Splunk Search

Community Activity

How to retrieve search name by search id my splunk server has high CPU usage and I saw a bunch of splunkd process like below search --id=admin_adminsearch_se... by danielwan Explorer in Splunk Search 01-25-2019 1 3	1	3
How do you send an alert when the number of records goes below 20% of the daily avg? Hi , I am using the below query to get an average count . But how do I write a query to send an alert when the numbe... by navd New Member in Splunk Search 01-25-2019 0 3	0	3
Very Large Diag File It is becoming harder to submit cases, because our diag files have gotten very large. In the most recent case, the di... by reed_kelly Contributor in Splunk Search 01-25-2019 2 4	2	4
Can you help me compare the numerical values of fields? My company gets a log file that we are trying to compare a set of numbers to one another. These numbers have to be wi... by sgoodman26 Explorer in Splunk Search 01-25-2019 0 4	0	4
Too many one time connections I recently upgraded a Windows heavy forwarder to 7.2.3 and I am now getting errors when it attempts to connect to an ... by joeldavideng Path Finder in Splunk Search 01-25-2019 0 2	0	2
use regex to remove a number from a string Hi, I want to remove a number (up to 5 digits) from a string on its beginning. an example: 43.aaaa_vvvvv.cccccc:ddd... by matansocher Contributor in Splunk Search 01-25-2019 0 3	0	3
視覚エフェクトで作成したグラフの色について - About color of graph created by visual effect Splunk Enterprizeでログのサーチ結果をグラフ化しようとしています。サーチした結果について、視覚エフェクトからグラフ化したところ、グラフの色が用意していた項目の色とずれてしまいました。主導でグラフの色を変えられないか... by arai0729 Explorer in Splunk Search 01-25-2019 0 1	0	1
Timeline App duration problem Hi everyone! I'm trying to use Timeline module but I have some trouble with the duration: Note: I'm working with a l... by MaryvonneMB Path Finder in Splunk Search 01-25-2019 0 4	0	4
Can you help me extract the following fields using the rex command? Is there any way I can extract only PersistenceLo cache cleared! and PmFinUtilityL Cache Cleared (highlighted in BOLD... by harishnpandey Explorer in Splunk Search 01-25-2019 0 5	0	5
Can you help me with a lookup table behavior question? I have a lookup table that is giving me strange search results that I can't figure out — I have a table which is a li... by wfjarrett538 Explorer in Splunk Search 01-25-2019 0 6	0	6
Strange timechart issue I have an issue on one of my two search head clusters where the column order is reversed when running timechart. For... by john_dagostino Path Finder in Splunk Search 01-25-2019 0 9	0	9
Adding search to a search in search string .... Hi all, What i try to ask is if that i can add to this: (index="bogdan") \| rename Date AS RootObject.Date ... by bogdan_nicolesc Communicator in Splunk Search 01-25-2019 0 11	0	11
Extract query parameters from URL Hi, I have a tomcat access log which contains urls like url=/find.do?from-id=549499&q-out=2019-02-20&q-room-0-adul... by vineethvnair0 New Member in Splunk Search 01-25-2019 0 10	0	10
Show events with certain frequency Hi guys, I have an Apache log (with only few information) and I would like to find out the possible events related to... by ernestpoon New Member in Splunk Search 01-25-2019 0 5	0	5
How to only append the event based on the existing records from the main search. Hi. i have a search which need to combine fields from two index. i know i can use "Join" but it is too costly thats ... by xzywind New Member in Splunk Search 01-25-2019 0 0	0	0
Why am I receiving an error in 'rex' command? Hi team, I want to ask: I cannot do extract new field and its show this error. Error in 'rex' command: The regex 'Te... by khairilfirza Explorer in Splunk Search 01-24-2019 1 14	1	14
how to find out the data available for a sourcetype Hi, Can i please know about how to find out a old data available for a sourcetype. For example, if i have a sourcetyp... by iamlearner123 Explorer in Splunk Search 01-24-2019 0 4	0	4
Can you help me extract some data with regex? Hi, I have this data {"method":"GET","url":"/rest/icontrol/logout","params":{},"requestStartTime":1548363789220,"re... by dbcase Motivator in Splunk Search 01-24-2019 0 4	0	4
values Shared by Search output and Lookup TIA. This has probably been asked and answered dozens of times but my brain is now mush. The following search gives ... by DavisLee New Member in Splunk Search 01-24-2019 0 1	0	1
How do I round only certain columns/fields ? How do I round only certain columns/fields ? below this \| foreach * [eval <<FIELD>>=round('<<FIELD>>',2)] will round ... by HattrickNZ Motivator in Splunk Search 01-24-2019 0 1	0	1
Can you help me with a problem with an AND operator in a CASE and IF statement? I have one lookup in which there is a field which consist Team Member A1 A2 A3 A4 A5 A6 A7 Now,If TeamMember=(A1 ... by kumagaur New Member in Splunk Search 01-24-2019 0 1	0	1
How do you rename chart columns and add a dynamic count in brackets? I've got an average session duration (gotten via \| Transaction) broken down by EndStatus. EndStatus is the cause of t... by VexenCrabtree Path Finder in Splunk Search 01-24-2019 1 10	1	10
How to display "0" instead of "No Results Found" Hi guys! I have the below query for a Single Value Dashboard Panel. It is counting the daily total error duration of... by auaave Communicator in Splunk Search 01-24-2019 0 5	0	5
How to Extract Values from a KV within a event log I have the below log event. [INFO ] 2019-01-24T04:09:20,513 [thread=framework1234] className=DummyConsumer - {} - {... by vickyvishwa Explorer in Splunk Search 01-24-2019 0 2	0	2
Is there a way to set a field alias at search time? Is there a way to set a Field Alias as search time, I am building a report looking at Windows Event IDs, In this case... by knutsod Path Finder in Splunk Search 01-24-2019 2 3	2	3