Splunk Search

Community Activity

Why is Splunk gathering latest data even with Null values? How can i get latest value of all ID (1-1,1-2,2-1,2-2). considering there are no latest data on ID(2-1,2-2) Data: 1... by jadengoho Builder in Splunk Search 05-21-2019 0 1	0	1
Integrating dbxquery in a search I have an sql database containing a list of ip addresses and a bunch of other fields that I can query from Splunk usi... by balcv Contributor in Splunk Search 05-21-2019 0 5	0	5
Prediction on disk transfer / sec Hi , I have used following query for predicting disk transfer of particular host, here we are using LLP algorithm i... by singh3and12 Path Finder in Splunk Search 05-21-2019 0 12	0	12
String Comparison with Foreach I have a lookup table from a csv that looks like this name exam1 exam2 exam3 john good bad bad peter ... by zacksoft Contributor in Splunk Search 05-21-2019 0 1	0	1
How to monitor the lasting of an event with a percentage condition with a CPU charge > 80%? Hello I use the search below in order to monitore process with a CPU charge > 80% BUT What I exactly need is to moni... by jip31 Motivator in Splunk Search 05-21-2019 0 8	0	8
Custom Splunk search command only returns 100 results Hello, I'm writing a custom Splunk search command that runs a query on another Splunk host, then returns those result... by moorhead_30s New Member in Splunk Search 05-21-2019 0 3	0	3
Date input textbox format I want to add 2 text boxes where I can key in 2 dates. Later I want to use these 2 dates at 4 locations of my query. ... by reverse Contributor in Splunk Search 05-21-2019 0 3	0	3
query help inner query \| mstats max(_value) as Bits_in_sec where index=ehealth (host="SC2CLK-CLOUD-CFD-VDC2" OR host="SC2BJV-CLOUD-CFD-VDC2"... by surekhasplunk Communicator in Splunk Search 05-21-2019 0 2	0	2
How to get the number of users having access to each indexes? Hi I need a help with a Splunk search to find the number of users having access for each indexes. Thanks by NAVEEN_CTS Path Finder in Splunk Search 05-21-2019 0 1	0	1
Regex with eval ? I have this following string 2019-05-17 11:30:14.262 INFO 13 --- [pool-3-thread-1] com.abcd.efgh.ijk.statuspage.St... by officialsubho New Member in Splunk Search 05-21-2019 0 4	0	4
Is data considered indexed after full replication or just after initial write to disk (which == searchable)? In a testing distributed environment, we are experiencing indexing delays. With a replication factor of 3, when would... by vzedbny Engager in Splunk Search 05-21-2019 0 1	0	1
search query Splunk new-bee here. Let's say I have two records in the log file: one record has " myID=1234 ticker= abc" and the ... by aokhovat New Member in Splunk Search 05-21-2019 0 1	0	1
Splunk/AWS SQS Queue polling inconsistently As the title says im running into an issue with what appears to be the pull count from SQS queues. For example, right... by arlombar Explorer in Splunk Search 05-21-2019 0 0	0	0
Why does this search cause Splunk to crash occasionally? I have a search that works most of the time, but sometimes just causes Splunk to crash and requires a restart. I hav... by chadman Path Finder in Splunk Search 05-21-2019 0 7	0	7
Base Search returning different results than normal search As the title suggests, I'm having issues with a base search that I'm trying to create. The base search uses tokens t... by betchim_gerwili Explorer in Splunk Search 05-21-2019 0 2	0	2
How to edit my search to exclude the top 20 noisy results and return the rest? I have a splunk search for a list of users performing a particular task. I want to exclude the top 20 noisy results a... by phant0mgh0st New Member in Splunk Search 05-21-2019 0 3	0	3
Why splunk btool check doesn't catch erroneous comments? There is a bit of a commotion here because we had stanzas like the below one, which throw errors in _internal. Intere... by ddrillic Ultra Champion in Splunk Search 05-21-2019 0 3	0	3
Splunk Dashboard questions I am new to Splunk and I have a requirement as below to show in Splunk dashboard, Number of groups created/deleted ... by sreedhar85in Engager in Splunk Search 05-21-2019 0 1	0	1
Failed to find Event Log with channel name We needed to retrieve a older evtx file from storage. We placed the file in c:\temp and we created an app to ingest ... by halbeisendv Path Finder in Splunk Search 05-21-2019 0 0	0	0
Why are my searches only hitting one Indexer in a cluster ? Hello everyone. I have a multisite Indexer cluster. 2 IDX (IDX01, IDX02) and CM 2 SH with a deployer and a VIP to SH ... by sairam1444 Engager in Splunk Search 05-21-2019 0 4	0	4
How to eliminate join for better query perfomance I have two query with same source , index with differnt time (once current day, other one pevious week day), i want ... by vikashperiwal Path Finder in Splunk Search 05-21-2019 0 3	0	3
Store result of the predict for a day Hello, I am looking for a way how to predict one day of certain metric and then every hour collect real stats. And a... by jkomarek Engager in Splunk Search 05-21-2019 1 0	1	0
unified the user field under the authentication model different devices are appearing under the authentication data model. for windows sourcetype I can see the user name,... by rashid47010 Communicator in Splunk Search 05-21-2019 0 0	0	0
How to log SQL queries in DB Connect 1 We have some old DB Connect 1.2.2 inputs defined that need to migrated to DB Connect 3.1.4. In order to debug some w... by paulski82 New Member in Splunk Search 05-21-2019 0 0	0	0
stanza to run powershell script in exchange 2016. What should be my inputs.conf stanza to run the PowerShell script in the Exchange server 2016 with windows server 201... by saramamurthy_sp Splunk Employee in Splunk Search 05-20-2019 0 0	0	0