Splunk Search

Community Activity

Can you help me figure out the best way to write the following query? Kindly provide a better way to write the query in the below example. Also, one more thing I need help with is the hi... by sherrysafdar Explorer in Splunk Search 02-05-2019 0 5	0	5
How do you do a multisearch query with the dedup command in a subsearch? I need to search on multiple indexes with the need of the dedup command on one of the searches, for which I only need... by amdhindsa New Member in Splunk Search 02-05-2019 0 4	0	4
How do you list source IPs that hit only two URLs in WEB source types? We have WEB logs, and we need to isolate the source IPs that only (only) hit two URLs. The fields are: src for sou... by aamer86 Path Finder in Splunk Search 02-05-2019 0 8	0	8
Difference between (_time) internal field and (timestamp) default field Guys I cant find the difference between _time internal field and timestamp default field in docs anywhere, Can someo... by PowerPacked Builder in Splunk Search 02-05-2019 0 8	0	8
Can you help me set the concurrency limit in limits.conf? The concurrency limit is set to five based on the below log. We are using a 4 core CPU, and according to the limits.c... by pdantuuri0411 Explorer in Splunk Search 02-05-2019 0 1	0	1
how can i dynamicly change span parametr in timechart i need to change span parameter depending on the time range how can i set dynamycly changing of span in my search qu... by mishaaaaaaaaaa Explorer in Splunk Search 02-05-2019 0 6	0	6
Timewrap to restrict fetch for defined period I have a search like below - mysearch \| timechart count span=1h \| timewrap 1d with time range picker for past 7 da... by vickyvishwa Explorer in Splunk Search 02-05-2019 0 3	0	3
Compare today to yesterday's results Hi how should I modify my search to make it work? host="javaserver1" source="/var/log/javastuff.log" earliest=-1d@d ... by dackamen Engager in Splunk Search 02-05-2019 1 4	1	4
How can I merge two queries using MAP or any other command? I have 2 queries! Query 1: Find top 10 API using top command eg : index="some_index" "abc.def.operation"=* \| ren... by saurabhrai_it Explorer in Splunk Search 02-05-2019 0 8	0	8
How do you use the eval command when the field value contains multiple variables? Hi, How do I use the eval statement when the field value could contain multiple variables? so for example my field ... by jacqu3sy Path Finder in Splunk Search 02-05-2019 0 4	0	4
How can I add the current month to a timechart if that current month has no results? Hello All, Assuming the following timechart \| timechart count span=1mon If there are no results for the current mo... by andrewtrobec Motivator in Splunk Search 02-05-2019 0 1	0	1
Parsing epoch time (tai64n) with milliseconds Hello All, I have a log which has the following unix tai64n timestamp: @400000004ddf8b5a1803be44. Splunk 4.2.1 recog... by OL Communicator in Splunk Search 02-05-2019 0 5	0	5
Can I see the querries and events after publishing my app in splunk base? Any specific permissions needed. Can I see the querries and events after publishing my app in splunk base? Any specific permissions needed. I have cre... by tdeepak New Member in Splunk Search 02-05-2019 0 0	0	0
How to do a group by on regex I have a certain field which contains the location of a file. The filepath looks like this /some/path//some.csv. I wa... by utkarshpujari Engager in Splunk Search 02-04-2019 0 3	0	3
Extract multiple fields with one RegEx Splunkers, I'm trying to write one regex to extract a bunch of fields from a single event. Here's an example of o... by matthew_foos Path Finder in Splunk Search 02-04-2019 0 5	0	5
How do I search for events that match a regex OR have Key? Say I have an event in the form: { "a": {"b": "c"}, "d": "e" } I want to include the event if "c" matches... by splunkqy Explorer in Splunk Search 02-04-2019 0 1	0	1
Is it possible to treat a _meta field as a non-indexed field? I have seen conflicting answers on this and am confused about what should and shouldn't work. In inputs.conf on our ... by jonow New Member in Splunk Search 02-04-2019 0 11	0	11
Search processing language Hi Everyone, Can any one help me with SPL to extract report of recent log sources reporting with time and the time d... by EHariharan Explorer in Splunk Search 02-04-2019 1 3	1	3
Why is my search string not triggering an alert as expected? I have seven jobs that run at regular intervals, and I can see them in Splunk. However, when I use this search string... by williamholder Explorer in Splunk Search 02-04-2019 0 2	0	2
How do you use the rex command to extract a certain error? I am trying to extract a certain error and then plot in on an are chart using rex. Below is the error I am looking fo... by pranay04 Explorer in Splunk Search 02-04-2019 0 1	0	1
How do you find the time difference for fields within transactions? CorrelationID=1==, CaseID=2 endProcess=SubmitInfo , 2019-02-02 11:02:06,130 CorrelationID=1==, CaseID=2 STartProcess=... by venkatrajan04 New Member in Splunk Search 02-04-2019 0 3	0	3
Proofpoint is not loading I installed the add-on for proofpoint. The add-on link is https://splunkbase.splunk.com/app/3681/. I am using splun... by graju89 Path Finder in Splunk Search 02-04-2019 0 0	0	0
How to use condition search by check on $click.value$ of parameter. Hello I have 2 chart (1. Top 10 Signature) (2. Source IP Address) My query can show overall event but can't show spe... by mindterrian New Member in Splunk Search 02-04-2019 0 4	0	4
using map and if/isnull but missing fields in base is causing failure hi could someone please help me out here. been stuck with a problem. we have multiple existing queries in our environ... by milidna13 New Member in Splunk Search 02-04-2019 0 3	0	3
What is the meaning of the following statement? In the following search: index=_internal source=*metrics.log group="per_host_thruput" \| eval GB=kb/1048576 \| stats s... by sbgoldberg13 Explorer in Splunk Search 02-04-2019 0 4	0	4