Splunk Search

Community Activity

Nested JSON field Hi I'm trying to do a count within my JSON logs. It's about the following data. I want to do a count for the extensio... by melvincorneliss New Member in Splunk Search 02-20-2019 0 2	0	2
How do you make a regex field extraction to stop capture after underscore and last 2 digits? Hi, I'm new to regex field extraction. I need a regex to capture only specific characters on my event source. I tr... by almar_cabato New Member in Splunk Search 02-20-2019 0 6	0	6
How can I display just the prediction (future) in a chart ? I'm doing a chart where i want to predict the disk space for the month after and I have this : .... predict C as "Pr... by henriq_c Explorer in Splunk Search 02-20-2019 0 1	0	1
How do you make a stacked bar chart based on a field? I need to present the output of a query in a stacked bar diagram. Here is my search output: Now, I want to presen... by sendilprakash Explorer in Splunk Search 02-20-2019 1 2	1	2
Any way to extract date information from file name and time information from message ? I have some source files which the messages have only time information without date information as below. [ xxxxx2017... by cweiliou_splunk Splunk Employee in Splunk Search 02-20-2019 0 1	0	1
How do I get a substring from a field after the "_" character? I have a string as ABCD_20190219_XYZ I need to get 20190219 like 8 characters after first "_" and than convert that ... by vb1612 New Member in Splunk Search 02-20-2019 0 1	0	1
How can I send historical data from Splunk to QRadar (On Prem and On Cloud) Hello, I need to know how to send historical data from Splunk to QRadar (Version 731) I am aware that there are some... by manig007 Engager in Splunk Search 02-20-2019 2 0	2	0
ERROR SearchResultsCSVSerializer - Failed to open file for writing Seeing tons of these errors in splunkd logs of indexers. What could be the reason? We are also experiencing search pe... by Rob2520 Communicator in Splunk Search 02-20-2019 0 3	0	3
How do you find the difference of an hour in _time and _indextime in Splunk logs? We have logs being parsed in Splunk which have differences in _indextime and _time of an hour. Please advise how can ... by juhisaxena28 Explorer in Splunk Search 02-20-2019 0 1	0	1
How to set up a NEAR real time search in Splunk 6.6.3 I have a client that wants to set up a "near" real time search in Splunk. Can this be done (it needs to be continuou... by nls7010 Path Finder in Splunk Search 02-20-2019 0 4	0	4
How can I add the results of some particular columns to a new column? I ran a query which gave results in the below manner I just want the last two columns, that is Today and Tomorrow... by ashokpuvvada New Member in Splunk Search 02-20-2019 0 1	0	1
Unable to search using REST API Hi I have a cloud instance version 7.0.2.1 https://prd-p-df4vmzb62ds7.cloud.splunk.com. I am trying to use REST API t... by vinitchaudhari1 New Member in Splunk Search 02-20-2019 0 3	0	3
Is the mvindex function just visual? With my situation, all events have double the values in each field for some reason. I'm not an admin so I just have t... by russell120 Communicator in Splunk Search 02-20-2019 0 3	0	3
"addinfo" and "search_now" -- has search_now been removed? Hi all, Previously I've used "search_now" to determine the start time of a late-running scheduled search. This appea... by althomas Communicator in Splunk Search 02-20-2019 0 0	0	0
Not enough pct_cpu metrics in introspection Please advise! We noticed that in our 7.0.2 on-prem Splunk install on CentOS, CPU load metrics are partially missing.... by znaesh Path Finder in Splunk Search 02-20-2019 1 0	1	0
Calculate on one field in multiple events Hi, I collect json data like this: {"timestamp":"2019.02.19-10:20:30","label":"xxx","size":"100"} {"timestamp":"201... by JuGuSm Path Finder in Splunk Search 02-20-2019 0 6	0	6
Appropriate ingest structure for large lists and for analysis Hi, I've got a large list which is grouped in chronological order and I'd like to ingest it into Splunk. The list s... by splunked38 Communicator in Splunk Search 02-20-2019 0 8	0	8
How do you combine stats results for a base data grid? I would like to combine the results of two searches to use as a dashboard base search and then filter in different wa... by mikeydee77 Path Finder in Splunk Search 02-20-2019 0 4	0	4
How can I create a scatter plot of data points distributed over time? Hi, I am having some difficulty in locating information to help me to create a scatter plot (over time) of a data se... by mtanadsk Explorer in Splunk Search 02-20-2019 4 9	4	9
How do you find the count of hours between two dates? Hi, Please find the below query index="os" sourcetype="Service" CaseNumber=* status="Complete" assignment_group=*... by ramesh12345 Explorer in Splunk Search 02-20-2019 0 12	0	12
Define condition per timeframe Hi there, I hope for some help with a query. I'm using the following query to get a list of all failed login atte... by swimena Explorer in Splunk Search 02-19-2019 0 3	0	3
Is tstats supposed to work with fields that contain period characters? I just discovered that indexed fields with periods in them are not tstatsable in my 7.2.1 environment. Is this a kno... by woodcock Esteemed Legend in Splunk Search 02-19-2019 0 3	0	3
Is there a way to pass the current date into the outputlookup file name? Is there a way to pass current date into outputlookup file name? For instance I created and append my lookup file wi... by mic1024 Path Finder in Splunk Search 02-19-2019 2 4	2	4
droping cvs file to a unix folder I am currently emailing a report to end-users. Is there a way to drop the cvs file into a given Unix folder on a diff... by abbass1 New Member in Splunk Search 02-19-2019 0 0	0	0
How to timechart a map command with multiple input rows I have a map command whose input contains multiple rows. The input is responsible for collecting the names of macros... by weidertc Contributor in Splunk Search 02-19-2019 0 5	0	5