Splunk Search

Community Activity

Trouble with rex exceeding match limit I'm trying to extract a field with the result of an API from a log, either containing "success" or "success.notfound"... by splunkyhokie New Member in Splunk Search 06-14-2019 0 2	0	2
Distance between two Geocoordinates I'm trying to find the distance between two geo coordinates and am looking for help with the search syntax.Here's wha... by srs20 New Member in Splunk Search 06-14-2019 0 3	0	3
Increasing Time Range hides Data Hey y'all, So I am seeing a very unique and strange behavior from Splunk. I noticed an issue where a Splunk search r... by amat Explorer in Splunk Search 06-14-2019 0 11	0	11
How to get field names from log header and removing said header? I have a log glf log file that I need to get some info out of the heads to format the log data, but other than that, ... by cboillot Contributor in Splunk Search 06-14-2019 0 2	0	2
How to use eval to do simple conversion? Wow, I can't believe this is kicking my butt -- think I need an idiot check... (yes, I know...  I'm trying to do a... by Michael Contributor in Splunk Search 06-14-2019 0 4	0	4
How to find the duration between two EventCode for Windows Log. Hello Everyone, I want to calculate the downtime for a particular server based on the difference between two EventCo... by gouravdashtcs Loves-to-Learn in Splunk Search 06-14-2019 0 3	0	3
Need to add Date/Time in report I have following record in my log - 2019-06-13 10:59:56,664 INFO [FileUploadWebScript] [http-apr-8983-exec-5] The U... by runiyal Path Finder in Splunk Search 06-14-2019 0 7	0	7
Add standalone Indexer to Search Head cluster which already have a Indexer cluster Hi SPlunkers, I have a multisite search head cluster TWO SH's SH1 ( SITE1 ) and SH2 ( SITE2 ) AND I have multisite... by sairam1444 Engager in Splunk Search 06-14-2019 0 1	0	1
How to create a chart for status value Hi, I'm new to Splunk and I've created a table with the following headers: Hardware-Name, Environment, Portfolio, Ve... by quadealexander Explorer in Splunk Search 06-14-2019 0 2	0	2
How to make subsearch use same time range, same index, same sourcetype as outer search? So I specify an outer query, it usually starts like this: earliest=06/14/2019:13:00:00 latest=06/14/2019:14:00:00 in... by petenetwork Explorer in Splunk Search 06-13-2019 0 3	0	3
Search query for syslog in dashboard Hey all, Am in a need of dashboard to see my syslog traffic for four arista switches as mentioned below: AA-UKD-AA-... by mkrishnamoorthy Explorer in Splunk Search 06-13-2019 0 3	0	3
Does wildcard sourcetypes in props.conf still work for version 7.0.1? Hi, I know it should be possible to use wildcard sourcetypes in props.conf using a some regex magic, as explained he... by hettervik Builder in Splunk Search 06-13-2019 0 3	0	3
How do I find values that exist in two different indexes for a particular field? I'm essentially looking to compare my index field values against an index that has known-bad field values to determin... by bmoody3 New Member in Splunk Search 06-13-2019 0 8	0	8
regex not working https://regex101.com/r/PNYxi2/2 not working in splunk. Error in 'rex' command: Encountered the following error whil... by reverse Contributor in Splunk Search 06-13-2019 0 8	0	8
Search to detect auditing service on any disabled critical system that stopped or restarted more than once in the past 7 days. Hello Splunkers, I'm new to Splunk. I am trying my best to learn Splunk and to write an efficient search. I have com... by swamysanjanaput Explorer in Splunk Search 06-13-2019 0 2	0	2
How to create alerts based on 2 sourcetypes and condition? Hello, I currently have alerts based on the count of services performed in the last hour. We see that < 40 indicate... by chengka Explorer in Splunk Search 06-13-2019 0 3	0	3
Day to day comparison. Using stats and timechart. sourcetype="SysEvents" OR sourcetype="Sysout" TransactionId=TI* AND TransactionId!=TI earliest=-d@d latest=@d \| timec... by sandeepmakkena Contributor in Splunk Search 06-13-2019 1 5	1	5
inputlookup and search results from data Hello Splunkers, I have inputlooku test.csv and containing fields host region I have indexed data under test ind... by Splunk_rocks Path Finder in Splunk Search 06-13-2019 0 2	0	2
Different results when using bucket _time and timechart Hello I want to count the number of logins by hour and then try to predict them. I have tested 2 codes but I do not k... by rosho Communicator in Splunk Search 06-13-2019 0 1	0	1
How to populate type:list input in setup.xml Hi everyone, I was trying to get radio buttons in an app's setup page. And I thought that maybe list would be ok as... by harshpatel Contributor in Splunk Search 06-13-2019 0 0	0	0
Can I write control code in TIME_FORMAT? I want to get time in this log file. [sample log] 1234 567 789^G20190613^G14:00^Gsample_log ^G mean control code. ... by oda Communicator in Splunk Search 06-13-2019 0 1	0	1
Help for Doing a Count from a Dropdown List hello I use the search below which works fine [\| inputlookup host.csv \| table host] index="x" sourcetype=XmlWi... by jip31 Motivator in Splunk Search 06-13-2019 0 4	0	4
Group table results by lookup table value We have a few servers clustered together and have created a lookup table that combines them. What I would like to do... by aohls Contributor in Splunk Search 06-13-2019 0 8	0	8
How to search count by only business days? Hello Splunk Ninjas, I have created an 'aging' field that counts the number of days since a certain date & time. I w... by lewisgrantevans Explorer in Splunk Search 06-13-2019 1 14	1	14
How to get the time duration for the search string availability in day ? Hi All, I was in need of a requirement to find the error codes and its occurences windows for a given day to be prin... by rakesh_498115 Motivator in Splunk Search 06-13-2019 0 6	0	6