Splunk Search

Community Activity

Count the number of users in more than one time bucket as percent of total users I want to count userid that are in more than one bucket. The goal is to see how many users are returning users. I use... by user93 Communicator in Splunk Search 02-21-2019 0 4	0	4
Why does my real-time alert continue to send emails/sms? I have a query for which I've configured a real-time alert when the query returns a result. I'm getting 25 to 35 emai... by blindfire_bandi Explorer in Splunk Search 02-21-2019 0 5	0	5
List all Windows domain members a user is logged in to How might one obtain a list of all the Windows domain members a specific user is currently logged in to? Our domain ... by staten Observer in Splunk Search 02-21-2019 0 0	0	0
Trouble appending columns for a second search Here is the example in the Splunk documentation: specific.server \| stats dc(userID) as totalUsers \| appendcols [ sea... by jlundtristate Loves-to-Learn in Splunk Search 02-21-2019 0 0	0	0
How do you perform a search if today is not the date listed in the lookup .csv file I have lookup file my_dates.csv like this: mydate, something 1/1/2019, sth1 2/12/2019,sth2 2/20/2019,sth 3/13/2019,s... by lucy2019 Explorer in Splunk Search 02-21-2019 0 5	0	5
Why is index=_internal source=license_usage.log returning no data? Running this search from a search head (also tried the indexer) and attempting to breakdown the daily license usage f... by joesrepsol Path Finder in Splunk Search 02-21-2019 0 6	0	6
Is it possible to perform a tstats from an accelerated savedsearch? I am asking because I attempted to use "savedsearch=" as a command after a \| tstats much like calling a "datamodel=" ... by ericg57 Engager in Splunk Search 02-21-2019 0 2	0	2
Upgrade Enterprise Security app to 5.2 - Any specific issues to note Hi All, I am planning to upgrade the Enterprise Security app on our environment from 4.7.0 to 5.2.0. Splunk Enterpri... by santosh_hb Explorer in Splunk Search 02-21-2019 0 9	0	9
Subtotals with Sum Hi, I wonder whether someone can help me please. I've written the following query: `wso2_wmf(RequestCompleted)`deta... by IRHM73 Motivator in Splunk Search 02-21-2019 0 6	0	6
Dependency on Azure Services status we need to send out notification when ever a global outage was happening with Azure using the RSS feed, is the any qu... by dsmuralitharan Engager in Splunk Search 02-20-2019 0 1	0	1
Nested JSON field Hi I'm trying to do a count within my JSON logs. It's about the following data. I want to do a count for the extensio... by melvincorneliss New Member in Splunk Search 02-20-2019 0 2	0	2
How do you make a regex field extraction to stop capture after underscore and last 2 digits? Hi, I'm new to regex field extraction. I need a regex to capture only specific characters on my event source. I tr... by almar_cabato New Member in Splunk Search 02-20-2019 0 6	0	6
How can I display just the prediction (future) in a chart ? I'm doing a chart where i want to predict the disk space for the month after and I have this : .... predict C as "Pr... by henriq_c Explorer in Splunk Search 02-20-2019 0 1	0	1
How do you make a stacked bar chart based on a field? I need to present the output of a query in a stacked bar diagram. Here is my search output: Now, I want to presen... by sendilprakash Explorer in Splunk Search 02-20-2019 1 2	1	2
Any way to extract date information from file name and time information from message ? I have some source files which the messages have only time information without date information as below. [ xxxxx2017... by cweiliou_splunk Splunk Employee in Splunk Search 02-20-2019 0 1	0	1
How do I get a substring from a field after the "_" character? I have a string as ABCD_20190219_XYZ I need to get 20190219 like 8 characters after first "_" and than convert that ... by vb1612 New Member in Splunk Search 02-20-2019 0 1	0	1
How can I send historical data from Splunk to QRadar (On Prem and On Cloud) Hello, I need to know how to send historical data from Splunk to QRadar (Version 731) I am aware that there are some... by manig007 Engager in Splunk Search 02-20-2019 2 0	2	0
ERROR SearchResultsCSVSerializer - Failed to open file for writing Seeing tons of these errors in splunkd logs of indexers. What could be the reason? We are also experiencing search pe... by Rob2520 Communicator in Splunk Search 02-20-2019 0 3	0	3
How do you find the difference of an hour in _time and _indextime in Splunk logs? We have logs being parsed in Splunk which have differences in _indextime and _time of an hour. Please advise how can ... by juhisaxena28 Explorer in Splunk Search 02-20-2019 0 1	0	1
How to set up a NEAR real time search in Splunk 6.6.3 I have a client that wants to set up a "near" real time search in Splunk. Can this be done (it needs to be continuou... by nls7010 Path Finder in Splunk Search 02-20-2019 0 4	0	4
How can I add the results of some particular columns to a new column? I ran a query which gave results in the below manner I just want the last two columns, that is Today and Tomorrow... by ashokpuvvada New Member in Splunk Search 02-20-2019 0 1	0	1
Unable to search using REST API Hi I have a cloud instance version 7.0.2.1 https://prd-p-df4vmzb62ds7.cloud.splunk.com. I am trying to use REST API t... by vinitchaudhari1 New Member in Splunk Search 02-20-2019 0 3	0	3
Is the mvindex function just visual? With my situation, all events have double the values in each field for some reason. I'm not an admin so I just have t... by russell120 Communicator in Splunk Search 02-20-2019 0 3	0	3
"addinfo" and "search_now" -- has search_now been removed? Hi all, Previously I've used "search_now" to determine the start time of a late-running scheduled search. This appea... by althomas Communicator in Splunk Search 02-20-2019 0 0	0	0
Not enough pct_cpu metrics in introspection Please advise! We noticed that in our 7.0.2 on-prem Splunk install on CentOS, CPU load metrics are partially missing.... by znaesh Path Finder in Splunk Search 02-20-2019 1 0	1	0