Splunk Search

Community Activity

How do I add a time range to a datamodel search that cannot use tstats? I have a data model where the object is generated by a search which doesn't permit the DM to be accelerated which mea... by scottrunyon Contributor in Splunk Search 12-27-2018 1 3	1	3
embedded tables limited to 20 rows ? I use some embedded reports and they work fine. Now i made an upgrade to Version 6.3 and a Searchhead-Cluster. Now em... by sdeveen Explorer in Splunk Search 12-27-2018 7 9	7	9
Can you help me get a set of results based on the time picker? We need to get the previous week's results as a second set of results based on the time picker used for current time ... by weidertc Contributor in Splunk Search 12-27-2018 0 3	0	3
How do you exclude results based on multiple fields? I am trying to get where I have if the _time and host are the same I exclude those results. I was thinking an eval o... by HealyManTech Explorer in Splunk Search 12-27-2018 0 1	0	1
text of previous searches Greetings, I am looking for a way to output previous search parameters. I am running: index=_audit action=search "... by ccsfdave Builder in Splunk Search 12-27-2018 0 7	0	7
How do you use lookups to throttle alerts? Currently, I'm trying to leverage a lookup table to accomplish the following: I currently have an alerting setup for... by jj39501 New Member in Splunk Search 12-27-2018 0 2	0	2
Convert from table to Line Chart Hello! I apologize in advance for such a bad request and a stupid question, as well as ignorance of English.I've been... by fsda New Member in Splunk Search 12-27-2018 0 1	0	1
How do I extract a field from another field? I have an event in the following format 2018-12-10 15:15:40 [Thread-34-TestBolt-executor[4 4]] INFO com.learn.code.... by rohinisb91 Observer in Splunk Search 12-27-2018 0 3	0	3
Why is my field with numeric values not giving results in my search? Hello All, I have a search which gives the below results: As seen it has 100+ call id, now when i expand the call... by patilsh Explorer in Splunk Search 12-27-2018 0 4	0	4
"Could not retrieve XXXXXXXXXX. Make sure that this resource exists and has the correct permissions" In splunk Enter prise when click on stack trace of a particlur error.. "Could not retrieve 039d0781541763dae3dea8a28e4df3e8. Make sure that this resource exists and has the correct permiss... by jasnaidu Engager in Splunk Search 12-27-2018 1 0	1	0
splunk internal logs, precisions on the "clientip" field Hi, I want to list all Deployment client on a dashboard in my Search Head with the following request: index=_interna... by mabonjean Explorer in Splunk Search 12-27-2018 0 6	0	6
Splunk ES Auto Lookup from assets.csv for sourcetype=yum All, I noticed that asset.csv auto lookup isn't happening with sourcetype=yum. Is there a special way to enable thi... by daniel333 Builder in Splunk Search 12-27-2018 0 1	0	1
How come my regex field extraction is showing no results? I have a log data and have a correct regex to extract data, which I confirmed works. However, the named field shows n... by kudvan New Member in Splunk Search 12-26-2018 0 2	0	2
How do you extract the number of orders processed? I am trying to use regex to get the number of orders processed in the example below. Number for orders processed: 36... by orchapellico Explorer in Splunk Search 12-26-2018 0 2	0	2
Is there any added benefit in using separate email addresses or indices for RUA and RUF reports? To anyone that has used Splunk to monitor DMARC: Building out dashboards and reports for DMARC visibility, I've notic... by alexandror New Member in Splunk Search 12-26-2018 0 0	0	0
How to find the event count that are not repeated and repeated events in next consecutive quarter over year ? I used set diff command, it works fine for less rows. But for my search it terminating and limiting the search result... by venkatesh0464 Engager in Splunk Search 12-26-2018 0 2	0	2
How can you add help to a custom search command? How can you add help to a custom search command? by Marinus Communicator in Splunk Search 12-26-2018 4 5	4	5
How do I covert an Object name into columns using a back slash? Hello Team, Could anyone help me in spiting an Object name into a column name? Like In Query we are getting Object ... by shishirkumar Engager in Splunk Search 12-26-2018 0 2	0	2
How do I match multiple regex expressions? I need to run a query that matches multiple expressions from JSON data. This is what I tried, but it didn't work: re... by BenzionYunger New Member in Splunk Search 12-25-2018 0 4	0	4
xml search time extraction not working Hi, I am trying to extract the field tags and values between the interceptor and \Interceptor tags but am not able to... by ssjabid Explorer in Splunk Search 12-25-2018 0 1	0	1
How to convert a number to String? Can somebody please help me in converting a number back to string? by gokikrishnan New Member in Splunk Search 12-25-2018 0 4	0	4
How do I get a value from a field as described in the following example? some normal text.......and in between <ns0:ExceptionLog_Action> <ns0:Exception> <ns0:Code>11... by vaibhavvijay9 New Member in Splunk Search 12-25-2018 0 2	0	2
How to report composite transaction breakdown in terms of total, transaction and application duration averages Given the following log events, how can transaction be used to calculate the average duration of nested overlapping t... by crisjnelson Explorer in Splunk Search 12-24-2018 0 3	0	3
Can you help me with a query using the streamstats command? Here is how events are, 2018-12-20T13:38:07.938-0500: 28658.929: [Dull BC (Allocation Failure) 2018-12-20T13:38... by zacksoft Contributor in Splunk Search 12-24-2018 0 2	0	2
I need to display the error message (DC1-4 connect fail host:port Connection refused (Connection refused)) in a column until logs have the info message (DC1-4 connected host:port) Hi - Need to create a Splunk dashboard for an application. Am very new to Splunk and doesn't have any Splunk exper... by a508184 Explorer in Splunk Search 12-24-2018 0 11	0	11