Splunk Search

Community Activity

Report from multiple indexes I need to create a report based on three different search criteria from three different sources. But since its a reco... by runiyal Path Finder in Splunk Search 07-09-2019 0 2	0	2
Merging multiple indexers and providing report I need to create a report based on three different search criteria from three different sources. But since its a reco... by runiyal Path Finder in Splunk Search 07-09-2019 0 1	0	1
Why does inputlookup NOT fail to exclude rows? I'm trying to exclude known issues from a search by using a lookup of exclusions. Our Splunk admins lock down alert c... by cmille19 Engager in Splunk Search 07-09-2019 0 3	0	3
How to use Eval greater than, less than for a duration and Count the values I'm calculating the time difference between two events by using Transaction and Duration. Below is the query that I u... by amunag439 Explorer in Splunk Search 07-09-2019 0 5	0	5
Extract url up to question mark Hello, I am trying to extract the entire URL up to the point where it includes a question mark. Generally the data w... by johnansett Communicator in Splunk Search 07-09-2019 0 2	0	2
SEDCMD help understand Trying to understand how this SEDCMD works so I can modify it for something else. It works in props.conf but I can't ... by jeburkes76 Explorer in Splunk Search 07-09-2019 0 6	0	6
Splunk Visualization Issues I downloaded the Splunk visualization app to create a custom visualization but when I click on starting on the base t... by keldridg2 New Member in Splunk Search 07-09-2019 0 0	0	0
How to list duplicate alerts I am trying to optimize my splunk deployment by removing duplicate alerts. I have this search which shows me all of ... by zawan Engager in Splunk Search 07-09-2019 0 1	0	1
Splunk Visualization Issues I downloaded the Splunk visualization app to create a custom visualization but when I click on starting on the base t... by keldridg2 New Member in Splunk Search 07-09-2019 0 0	0	0
I am trying to write a query that displays how long an application has been running? So far I have the following string. host="server" EventCode=4688 OR EventCode=469 \| transaction New_Process_Name startswith=(EventCode=4688) endswith=(Ev... by smazzatenta New Member in Splunk Search 07-09-2019 0 13	0	13
Correlating Windows event 4688 logs on New_Process_ID and Creator_Process_ID How can I correlate Windows event 4688 logs to show a chain of processes that were that were started? Basically a pro... by frbuser Path Finder in Splunk Search 07-09-2019 0 2	0	2
Best Options for Moving Data from S3 to Kinesis Hi - new user here. We have log files streaming to S3 for some of our data, but in other cases we have an ETL job doi... by aschneider29 New Member in Splunk Search 07-09-2019 0 0	0	0
stats: count number of occurences for each value in a values() aggregate Another question on counting the number of events per values() value in stats command. Using sistats this is seems t... by mmol Explorer in Splunk Search 07-09-2019 0 0	0	0
Inputlookup subsearch and join I have a question about two searches. The first one is much more faster than the second one, but I think that they do... by darioapis Explorer in Splunk Search 07-09-2019 0 6	0	6
Append do not work anymore Hello I did a code using append it was working perfectly. I didn't use my code for a week and now it is not working... by telecomdesign New Member in Splunk Search 07-09-2019 0 2	0	2
How do you specify an x axis interval on a non time based line chart? I've created a chart using the search: base search \| chart values(y) over x It charts perfectly except for the fact ... by jmoral03 New Member in Splunk Search 07-09-2019 0 3	0	3
Issues in creating the join Hello, I am facing issues joining the two table A & B given below: Table A: A \| email@xxx 1 \| abcd@xxxx 2 \| efgh... by aayushisplunk1 Path Finder in Splunk Search 07-09-2019 0 12	0	12
Error in 'eval' command: The expression is malformed. Expected ). # have a summary index which stores load averages index=summary10min \| table 10_min_load_avg 1 0.140000 2 0.7200... by bandit Motivator in Splunk Search 07-09-2019 2 4	2	4
Create Search for a Host who dont send Data for x minutes in the last 10 Days Hello, i wanted to write a search which will return all hosts which have not sent any events for 10 minutes in the l... by mklhs Path Finder in Splunk Search 07-09-2019 0 4	0	4
Splunk sending invalid Email Alerts I am running a query to alert me if the sum of a particular property < 400000. I get alert most times saying the cou... by rmuraly Explorer in Splunk Search 07-09-2019 0 1	0	1
Calculate percentage b/n 2 counted numbers Hello everyone, I'm trying to calculate the % of overdue items and print the result for every month. It looks like ... by swimena Explorer in Splunk Search 07-09-2019 0 8	0	8
unable to see data in visualization tab I am trying to create a time series chart but not getting any data in visualization tab. index="test_data" sourcetyp... by twh1 Communicator in Splunk Search 07-08-2019 0 10	0	10
Metric : mcollect command error Hello, I've been using this command on other metric indexes and i can't get this one to work. index=iiot_index Ta... by brdr Contributor in Splunk Search 07-08-2019 0 1	0	1
Extract Field Name and Value from Data Source using Delimiter based KV extraction I'm looking to dynamically extract both the field name and the associated value from a data source. Essentially, the... by jspigler2010 Explorer in Splunk Search 07-08-2019 0 2	0	2
Get column count as new column I have three columns from a search query. I would like to count the items in one column and display it next to the ot... by keronedave Explorer in Splunk Search 07-08-2019 0 7	0	7