Splunk Search

Community Activity

Data models slow after restart - tstats HI Every Saturday we do a full stop of Splunk and we do a full back up + restart. The issues is come Monday morning ... by robertlynch2020 Influencer in Splunk Search 02-01-2019 0 6	0	6
Search query required to lookup a csv file Hi, I need to check if the source address from the firewall logs is in private ip address range. How would i check u... by ajayrejin Explorer in Splunk Search 02-01-2019 0 4	0	4
String compare regex wildcard (( host="vwp054" AND source="E:\\Apache\\apisit\\")) \| eval site = if(match(source,"E:\A."),1,0) \| eval aba = if(... by darioapis Explorer in Splunk Search 01-31-2019 0 1	0	1
How can I add a matched lookup field to my stats command output? Hi all, My apologies if the title was a bit vague, wasn't sure how to word it! I have a search which identifes keyw... by danfinan Explorer in Splunk Search 01-31-2019 0 1	0	1
Change table representation I have a table as follows: CN\|Lev\|ref1\|ref2\|ref3\|ref4\|ref5\|ref6 cn1\|1\|1\|2\|3\|4\|\|\| cn2\|2\|\|\|\|\|5\|6\| The representation ... by anisgupt New Member in Splunk Search 01-31-2019 0 2	0	2
How do you set date_mday for yesterday? If I run the following search, adjust the time picker to the last 7 days, AND the 28th falls within the time picker d... by dorgra Path Finder in Splunk Search 01-31-2019 0 2	0	2
Rex to extract text that ends with either one of multiple words Hello all, I have data like this reason="abc";appName=.... reason="xyz";ERServer=... reason="dfg",ClientBob=... Ho... by Cbr1sg Path Finder in Splunk Search 01-31-2019 0 17	0	17
How do you build a panel with different source inputs? I am trying to build a panel where I would like to input the source and present in a radial guaze. The simple query ... by pranay04 Explorer in Splunk Search 01-31-2019 0 3	0	3
How do you get a distinct count of one field based on the value of another? I need to count the total based on status, but also the number of sessions for each status. The number of sessions i... by weidertc Contributor in Splunk Search 01-31-2019 0 2	0	2
Configure an emailed report with timechart to display in local time rather than GMT? I have a report of proxy logs that is emailed to me every evening. The logs themselves are in GMT. I set the time f... by DEAD_BEEF Builder in Splunk Search 01-31-2019 0 0	0	0
Why are log events indexed from GZip archive with a specified source type missing extracted fields? Hi there, I have a custom source type (papertrail) that is a tab delimited source and have verified it works correct... by statmuse Engager in Splunk Search 01-31-2019 0 7	0	7
What exactly is Archiver (Archiving large_file) doing? In splunkd.log we see: 01-31-2019 12:38:03.683 -0800 INFO Archiver - Archiving large_file=/opt/splunk/etc/apps/sear... by the_wolverine Champion in Splunk Search 01-31-2019 0 2	0	2
Can I have an accelerated search summary for 1 year if the index retention time is set to 90? I am attempting to come up with a solution to hold log data for 180 days for data within an index that has a retentio... by ericg57 Engager in Splunk Search 01-31-2019 0 4	0	4
how can i do to make this events into Splunk? hello team! We have this logs comming in a port 10162 (say that this is a kind of "syslog" but it comes with a lot o... by lightech1 Path Finder in Splunk Search 01-31-2019 0 2	0	2
allow-custom-value doesn't work in Splunk 7.2.3 I've built a custom alert action with a UI. One of my inputs is dynamic, and populated from a splunk search. Here is ... by asemle Explorer in Splunk Search 01-31-2019 1 2	1	2
Restrict results by count > 30? This is my query: index=mtickets MovieRating=R CustomerAge<17 \| stats count by MovieName Can I restrict the results... by jmgilpin New Member in Splunk Search 01-31-2019 0 2	0	2
Inner Join Returns Different Results When Reversing Search Order Been working on a proof of concept that seems to be eluding me. From my work with SQL I would expect that an Inner Jo... by ravencr0ss New Member in Splunk Search 01-31-2019 0 2	0	2
Problem with token eval I am trying to rest one hour to fiel1latest What I am doing wrong, I am trying to rest one hour to fiel1latest <label>otro</label> <fieldset submitButton=... by rutdesanti New Member in Splunk Search 01-31-2019 0 2	0	2
Using the Send to File app, why am I getting the following error?: "No such file or directory" error Hello @Damien Dallimore - I am using your app Send to File and see the following errors in the View log events. Th... by arock New Member in Splunk Search 01-31-2019 0 1	0	1
Unfamiliar Syntax in Query I have a query, written by someone else, that I'm trying to understand: tstats count as count sum(sessionLength) ... by inovexsean Explorer in Splunk Search 01-31-2019 0 5	0	5
not getting the time difference Hi splunkers, i m trying to calculate the time differece in minutes between the two fields sla_time and FILE_ARRIVA... by pench2k19 Explorer in Splunk Search 01-31-2019 0 4	0	4
How do you find the properties/metadata of a lookup file via REST API? We have certain automated lookup files, which get updated by various feeds. Any chance to get the properties of thes... by koshyk Super Champion in Splunk Search 01-31-2019 0 2	0	2
Gauge not showing numbers over a billion Morning all is there a way to show over 1 billion on a gauge without out it converting to 1E etc, Thanks by rossparfect Path Finder in Splunk Search 01-31-2019 0 2	0	2
Is the following calculation possible ? I'm currently generating an AvgTime of processing cycles in a thread within a 5 min duration and writing these out to... by luckyman80 Path Finder in Splunk Search 01-31-2019 0 7	0	7
Indexing salt on ID value Hello, I'm looking for a way to not index an event if the ID is already in the index. The log will have this format... by arthurf Explorer in Splunk Search 01-31-2019 0 5	0	5