Splunk Search

Community Activity

ERROR SearchResultsCSVSerializer - Failed to open file for writing Seeing tons of these errors in splunkd logs of indexers. What could be the reason? We are also experiencing search pe... by Rob2520 Communicator in Splunk Search 02-20-2019 0 3	0	3
How do you find the difference of an hour in _time and _indextime in Splunk logs? We have logs being parsed in Splunk which have differences in _indextime and _time of an hour. Please advise how can ... by juhisaxena28 Explorer in Splunk Search 02-20-2019 0 1	0	1
How to set up a NEAR real time search in Splunk 6.6.3 I have a client that wants to set up a "near" real time search in Splunk. Can this be done (it needs to be continuou... by nls7010 Path Finder in Splunk Search 02-20-2019 0 4	0	4
How can I add the results of some particular columns to a new column? I ran a query which gave results in the below manner I just want the last two columns, that is Today and Tomorrow... by ashokpuvvada New Member in Splunk Search 02-20-2019 0 1	0	1
Unable to search using REST API Hi I have a cloud instance version 7.0.2.1 https://prd-p-df4vmzb62ds7.cloud.splunk.com. I am trying to use REST API t... by vinitchaudhari1 New Member in Splunk Search 02-20-2019 0 3	0	3
Is the mvindex function just visual? With my situation, all events have double the values in each field for some reason. I'm not an admin so I just have t... by russell120 Communicator in Splunk Search 02-20-2019 0 3	0	3
"addinfo" and "search_now" -- has search_now been removed? Hi all, Previously I've used "search_now" to determine the start time of a late-running scheduled search. This appea... by althomas Communicator in Splunk Search 02-20-2019 0 0	0	0
Not enough pct_cpu metrics in introspection Please advise! We noticed that in our 7.0.2 on-prem Splunk install on CentOS, CPU load metrics are partially missing.... by znaesh Path Finder in Splunk Search 02-20-2019 1 0	1	0
Calculate on one field in multiple events Hi, I collect json data like this: {"timestamp":"2019.02.19-10:20:30","label":"xxx","size":"100"} {"timestamp":"201... by JuGuSm Path Finder in Splunk Search 02-20-2019 0 6	0	6
Appropriate ingest structure for large lists and for analysis Hi, I've got a large list which is grouped in chronological order and I'd like to ingest it into Splunk. The list s... by splunked38 Communicator in Splunk Search 02-20-2019 0 8	0	8
How do you combine stats results for a base data grid? I would like to combine the results of two searches to use as a dashboard base search and then filter in different wa... by mikeydee77 Path Finder in Splunk Search 02-20-2019 0 4	0	4
How can I create a scatter plot of data points distributed over time? Hi, I am having some difficulty in locating information to help me to create a scatter plot (over time) of a data se... by mtanadsk Explorer in Splunk Search 02-20-2019 4 9	4	9
How do you find the count of hours between two dates? Hi, Please find the below query index="os" sourcetype="Service" CaseNumber=* status="Complete" assignment_group=*... by ramesh12345 Explorer in Splunk Search 02-20-2019 0 12	0	12
Define condition per timeframe Hi there, I hope for some help with a query. I'm using the following query to get a list of all failed login atte... by swimena Explorer in Splunk Search 02-19-2019 0 3	0	3
Is tstats supposed to work with fields that contain period characters? I just discovered that indexed fields with periods in them are not tstatsable in my 7.2.1 environment. Is this a kno... by woodcock Esteemed Legend in Splunk Search 02-19-2019 0 3	0	3
Is there a way to pass the current date into the outputlookup file name? Is there a way to pass current date into outputlookup file name? For instance I created and append my lookup file wi... by mic1024 Path Finder in Splunk Search 02-19-2019 2 4	2	4
droping cvs file to a unix folder I am currently emailing a report to end-users. Is there a way to drop the cvs file into a given Unix folder on a diff... by abbass1 New Member in Splunk Search 02-19-2019 0 0	0	0
How to timechart a map command with multiple input rows I have a map command whose input contains multiple rows. The input is responsible for collecting the names of macros... by weidertc Contributor in Splunk Search 02-19-2019 0 5	0	5
Can an admin delete any lookup, owned by anybody? I'm trying, as an admin, to delete a couple of lookups, but I don't see a way to do it via the interface. Is there a ... by ddrillic Ultra Champion in Splunk Search 02-19-2019 0 8	0	8
How do you do an automatic extraction based on the SPL 'extract' command? Using: index=default sourcetype=my:sourcetype \| extract pairdelim="][", kvdelim="=", auto=f Feb 19 09:44:02 fooba... by pkeller Contributor in Splunk Search 02-19-2019 0 2	0	2
How do you search one lookup field and display another lookup field's information if a matching event occurs? For example, I have lookup xyz.csv with two fields, A and B. I want to search for the value of A field. If any matc... by N92 Path Finder in Splunk Search 02-19-2019 0 7	0	7
How to implement corrolation base on 2 fileds Hello everyone! We have a log file contains the following information, status 0 means server is up, 1 means down: Da... by atpsplunk11 Explorer in Splunk Search 02-19-2019 0 0	0	0
How can we identify a particular search using lookup or lookup definition? How can we identify a particular search using lookup or lookup definition? in the case where a lookup file is enable... by N92 Path Finder in Splunk Search 02-19-2019 0 3	0	3
Listonly desired accounts Splunk Enterprise 7.1.3, SCCM Current Branch with univesal forwarder configured to forward event logs and WMI. I hav... by noy72 New Member in Splunk Search 02-19-2019 0 3	0	3
help to remove an empty line hI I use the request below sometimes I have only value for Free_Space and sometimes only value for TotalSpace instea... by jip31 Motivator in Splunk Search 02-19-2019 0 7	0	7