Splunk Search

Community Activity

How to find earliest time a string appeared in a value? I have a field named "example", I want to find the first time that the first log that contained the word "hello". Ho... by mlaurabermudez New Member in Splunk Search 06-15-2019 0 2	0	2
How to create a search for Splunk alerts for duplicate events? I am trying to create a splunk alert for duplicate data and would like some help in creating the splunk search. The d... by wicke_s Explorer in Splunk Search 06-14-2019 0 2	0	2
Help with regex in transforms Hi, I'm hoping that someone can help me with a regex. Here's the source data: <OTHERFIELD>some values</OTHERFIEL... by a212830 Champion in Splunk Search 06-14-2019 0 11	0	11
Trouble with rex exceeding match limit I'm trying to extract a field with the result of an API from a log, either containing "success" or "success.notfound"... by splunkyhokie New Member in Splunk Search 06-14-2019 0 2	0	2
Distance between two Geocoordinates I'm trying to find the distance between two geo coordinates and am looking for help with the search syntax.Here's wha... by srs20 New Member in Splunk Search 06-14-2019 0 3	0	3
Increasing Time Range hides Data Hey y'all, So I am seeing a very unique and strange behavior from Splunk. I noticed an issue where a Splunk search r... by amat Explorer in Splunk Search 06-14-2019 0 11	0	11
How to get field names from log header and removing said header? I have a log glf log file that I need to get some info out of the heads to format the log data, but other than that, ... by cboillot Contributor in Splunk Search 06-14-2019 0 2	0	2
How to use eval to do simple conversion? Wow, I can't believe this is kicking my butt -- think I need an idiot check... (yes, I know...  I'm trying to do a... by Michael Contributor in Splunk Search 06-14-2019 0 4	0	4
How to find the duration between two EventCode for Windows Log. Hello Everyone, I want to calculate the downtime for a particular server based on the difference between two EventCo... by gouravdashtcs Loves-to-Learn in Splunk Search 06-14-2019 0 3	0	3
Need to add Date/Time in report I have following record in my log - 2019-06-13 10:59:56,664 INFO [FileUploadWebScript] [http-apr-8983-exec-5] The U... by runiyal Path Finder in Splunk Search 06-14-2019 0 7	0	7
Add standalone Indexer to Search Head cluster which already have a Indexer cluster Hi SPlunkers, I have a multisite search head cluster TWO SH's SH1 ( SITE1 ) and SH2 ( SITE2 ) AND I have multisite... by sairam1444 Engager in Splunk Search 06-14-2019 0 1	0	1
How to create a chart for status value Hi, I'm new to Splunk and I've created a table with the following headers: Hardware-Name, Environment, Portfolio, Ve... by quadealexander Explorer in Splunk Search 06-14-2019 0 2	0	2
How to make subsearch use same time range, same index, same sourcetype as outer search? So I specify an outer query, it usually starts like this: earliest=06/14/2019:13:00:00 latest=06/14/2019:14:00:00 in... by petenetwork Explorer in Splunk Search 06-13-2019 0 3	0	3
Search query for syslog in dashboard Hey all, Am in a need of dashboard to see my syslog traffic for four arista switches as mentioned below: AA-UKD-AA-... by mkrishnamoorthy Explorer in Splunk Search 06-13-2019 0 3	0	3
Does wildcard sourcetypes in props.conf still work for version 7.0.1? Hi, I know it should be possible to use wildcard sourcetypes in props.conf using a some regex magic, as explained he... by hettervik Builder in Splunk Search 06-13-2019 0 3	0	3
How do I find values that exist in two different indexes for a particular field? I'm essentially looking to compare my index field values against an index that has known-bad field values to determin... by bmoody3 New Member in Splunk Search 06-13-2019 0 8	0	8
regex not working https://regex101.com/r/PNYxi2/2 not working in splunk. Error in 'rex' command: Encountered the following error whil... by reverse Contributor in Splunk Search 06-13-2019 0 8	0	8
Search to detect auditing service on any disabled critical system that stopped or restarted more than once in the past 7 days. Hello Splunkers, I'm new to Splunk. I am trying my best to learn Splunk and to write an efficient search. I have com... by swamysanjanaput Explorer in Splunk Search 06-13-2019 0 2	0	2
How to create alerts based on 2 sourcetypes and condition? Hello, I currently have alerts based on the count of services performed in the last hour. We see that < 40 indicate... by chengka Explorer in Splunk Search 06-13-2019 0 3	0	3
Day to day comparison. Using stats and timechart. sourcetype="SysEvents" OR sourcetype="Sysout" TransactionId=TI* AND TransactionId!=TI earliest=-d@d latest=@d \| timec... by sandeepmakkena Contributor in Splunk Search 06-13-2019 1 5	1	5
inputlookup and search results from data Hello Splunkers, I have inputlooku test.csv and containing fields host region I have indexed data under test ind... by Splunk_rocks Path Finder in Splunk Search 06-13-2019 0 2	0	2
Different results when using bucket _time and timechart Hello I want to count the number of logins by hour and then try to predict them. I have tested 2 codes but I do not k... by rosho Communicator in Splunk Search 06-13-2019 0 1	0	1
How to populate type:list input in setup.xml Hi everyone, I was trying to get radio buttons in an app's setup page. And I thought that maybe list would be ok as... by harshpatel Contributor in Splunk Search 06-13-2019 0 0	0	0
Can I write control code in TIME_FORMAT? I want to get time in this log file. [sample log] 1234 567 789^G20190613^G14:00^Gsample_log ^G mean control code. ... by oda Communicator in Splunk Search 06-13-2019 0 1	0	1
Help for Doing a Count from a Dropdown List hello I use the search below which works fine [\| inputlookup host.csv \| table host] index="x" sourcetype=XmlWi... by jip31 Motivator in Splunk Search 06-13-2019 0 4	0	4