Splunk Search

Community Activity

Why is the 'foreach' command losing event data? I'm running Splunk 6.2. I'm dealing with events that have varying amounts of multivalue fields (some events have one,... by jpawloski Path Finder in Splunk Search 05-18-2019 0 3	0	3
How can I group results without duplicates? Hi This is my command to find the number of times an authentication has been rejected. But I would like to be able t... by rosho Communicator in Splunk Search 05-18-2019 0 4	0	4
Help using eval case statement using wildcards I'm trying to create a new field for category based off values in my existing 'message' field. index=network source... by johnward4 Communicator in Splunk Search 05-17-2019 0 3	0	3
Splunk Enterprise free not shows events Hi team, I'm using Splunk 7.2.6 free. Adding data from by file (the sample datafile downloaded from Splunk tutorial) ... by it42620 New Member in Splunk Search 05-17-2019 0 2	0	2
Date range on inputlookup search Hi I'm trying to do an inputlookup search with a specific date range of the last 6 months, but am not having any succ... by dyeo Engager in Splunk Search 05-17-2019 0 14	0	14
Searching for the absence of events I'm looking for an efficient way to find events that have not been indexed. Given a sequentially increasing number (r... by drodman29 Path Finder in Splunk Search 05-17-2019 0 1	0	1
splunkd died every day with the same error splunkd died every day with the same error FATAL ProcessRunner - Unexpected EOF from process runner child! ERROR Pro... by vincenty Explorer in Splunk Search 05-17-2019 2 9	2	9
splunk query to list if anyone removed logs from unix server(syslog servers)? Base query :- sourcetype=syslog How can I or where can I find if anyone removed any log files on unix syslog server?... by pavanae Builder in Splunk Search 05-17-2019 0 1	0	1
sending events from input based on regex to metrics I have created a setup where from an input based on a regex some of the events are sent to a specific index with chan... by imrago Contributor in Splunk Search 05-17-2019 0 3	0	3
How to calculate Percentage of particular events out of total events. I want to find the percent of events with the key word error out of all the events recorded during a time window I ha... by mrigank517 New Member in Splunk Search 05-17-2019 0 11	0	11
Execution of multiple macros in a search take too much time Hi, I have an alert which executes a very simple search. The search consists of a macro invoked 40 times, each time w... by emipintus Explorer in Splunk Search 05-17-2019 0 3	0	3
How to create a different chart for each multiselect input Hi, is there a way to create a different chart for each selected input of the multiselect field? When I select multi... by ploehnnico New Member in Splunk Search 05-17-2019 0 4	0	4
rex - extract 2 single values from set of numbers hello guyz, new to splunk was to figure out solution for this. I have logs like below need to do " rex" and extract ... by splunkuseradmin Path Finder in Splunk Search 05-17-2019 0 3	0	3
props/transforms REPORT- extracting Hello, I am having issues doing search time extraction via REPORT- command in props and transforms. Here is my code.... by zislin Explorer in Splunk Search 05-17-2019 2 3	2	3
How to display weekly data starting on a Monday using timecharts? I'm plotting some data on a timechart, with a span of a couple of months, and using weeks as the data points. How can... by samwatson45 Path Finder in Splunk Search 05-16-2019 0 7	0	7
Week details to be dispalyed in a filter ex: week1(1st-7th apr) , week2 (8th -14th Apr) Hi All, I have a reported date time field which i am converting and displaying as a month filter - which contains va... by rijinc Explorer in Splunk Search 05-16-2019 0 1	0	1
Group By Replace Hello, I have several things that come in via different platforms: Android (watch, phone, tablet), iOS (Watch, Phone... by jasonhask Explorer in Splunk Search 05-16-2019 0 3	0	3
splunk group by event , date_hour These are 2 diff events on my logs . taskCode=123 taskCode=456 i am trying to get an hourly count per event types ,... by officialsubho New Member in Splunk Search 05-16-2019 0 1	0	1
Datamodel missing field extractions, but base search returns those fields accurately. I have a datamodel lets say with a base constraint that returns the following two events 01-01-2019 01:00:00 type=V... by cdhippen Path Finder in Splunk Search 05-16-2019 0 3	0	3
Converting bytes to GB or MB Hey all, I was getting confused by some of the splunk answers for converting and couldn't figure out the eval portion... by pmac22 Path Finder in Splunk Search 05-16-2019 0 6	0	6
add fields after a stats count In my search i use a couple of stats counts, the problem is that after these commands I miss other that I want to use... by Mike6960 Path Finder in Splunk Search 05-16-2019 0 16	0	16
How to find event status changed Hello everyone! We have a log file contains the following information, status 0 means server is up, 1 means down: Da... by atpsplunk11 Explorer in Splunk Search 05-16-2019 0 2	0	2
How to display several time ranged search results in one dashboard panel? Hi guys, Is it possible to create several searches on data, differing in time range, and then display them in one das... by eriketro Engager in Splunk Search 05-16-2019 0 0	0	0
How to Regex the second occurrence of Account Name in AD logs I need to filter AD logs with Event Code 4725 "A user account was disabled". I need to regex and filter the second oc... by Log_wrangler Builder in Splunk Search 05-16-2019 0 3	0	3
Help identifying fast growing indexes Hi fellow Splunkers. I am the Splunk admin at my org, however that is mainly more from the Infrastructure side of th... by jwpoore New Member in Splunk Search 05-16-2019 0 3	0	3