value in location field gets truncated when search is ran Hi, In my Splunk logs, I have a field called location which stores values like" SINGAPORE (ABC) WASHINGTON DC (ABC)... by amahesh3 New Member in Splunk Search 08-05-2019 0 10	0	10
average count by day I have a search looking for the events I want to look at. Then i want to have the average of the events per day. I ... by hartfoml Motivator in Splunk Search 08-05-2019 4 16	4	16
search.log: SearchEvaluator - using old evaluator Seeing lots of "SearchEvaluator - using old evaluator" in search.log for TSTAT with DMA. Could someone please explai... by simpkins1958 Contributor in Splunk Search 08-05-2019 0 1	0	1
Unable to calculate a difference after using mvindex with _time field I am using a transaction to combine events and I want to calculate the difference in time between the two events. I a... by tewarbit New Member in Splunk Search 08-05-2019 0 3	0	3
eval calculations how to solve the above issue using eval function. (1 * 100) / (1 + 2) = % . by Dsrao12345 New Member in Splunk Search 08-05-2019 0 2	0	2
AD FS ip field extraction Stuck on regex question for Ad FS logs. I am trying to extract all ips following a field ("Client IP: ") in a AD FS ... by jig004 Engager in Splunk Search 08-05-2019 1 2	1	2
Convert Transaction Search I made the following search to group exceptions together that happened within 1 second but I want to be able to view ... by bah5663_98 Explorer in Splunk Search 08-05-2019 0 2	0	2
Read CSV and use with index info (first four rows) JOB_NAME,Description ATUALIZACAOATIVOS,BATCH-PRO-AGRO BLOQUEIO-EMISSORES,BATCH-PRO-AGRO CONCATENAPD... by nsantiago17 Explorer in Splunk Search 08-05-2019 0 2	0	2
Timechart fillnull with append search So, I'm trying to come up with a way to compare data from this year and last year into a Single Value Graph but I am ... by ecedwards Engager in Splunk Search 08-05-2019 0 1	0	1
I am getting mostly info=denied events for specific users while searching for _audit index. While user can no longer query any indexes. Does that info indicates permission issues? or something else. I am getting info=denied events for specific users while searching for _audit index. What is the significance of this... by pateriaak Explorer in Splunk Search 08-05-2019 0 3	0	3
How to generate a search to find which Splunk user and URL is generating queries? I need queries like: which Splunk user generating the query? Output need [ Username, Time, Search Query] Which Sp... by dpraveen88 Explorer in Splunk Search 08-05-2019 0 3	0	3
Help with creating an earliest/latest event table (Using Splunk 6.1.2 for...reasons) Background: We send out a push notification to a third party. The third party som... by katharsys Path Finder in Splunk Search 08-05-2019 0 6	0	6
Use of Lookup with search query Hi, I need some help related to a search query. My search query has a field called "holdings" which contain data like... by Shashank_87 Explorer in Splunk Search 08-05-2019 0 3	0	3
Can someone help me with Regex or rex command? I have a field name called Column1 with the following data below... Data1: \|Transitioned to:Team1\|Transition Reason:... by trem0re09 Explorer in Splunk Search 08-05-2019 0 6	0	6