Splunk Search

Community Activity

Transaction within transaction and calculations with both durations Hi, I have following events from a production machine where each cycle should be one transaction. The cycle starts w... by haph Path Finder in Splunk Search 07-16-2019 0 2	0	2
How to use the value of a dynamic threshold constructed as a result of a search to create a alert ? The following splunk search is what I'm using to construct the dynamic threshold of a alert I want to create: source... by vallurupallic Engager in Splunk Search 07-16-2019 0 4	0	4
Help with Eval Hi, I'm trying to do an eval, but it's not working, and could use another set of eyes. I extract my data in the pro... by a212830 Champion in Splunk Search 07-16-2019 0 2	0	2
Search to Compare and generate a new table result In need of finding a way to search to compare and generate a communication-relation table which apparently seem to in... by sh254087 Communicator in Splunk Search 07-16-2019 0 0	0	0
Maximum recommended file size of lookups? good morning Currently our cluster environment, reports errors with lookups associated with the size "The curren... by efaundez Path Finder in Splunk Search 07-16-2019 0 4	0	4
Implement a slowly populating lookup file Looking for some hints and suggestions about how to implement this: I have incoming log data that contains EAN barco... by thomasbader Engager in Splunk Search 07-16-2019 0 1	0	1
Daily/Weekly/Monthly Span on CSV dATA I have data in CSV like below - How can I put span=1w on this after pulling into splunk? I tried assigning this date ... by reverse Contributor in Splunk Search 07-16-2019 0 11	0	11
help on basic questions in a timechart hi I use the search below in order to display a timechart [\| inputlookup host.csv \| table host] `CPU` earliest... by jip31 Motivator in Splunk Search 07-16-2019 0 1	0	1
How to count by command on repeating field values in event Good afternoon, I have a question on a search. I have events in which there are several orders. Inside of the custo... by willemjongeneel Communicator in Splunk Search 07-16-2019 0 10	0	10
Refer to a field in table by its position Wondering if we can do something like this: ... \| table * \| sort by <1> Where <1> refers to the first field in t... by nabeel652 Builder in Splunk Search 07-15-2019 0 5	0	5
Search Summary Page Automatically Runs Real-Time Searches? I'm tracking down users that abuse real-time searches, as I've been seeing this gold warning bar a lot lately. Metad... by I_am_Jeff Communicator in Splunk Search 07-15-2019 0 6	0	6
Entrust IdentityGuard radius logs Quite new to Splunk and look for some ideas how to work with this log file format from Entrust IdentityGuard radius. ... by apask New Member in Splunk Search 07-15-2019 0 0	0	0
How to replace a field if a specific value is seen I am trying to replace a value in my search. For example if I get host=10.0.0.1 I want to grab the IP from src_ip=19... by benspader Explorer in Splunk Search 07-15-2019 1 3	1	3
Create a triple stacked bar chart that has one column per day Hello All, I am having difficulty in creating a triple stacked bar chart that has is displayed per day for time serie... by SimonR2018 New Member in Splunk Search 07-15-2019 0 2	0	2
Creating a lookup file to provide data to a dashboard search with time stamps I have an application that generates a value that I pull the highest value for each day. Right now the entire app log... by arrcee New Member in Splunk Search 07-15-2019 0 5	0	5
How to dynamically utilize the number of field values? Greetings Everyone! I'm in need of a second, third, etc. set of eyes. I'm attempting to create a search for a dynam... by cquinney Communicator in Splunk Search 07-15-2019 0 9	0	9
Why does multiple eval statements cause only last to be run? I am trying to create a low volume type of alert based on one sourcetype for multiple Channels that have very differe... by markhvesta Path Finder in Splunk Search 07-15-2019 0 4	0	4
How to compare two searches and find a missing values in each search Hello, I try to compare the Active Directory (AD) logs with the antivirus (AV) logs in order to find two things: - A... by AlexeySh Communicator in Splunk Search 07-15-2019 0 3	0	3
Why is the field alias not working in custom app? We created a custom app for our Exchange message trace logs and I have the following field alias defined in the custo... by jwalzerpitt Influencer in Splunk Search 07-15-2019 0 3	0	3
Splunk search fails with content that contains a hyphen (-)? We're running into something weird where searches may fail. We think it is due to dashes index="kubernetes" pod="pod... by itbetter Explorer in Splunk Search 07-15-2019 0 6	0	6
How to re-run a relative time search on click of the submit button? How to re-run a relative time search of the last 15 minutes on click of the submit button and refresh with the update... by helenashton Path Finder in Splunk Search 07-15-2019 2 5	2	5
Change Pie Chart Color Hello guys! Can anyone help me changin' the color for this search: index=main sourcetype=file \| stats count by REQUE... by vtsguerrero Contributor in Splunk Search 07-15-2019 2 4	2	4
How to schedule a report without it running I have a report I want to schedule, the results are populating a dataset. I want to set this to run every Sunday with... by aohls Contributor in Splunk Search 07-15-2019 0 0	0	0
How do you expand multiple fields from a transaction? I'm trying to mvexpand multiple fields from a transaction, particularly a time and uri_path from an Apache-style acce... by khevans Path Finder in Splunk Search 07-15-2019 0 2	0	2
How to extract spaced delimited field with values containing spaces? I have a space delimited field that may contain quoted values that also include spaces. For example: Value1 Value2 ... by jesses New Member in Splunk Search 07-15-2019 0 4	0	4