Splunk Search

Community Activity

How can I add the current month to a timechart if that current month has no results? Hello All, Assuming the following timechart \| timechart count span=1mon If there are no results for the current mo... by andrewtrobec Motivator in Splunk Search 02-05-2019 0 1	0	1
Parsing epoch time (tai64n) with milliseconds Hello All, I have a log which has the following unix tai64n timestamp: @400000004ddf8b5a1803be44. Splunk 4.2.1 recog... by OL Communicator in Splunk Search 02-05-2019 0 5	0	5
Can I see the querries and events after publishing my app in splunk base? Any specific permissions needed. Can I see the querries and events after publishing my app in splunk base? Any specific permissions needed. I have cre... by tdeepak New Member in Splunk Search 02-05-2019 0 0	0	0
How to do a group by on regex I have a certain field which contains the location of a file. The filepath looks like this /some/path//some.csv. I wa... by utkarshpujari Engager in Splunk Search 02-04-2019 0 3	0	3
Extract multiple fields with one RegEx Splunkers, I'm trying to write one regex to extract a bunch of fields from a single event. Here's an example of o... by matthew_foos Path Finder in Splunk Search 02-04-2019 0 5	0	5
How do I search for events that match a regex OR have Key? Say I have an event in the form: { "a": {"b": "c"}, "d": "e" } I want to include the event if "c" matches... by splunkqy Explorer in Splunk Search 02-04-2019 0 1	0	1
Is it possible to treat a _meta field as a non-indexed field? I have seen conflicting answers on this and am confused about what should and shouldn't work. In inputs.conf on our ... by jonow New Member in Splunk Search 02-04-2019 0 11	0	11
Search processing language Hi Everyone, Can any one help me with SPL to extract report of recent log sources reporting with time and the time d... by EHariharan Explorer in Splunk Search 02-04-2019 1 3	1	3
Why is my search string not triggering an alert as expected? I have seven jobs that run at regular intervals, and I can see them in Splunk. However, when I use this search string... by williamholder Explorer in Splunk Search 02-04-2019 0 2	0	2
How do you use the rex command to extract a certain error? I am trying to extract a certain error and then plot in on an are chart using rex. Below is the error I am looking fo... by pranay04 Explorer in Splunk Search 02-04-2019 0 1	0	1
How do you find the time difference for fields within transactions? CorrelationID=1==, CaseID=2 endProcess=SubmitInfo , 2019-02-02 11:02:06,130 CorrelationID=1==, CaseID=2 STartProcess=... by venkatrajan04 New Member in Splunk Search 02-04-2019 0 3	0	3
Proofpoint is not loading I installed the add-on for proofpoint. The add-on link is https://splunkbase.splunk.com/app/3681/. I am using splun... by graju89 Path Finder in Splunk Search 02-04-2019 0 0	0	0
How to use condition search by check on $click.value$ of parameter. Hello I have 2 chart (1. Top 10 Signature) (2. Source IP Address) My query can show overall event but can't show spe... by mindterrian New Member in Splunk Search 02-04-2019 0 4	0	4
using map and if/isnull but missing fields in base is causing failure hi could someone please help me out here. been stuck with a problem. we have multiple existing queries in our environ... by milidna13 New Member in Splunk Search 02-04-2019 0 3	0	3
What is the meaning of the following statement? In the following search: index=_internal source=*metrics.log group="per_host_thruput" \| eval GB=kb/1048576 \| stats s... by sbgoldberg13 Explorer in Splunk Search 02-04-2019 0 4	0	4
Syslog forwarding and load balancing Hello, I would like to know if it is possible to have load balancing for the syslog forwarding feature of Splunk. Fo... by jwillaime Explorer in Splunk Search 02-04-2019 0 2	0	2
Concurrent scheduled saved searches I have about 50 saved scheduled searches that run every minute. And now, there is a situation that every minute those... by bckq Path Finder in Splunk Search 02-04-2019 0 2	0	2
Can you help me update some field values from a lookup table? Hi Team, I have the following field values in a look up file BUS_DT+1,11:00 BUS_DT+0,12:00 i want to update the f... by pench2k19 Explorer in Splunk Search 02-04-2019 0 8	0	8
How to search for all devices in my environment that are sending logs to Splunk? Morning Guys I'm mid plan for ripping out our Splunk environment and starting again. As some of you may be aware fro... by AaronMoorcroft Communicator in Splunk Search 02-04-2019 0 3	0	3
chart stacking i have a single column with different values. i would like to show them as a stacked bar chart.. but when i chart th... by jiaqya Builder in Splunk Search 02-04-2019 0 2	0	2
newline in Splunk query Hi, Please help me with a newline command in Splunk query by v709587 Explorer in Splunk Search 02-04-2019 0 8	0	8
Combining fields from 2 sourcetypes in a stats block All, my query below just returns the values from the first sourcetype (first 3 lines in \|stats). The fields from the ... by akelbr Explorer in Splunk Search 02-04-2019 0 8	0	8
Extracting text from fields Question How would you create a new field for example, color, by extracting the text from the value to an existing field, for ... by hredd New Member in Splunk Search 02-04-2019 0 6	0	6
Is it possible to kill or disable long running searches?? Hi, is it possible to kill or disable long running searches automatically. For example whenever we hit performance is... by dbashyam Explorer in Splunk Search 02-03-2019 0 6	0	6
Excluding a list of IP's from the results I have a list of IP's in a CSV that I need to exclude from the results of a query. Below is a my query. How can I app... by samble Path Finder in Splunk Search 02-03-2019 0 2	0	2