Splunk Search

Community Activity

Get the time difference between 2 different events based on common fields I have a log that shows when the particular event was fired 2019-01-14 19:20:21,849 [DEBUG] [c.h.d.s.i.Asynchronou... by mrafiq17 Explorer in Splunk Search 01-16-2019 1 8	1	8
how to search data created before last 14 Business days? I have a set of data with "submit date" like "2019-Jan-16 17:42:00". How can I get data submitted before 14 Business ... by wangzhaoyu New Member in Splunk Search 01-16-2019 0 5	0	5
Summary Indexing and TZ Hi, I am getting a raw event stream which is getting TZ per PT Splunk props.conf is looking at TZ as PT and converts... by nikhilmehra79 Path Finder in Splunk Search 01-16-2019 0 5	0	5
How to extract fields with not displayed content ? if I have a short event log, I can easy extract the field that displayed in the "Extraction fields Wizard". ( use mou... by lllidan New Member in Splunk Search 01-15-2019 0 7	0	7
Difficulty creating a timechart from SNMP multivalue data. I am receiving SNMP data using the SNMP Modular Input application. The extraction configurated in this application is... by loren3737 Explorer in Splunk Search 01-15-2019 0 0	0	0
Consolidation of tstats results. We're performing a migration of our syslog infrastructure and I need to get some metrics that show progress. Since th... by pkeller Contributor in Splunk Search 01-15-2019 0 4	0	4
eval alerting on matching fields. i want to make an alert that will pop when two values in a event match. index=foo_index sourcetype=foofoo_prod\| eva... by sbattista09 Contributor in Splunk Search 01-15-2019 0 1	0	1
What Splunk query monitors for an expected event? A microservice converts incoming records (logged as events) and must perform this conversion within 5 minutes. The ou... by Oerstier New Member in Splunk Search 01-15-2019 0 2	0	2
listing _time changes the format to epoch It looks like using stats list(_time) displays the results in epoch. How do I make this more human readable? by frbuser Path Finder in Splunk Search 01-15-2019 0 1	0	1
How to pass variable or token from subsearch to search Hi Splunkers, We are trying to pass variables from the subsearch to search, in this case from the subsearch we are g... by rsokolova Path Finder in Splunk Search 01-15-2019 0 4	0	4
calculate duration by skiping overlapping time Hi, Please help me to calculate service availability of the system. Method Time of down Time of up A ... by anantdeshpande Path Finder in Splunk Search 01-15-2019 0 3	0	3
How can I change duration [5s] to something I can calculate with? Hi, I made a search, and want to finetune it with something like "show duration >20seconds", but duration is showed a... by svester New Member in Splunk Search 01-15-2019 0 6	0	6
Can you help me improve the performance of a custom search? Hi, We have Linux Auditd data coming into Splunk with sourcetype=linux:audit. In Auditd logs, Record Types define ev... by att35 Builder in Splunk Search 01-15-2019 0 6	0	6
Splunk Cluster keeps showing Peers as BatchAdding The Peers keep showing up as BatchAdding....they stabilize and then go back.... by jmcclure Explorer in Splunk Search 01-15-2019 0 1	0	1
mvlist functionality My search (1) transaction PG SessionID mvlist=SessionEventNet nullstr=0\|eventstats sum(SessionEventNet) as SessionNe... by javiles1960 Explorer in Splunk Search 01-15-2019 1 9	1	9
I have installed splunk enterprise version on windows 2008 R2 server. I am not able to access the splunk web outside the server. We have installed the splunk enterprise version 7.0.2 on a windows server 2008 R2. However we are not able to access ... by naagaraj Engager in Splunk Search 01-15-2019 0 4	0	4
I'm unable to connect to splunk using java application. I'm accessing splunk via a VPN. So if I'm trying to access splunk via browser, after logging in using username and pa... by spideyweb008 New Member in Splunk Search 01-15-2019 0 1	0	1
apply apache field extractions to nonstandard sourcetype Hello, I have some apache access logs coming in that I'd like to label sourcetype="aem:access" instead of sourcetyp... by zhatsispgx Path Finder in Splunk Search 01-15-2019 0 7	0	7
Finding Historical Gaps in Data I have an existing search that shows devices that currently are not logging i.e. gaps however, I didn't have an aler... by neely_hpe New Member in Splunk Search 01-14-2019 0 1	0	1
SWAGGER URL for SPLUNK Hi All, I have downloaded SPLUNK Enterprise -Trial We are trying to use SPLUNK Enterprise for Automation using cloud... by abedeen Engager in Splunk Search 01-14-2019 1 0	1	0
Question : I am facing issue in Regular expression want to print substring from string Hello Sir , I am new for this Regular expression . in our log has different value for field. want to remove char upt... by su_kumar New Member in Splunk Search 01-14-2019 0 5	0	5
Field Extraction help for user and email The following is one of the sample raw logs. 01/14/19 2:05:25.000 PM 2019-01-14 19:05:24.915 INFO 1234 --- [abcd-2... by pavanae Builder in Splunk Search 01-14-2019 0 2	0	2
Hot folder does not index some files Good morning everyone I'm having trouble crawling multiple files at once. Today I copied 100 files and placed them i... by gabrielgarciia New Member in Splunk Search 01-14-2019 0 2	0	2
Can Splunk charts display a logrythmic Axis? Hi, Is there an option for Splunk to display chart axis logrythmically? I don't see an option in the standard chart... by a212830 Champion in Splunk Search 01-14-2019 1 2	1	2
How do you add a blank row after each unique host in search results? I have a search statement in a customized dashboard to show the disk utilization of my servers. I would like to add a... by kenntun Engager in Splunk Search 01-14-2019 0 8	0	8