Splunk Search

Community Activity

Does anybody have idea on "INFO PipelineComponent - Process delayed by 1524.266 seconds, perhaps system was suspended?" log message? All my summaries are running and completed successfully. But I can see "INFO - Process delayed by 1524.266 seconds, p... by sesharao92 Explorer in Splunk Search 01-22-2019 2 0	2	0
What's wrong with my rex? I'm trying to time an event. The event occurs within a burst of log events, which arrive at my Splunk server and usu... by stcrispan Communicator in Splunk Search 01-22-2019 0 15	0	15
Why is my single visualization w/trendline total display off by 1? i have the following query and the events/results show "5" but the Single w/Trendline Visualization shows "4". index... by jaj Path Finder in Splunk Search 01-22-2019 0 2	0	2
tabulate timeline of a notable event I'm trying to create a table that displays the timeline of the notable event based on its status from creation. So, ... by pthalasta New Member in Splunk Search 01-22-2019 0 0	0	0
Services.sh with Init doesn't seem to give service status We've been using services.sh to get service status on systemd boxes without issue. But when we started looking at ol... by splunk219783 Path Finder in Splunk Search 01-22-2019 0 0	0	0
How do you capture values with regex? Hi, I am fairly new to regex and cannot figure out how to capture certain strings. Here is an example of the string... by ebkeys94 Engager in Splunk Search 01-22-2019 0 4	0	4
Can we decide to not show fields ? I have a log file date which is split on different fields ( date_hour, date_second, date_hour etc...) Can i decide t... by magilbert1 Explorer in Splunk Search 01-22-2019 0 3	0	3
Retain SPL format in a drill down When I do a drill down in my dashboard the search box in the new windows get's rid of all the line breaks in my SPL s... by dstuder Communicator in Splunk Search 01-22-2019 1 1	1	1
Search question Hi there, Can someone help me with search around these subjects (I'm using DBX output to SQL) I'm new to this langua... by odeddror New Member in Splunk Search 01-22-2019 0 1	0	1
How do you determine the time difference between two events? So I've read several previous questions on how to get the time difference between events, and they all seem to revolv... by muzicman61 New Member in Splunk Search 01-22-2019 0 9	0	9
Can you help me with the following query using regex: missing terminating ] for character class So I tested this regex with regex101 and it seems to be working but Splunk doesn't seem to like it. Any ideas? \| rex... by JoshuaJohn Contributor in Splunk Search 01-22-2019 0 10	0	10
Simple search extraction for lines of text with spaces ??? Hey Guys, I seem to be struggling to pull out some what I thought would be simple searches. An example result coul... by AaronMoorcroft Communicator in Splunk Search 01-22-2019 0 9	0	9
How do you create several multivalued fields? Hi all, I have several events like this: Field_A // Field_B // Field_C A // 1 // z A // 2 // z B // 3 // y B // ... by MaryvonneMB Path Finder in Splunk Search 01-22-2019 0 2	0	2
How to specify which columns are totaled up? What columns can I somehow override and specify which ones are totaled up? I only want the count to be totaled but ot... by jaj Path Finder in Splunk Search 01-22-2019 0 2	0	2
How come my trendline is not displaying on a single visualization? How can I get trendline data to show up on a single visualization using the following query? The results come back fi... by jaj Path Finder in Splunk Search 01-22-2019 0 2	0	2
How do you use multiple by fields with a trellis layout? Hi all, I want to get the average from a value, group this by cluster and hostname and show the value in a timechart... by tgdvopab Path Finder in Splunk Search 01-22-2019 0 3	0	3
How do I display text in a dashboard panel based on the event coverage percentage in its corresponding pivot? I want to display text in the middle of the panel that is based on the value of a status code or its percentage. I'v... by splunkwiz New Member in Splunk Search 01-22-2019 0 0	0	0
Line chart of daily event totals over N-days I need to display trending IP events over the course of 90 days with each day being a sum of the events. My original... by scotmatson Explorer in Splunk Search 01-22-2019 0 0	0	0
How do you make a regular expression to extract the first 4 words in a sentence? I need to extract the first 4 words in a field with sample data like this, "The team performs checks for the follow... by dojiepreji Path Finder in Splunk Search 01-22-2019 0 3	0	3
Old Index Old Sourcetype New Field - Search Issues Hi all, I have used back the old index & sourcetype but i have re-created new field names for my dashboard. when usi... by hkchew New Member in Splunk Search 01-22-2019 0 4	0	4
It appears you do not have an active Support Contract or entitlement and as a result, cannot open a Support case ! Hello splunkers, I tried to submit a new case but unfortunately i got this error : "It appears you do not have an ... by baroudiem New Member in Splunk Search 01-22-2019 0 6	0	6
match and count in numerical from events Hello, I have a CSV file containing two columns URL and IP. I'm using it to retrieve only events were a match is fou... by adabud6267 Explorer in Splunk Search 01-22-2019 0 0	0	0
How to change the timestamp of duplicate events I tried to change the time stamp of duplicate events. Can any one suggest me a solution. by sesharao92 Explorer in Splunk Search 01-22-2019 0 1	0	1
Need to find the ADM accounts with help of Normal accounts We have 2 types of accounts in our organization user adm-user I can find the disabled users in the organization, b... by deepak007 Explorer in Splunk Search 01-22-2019 0 0	0	0
Can you help me with my multi-line field extraction? Hi, I am looking to extract fields from multi-line events. Some of the events are more than 20 lines. When I am tryi... by AKG1_old1 Builder in Splunk Search 01-22-2019 0 4	0	4