Splunk Search

Community Activity

I am trying to write a query that displays how long an application has been running? So far I have the following string. host="server" EventCode=4688 OR EventCode=469 \| transaction New_Process_Name startswith=(EventCode=4688) endswith=(Ev... by smazzatenta New Member in Splunk Search 07-09-2019 0 13	0	13
Correlating Windows event 4688 logs on New_Process_ID and Creator_Process_ID How can I correlate Windows event 4688 logs to show a chain of processes that were that were started? Basically a pro... by frbuser Path Finder in Splunk Search 07-09-2019 0 2	0	2
Best Options for Moving Data from S3 to Kinesis Hi - new user here. We have log files streaming to S3 for some of our data, but in other cases we have an ETL job doi... by aschneider29 New Member in Splunk Search 07-09-2019 0 0	0	0
stats: count number of occurences for each value in a values() aggregate Another question on counting the number of events per values() value in stats command. Using sistats this is seems t... by mmol Explorer in Splunk Search 07-09-2019 0 0	0	0
Inputlookup subsearch and join I have a question about two searches. The first one is much more faster than the second one, but I think that they do... by darioapis Explorer in Splunk Search 07-09-2019 0 6	0	6
Append do not work anymore Hello I did a code using append it was working perfectly. I didn't use my code for a week and now it is not working... by telecomdesign New Member in Splunk Search 07-09-2019 0 2	0	2
How do you specify an x axis interval on a non time based line chart? I've created a chart using the search: base search \| chart values(y) over x It charts perfectly except for the fact ... by jmoral03 New Member in Splunk Search 07-09-2019 0 3	0	3
Issues in creating the join Hello, I am facing issues joining the two table A & B given below: Table A: A \| email@xxx 1 \| abcd@xxxx 2 \| efgh... by aayushisplunk1 Path Finder in Splunk Search 07-09-2019 0 12	0	12
Error in 'eval' command: The expression is malformed. Expected ). # have a summary index which stores load averages index=summary10min \| table 10_min_load_avg 1 0.140000 2 0.7200... by bandit Motivator in Splunk Search 07-09-2019 2 4	2	4
Create Search for a Host who dont send Data for x minutes in the last 10 Days Hello, i wanted to write a search which will return all hosts which have not sent any events for 10 minutes in the l... by mklhs Path Finder in Splunk Search 07-09-2019 0 4	0	4
Splunk sending invalid Email Alerts I am running a query to alert me if the sum of a particular property < 400000. I get alert most times saying the cou... by rmuraly Explorer in Splunk Search 07-09-2019 0 1	0	1
Calculate percentage b/n 2 counted numbers Hello everyone, I'm trying to calculate the % of overdue items and print the result for every month. It looks like ... by swimena Explorer in Splunk Search 07-09-2019 0 8	0	8
unable to see data in visualization tab I am trying to create a time series chart but not getting any data in visualization tab. index="test_data" sourcetyp... by twh1 Communicator in Splunk Search 07-08-2019 0 10	0	10
Metric : mcollect command error Hello, I've been using this command on other metric indexes and i can't get this one to work. index=iiot_index Ta... by brdr Contributor in Splunk Search 07-08-2019 0 1	0	1
Extract Field Name and Value from Data Source using Delimiter based KV extraction I'm looking to dynamically extract both the field name and the associated value from a data source. Essentially, the... by jspigler2010 Explorer in Splunk Search 07-08-2019 0 2	0	2
Get column count as new column I have three columns from a search query. I would like to count the items in one column and display it next to the ot... by keronedave Explorer in Splunk Search 07-08-2019 0 7	0	7
Find lastest access data for a list of users I have a lookup list of users and I want to get that date off their last event (or empty if no event) but I keep gett... by alucarddjin Path Finder in Splunk Search 07-08-2019 0 3	0	3
help on a max or a latest function which doent works hello The max function in this search doesnt works. Idem with latest! Its not the latest or max event taked into acc... by jip31 Motivator in Splunk Search 07-08-2019 0 9	0	9
How to make an option that can check all of the box in my menu Hi, I have a menu with some option how I can chose with the box menu option, my question is quite simple because I ha... by almanacht Explorer in Splunk Search 07-08-2019 0 0	0	0
Disappearing Y-axis Values Hello, I’m having issues with a report not displaying correctly. If I save a bar chart as a normal report, the Y-axi... by genesiusj Builder in Splunk Search 07-08-2019 0 3	0	3
Cannot search for field but field is shown in field list I have a totally weird case... I have field extractions defined in props.conf either individually or all in one extra... by afx Contributor in Splunk Search 07-08-2019 0 43	0	43
help on eval command for calculating the difference between now() and a date field hi I use the search below "LAST_SEEN" is a field with a date format like "2019-06-07 09:12:40.0" I need to add an ev... by jip31 Motivator in Splunk Search 07-08-2019 0 9	0	9
Can we setup regex to test on first 300 characters of event? Hello, I need to check the regex condition only on first 300 characters, if the regex condition available after tha... by vishaltaneja070 Motivator in Splunk Search 07-08-2019 0 15	0	15
KMZ file Overlay in Maps is hard to find the places as the KMZ file below the google maps Hi Splunkers, i installed Splunk Maps+ apps 3.0.2 version, after installing i uploaded the KMZ file in it. After u... by SathyaNarayanan Path Finder in Splunk Search 07-08-2019 0 0	0	0
How to use tokens in custom search commands I want to use dashboard text input in custom search command. Please tell me some tips such as how to use and sentence... by ketaka Explorer in Splunk Search 07-07-2019 0 2	0	2