Splunk Search

Community Activity

Why is index=_internal source=license_usage.log returning no data? Running this search from a search head (also tried the indexer) and attempting to breakdown the daily license usage f... by joesrepsol Path Finder in Splunk Search 02-21-2019 0 6	0	6
Is it possible to perform a tstats from an accelerated savedsearch? I am asking because I attempted to use "savedsearch=" as a command after a \| tstats much like calling a "datamodel=" ... by ericg57 Engager in Splunk Search 02-21-2019 0 2	0	2
Upgrade Enterprise Security app to 5.2 - Any specific issues to note Hi All, I am planning to upgrade the Enterprise Security app on our environment from 4.7.0 to 5.2.0. Splunk Enterpri... by santosh_hb Explorer in Splunk Search 02-21-2019 0 9	0	9
Subtotals with Sum Hi, I wonder whether someone can help me please. I've written the following query: `wso2_wmf(RequestCompleted)`deta... by IRHM73 Motivator in Splunk Search 02-21-2019 0 6	0	6
Dependency on Azure Services status we need to send out notification when ever a global outage was happening with Azure using the RSS feed, is the any qu... by dsmuralitharan Engager in Splunk Search 02-20-2019 0 1	0	1
Nested JSON field Hi I'm trying to do a count within my JSON logs. It's about the following data. I want to do a count for the extensio... by melvincorneliss New Member in Splunk Search 02-20-2019 0 2	0	2
How do you make a regex field extraction to stop capture after underscore and last 2 digits? Hi, I'm new to regex field extraction. I need a regex to capture only specific characters on my event source. I tr... by almar_cabato New Member in Splunk Search 02-20-2019 0 6	0	6
How can I display just the prediction (future) in a chart ? I'm doing a chart where i want to predict the disk space for the month after and I have this : .... predict C as "Pr... by henriq_c Explorer in Splunk Search 02-20-2019 0 1	0	1
How do you make a stacked bar chart based on a field? I need to present the output of a query in a stacked bar diagram. Here is my search output: Now, I want to presen... by sendilprakash Explorer in Splunk Search 02-20-2019 1 2	1	2
Any way to extract date information from file name and time information from message ? I have some source files which the messages have only time information without date information as below. [ xxxxx2017... by cweiliou_splunk Splunk Employee in Splunk Search 02-20-2019 0 1	0	1
How do I get a substring from a field after the "_" character? I have a string as ABCD_20190219_XYZ I need to get 20190219 like 8 characters after first "_" and than convert that ... by vb1612 New Member in Splunk Search 02-20-2019 0 1	0	1
How can I send historical data from Splunk to QRadar (On Prem and On Cloud) Hello, I need to know how to send historical data from Splunk to QRadar (Version 731) I am aware that there are some... by manig007 Engager in Splunk Search 02-20-2019 2 0	2	0
ERROR SearchResultsCSVSerializer - Failed to open file for writing Seeing tons of these errors in splunkd logs of indexers. What could be the reason? We are also experiencing search pe... by Rob2520 Communicator in Splunk Search 02-20-2019 0 3	0	3
How do you find the difference of an hour in _time and _indextime in Splunk logs? We have logs being parsed in Splunk which have differences in _indextime and _time of an hour. Please advise how can ... by juhisaxena28 Explorer in Splunk Search 02-20-2019 0 1	0	1
How to set up a NEAR real time search in Splunk 6.6.3 I have a client that wants to set up a "near" real time search in Splunk. Can this be done (it needs to be continuou... by nls7010 Path Finder in Splunk Search 02-20-2019 0 4	0	4
How can I add the results of some particular columns to a new column? I ran a query which gave results in the below manner I just want the last two columns, that is Today and Tomorrow... by ashokpuvvada New Member in Splunk Search 02-20-2019 0 1	0	1
Unable to search using REST API Hi I have a cloud instance version 7.0.2.1 https://prd-p-df4vmzb62ds7.cloud.splunk.com. I am trying to use REST API t... by vinitchaudhari1 New Member in Splunk Search 02-20-2019 0 3	0	3
Is the mvindex function just visual? With my situation, all events have double the values in each field for some reason. I'm not an admin so I just have t... by russell120 Communicator in Splunk Search 02-20-2019 0 3	0	3
"addinfo" and "search_now" -- has search_now been removed? Hi all, Previously I've used "search_now" to determine the start time of a late-running scheduled search. This appea... by althomas Communicator in Splunk Search 02-20-2019 0 0	0	0
Not enough pct_cpu metrics in introspection Please advise! We noticed that in our 7.0.2 on-prem Splunk install on CentOS, CPU load metrics are partially missing.... by znaesh Path Finder in Splunk Search 02-20-2019 1 0	1	0
Calculate on one field in multiple events Hi, I collect json data like this: {"timestamp":"2019.02.19-10:20:30","label":"xxx","size":"100"} {"timestamp":"201... by JuGuSm Path Finder in Splunk Search 02-20-2019 0 6	0	6
Appropriate ingest structure for large lists and for analysis Hi, I've got a large list which is grouped in chronological order and I'd like to ingest it into Splunk. The list s... by splunked38 Communicator in Splunk Search 02-20-2019 0 8	0	8
How do you combine stats results for a base data grid? I would like to combine the results of two searches to use as a dashboard base search and then filter in different wa... by mikeydee77 Path Finder in Splunk Search 02-20-2019 0 4	0	4
How can I create a scatter plot of data points distributed over time? Hi, I am having some difficulty in locating information to help me to create a scatter plot (over time) of a data se... by mtanadsk Explorer in Splunk Search 02-20-2019 4 9	4	9
How do you find the count of hours between two dates? Hi, Please find the below query index="os" sourcetype="Service" CaseNumber=* status="Complete" assignment_group=*... by ramesh12345 Explorer in Splunk Search 02-20-2019 0 12	0	12