Splunk Search

Community Activity

How to set up a NEAR real time search in Splunk 6.6.3 I have a client that wants to set up a "near" real time search in Splunk. Can this be done (it needs to be continuou... by nls7010 Path Finder in Splunk Search 02-20-2019 0 4	0	4
How can I add the results of some particular columns to a new column? I ran a query which gave results in the below manner I just want the last two columns, that is Today and Tomorrow... by ashokpuvvada New Member in Splunk Search 02-20-2019 0 1	0	1
Unable to search using REST API Hi I have a cloud instance version 7.0.2.1 https://prd-p-df4vmzb62ds7.cloud.splunk.com. I am trying to use REST API t... by vinitchaudhari1 New Member in Splunk Search 02-20-2019 0 3	0	3
Is the mvindex function just visual? With my situation, all events have double the values in each field for some reason. I'm not an admin so I just have t... by russell120 Communicator in Splunk Search 02-20-2019 0 3	0	3
"addinfo" and "search_now" -- has search_now been removed? Hi all, Previously I've used "search_now" to determine the start time of a late-running scheduled search. This appea... by althomas Communicator in Splunk Search 02-20-2019 0 0	0	0
Not enough pct_cpu metrics in introspection Please advise! We noticed that in our 7.0.2 on-prem Splunk install on CentOS, CPU load metrics are partially missing.... by znaesh Path Finder in Splunk Search 02-20-2019 1 0	1	0
Calculate on one field in multiple events Hi, I collect json data like this: {"timestamp":"2019.02.19-10:20:30","label":"xxx","size":"100"} {"timestamp":"201... by JuGuSm Path Finder in Splunk Search 02-20-2019 0 6	0	6
Appropriate ingest structure for large lists and for analysis Hi, I've got a large list which is grouped in chronological order and I'd like to ingest it into Splunk. The list s... by splunked38 Communicator in Splunk Search 02-20-2019 0 8	0	8
How do you combine stats results for a base data grid? I would like to combine the results of two searches to use as a dashboard base search and then filter in different wa... by mikeydee77 Path Finder in Splunk Search 02-20-2019 0 4	0	4
How can I create a scatter plot of data points distributed over time? Hi, I am having some difficulty in locating information to help me to create a scatter plot (over time) of a data se... by mtanadsk Explorer in Splunk Search 02-20-2019 4 9	4	9
How do you find the count of hours between two dates? Hi, Please find the below query index="os" sourcetype="Service" CaseNumber=* status="Complete" assignment_group=*... by ramesh12345 Explorer in Splunk Search 02-20-2019 0 12	0	12
Define condition per timeframe Hi there, I hope for some help with a query. I'm using the following query to get a list of all failed login atte... by swimena Explorer in Splunk Search 02-19-2019 0 3	0	3
Is tstats supposed to work with fields that contain period characters? I just discovered that indexed fields with periods in them are not tstatsable in my 7.2.1 environment. Is this a kno... by woodcock Esteemed Legend in Splunk Search 02-19-2019 0 3	0	3
Is there a way to pass the current date into the outputlookup file name? Is there a way to pass current date into outputlookup file name? For instance I created and append my lookup file wi... by mic1024 Path Finder in Splunk Search 02-19-2019 2 4	2	4
droping cvs file to a unix folder I am currently emailing a report to end-users. Is there a way to drop the cvs file into a given Unix folder on a diff... by abbass1 New Member in Splunk Search 02-19-2019 0 0	0	0
How to timechart a map command with multiple input rows I have a map command whose input contains multiple rows. The input is responsible for collecting the names of macros... by weidertc Contributor in Splunk Search 02-19-2019 0 5	0	5
Can an admin delete any lookup, owned by anybody? I'm trying, as an admin, to delete a couple of lookups, but I don't see a way to do it via the interface. Is there a ... by ddrillic Ultra Champion in Splunk Search 02-19-2019 0 8	0	8
How do you do an automatic extraction based on the SPL 'extract' command? Using: index=default sourcetype=my:sourcetype \| extract pairdelim="][", kvdelim="=", auto=f Feb 19 09:44:02 fooba... by pkeller Contributor in Splunk Search 02-19-2019 0 2	0	2
How do you search one lookup field and display another lookup field's information if a matching event occurs? For example, I have lookup xyz.csv with two fields, A and B. I want to search for the value of A field. If any matc... by N92 Path Finder in Splunk Search 02-19-2019 0 7	0	7
How to implement corrolation base on 2 fileds Hello everyone! We have a log file contains the following information, status 0 means server is up, 1 means down: Da... by atpsplunk11 Explorer in Splunk Search 02-19-2019 0 0	0	0
How can we identify a particular search using lookup or lookup definition? How can we identify a particular search using lookup or lookup definition? in the case where a lookup file is enable... by N92 Path Finder in Splunk Search 02-19-2019 0 3	0	3
Listonly desired accounts Splunk Enterprise 7.1.3, SCCM Current Branch with univesal forwarder configured to forward event logs and WMI. I hav... by noy72 New Member in Splunk Search 02-19-2019 0 3	0	3
help to remove an empty line hI I use the request below sometimes I have only value for Free_Space and sometimes only value for TotalSpace instea... by jip31 Motivator in Splunk Search 02-19-2019 0 7	0	7
Can you help me a make regular expression for input.conf on a Splunk forwarder ? Hi, I am collecting all log file to a syslog server where I have a Splunk forwarder installed. To override source of... by meet_vadaria Engager in Splunk Search 02-19-2019 0 2	0	2
Can I tag with search? I would like to tag you at search time. I'd like to tag the result of the calculation when searching. ex ) LogID ... by kawashita_t Explorer in Splunk Search 02-19-2019 0 2	0	2