Splunk Search

Community Activity

	How to add bar chat inside splunk table? Need to implement a bar chart inside Splunk. How to add bar chat inside splunk table. how to do it? by sajithpm101 New Member in Splunk Search 12-02-2018 0 1	0	1
	How can/should we handle the exceptions of field extractions? As we build an entire infrastructure around field extractions, we see all these exceptions, where some of the events ... by ddrillic Ultra Champion in Splunk Search 12-02-2018 0 2	0	2
	How do you count the total # of hostnames and the total # when that value is blank.? I have network logs and sometimes the DNS name is there, and sometimes it isn't. I am struggling to create a simple ... by DEAD_BEEF Builder in Splunk Search 12-02-2018 0 2	0	2
	How come our field extractions no longer work after 7.2.0 upgrade? I have a simple field extraction for postfix: (?=[^C](?:Client host rejected\|C.Client host rejected))^(?:[^\[\n]*\... by DigiAngel New Member in Splunk Search 12-01-2018 0 12	0	12
	How do you calculate the average duration of timestamps? I want to calculate the average time between updates for my data — I.E: on average, how often is this data changing? ... by tb5821 Communicator in Splunk Search 12-01-2018 0 7	0	7
	Why are "search depends" and "search rejects" not working? ISSUE I have two-drop down boxes with a 1 –many relationship with tokens “service family” and “feature” as below. A... by HenryFitzerald New Member in Splunk Search 12-01-2018 0 3	0	3
	How can I update one UF at server where installed two UF agents Hi All, I have two UF agents on the servers. One of them installed through Windows Installer, the second I unpackeged... by atyshke1 Path Finder in Splunk Search 11-30-2018 0 7	0	7
	How do I show a percentage per field by their group total count? Can’t figure out how to display a percentage in another column grouped by its total count per ‘Code’ only. For in... by msmullinax New Member in Splunk Search 11-30-2018 0 11	0	11
	How do you plot two series (total vs matching condition) to a timechart? Hello! I have an index with events that have a status field. They come in the index in real time. I have a dashboar... by orinciog New Member in Splunk Search 11-30-2018 0 4	0	4
	Can you help me pull IP Addresses so that I find the IPlocation of clients? In my logs, I have the IP address but I am struggling pulling it out in a search to display where clients are logging... by orchapellico Explorer in Splunk Search 11-30-2018 0 1	0	1
	Run same search for two different time ranges, identify users who appear in both time ranges Hello, I have a search that returns results in the format user, source ip, destination ip, timestamp. I would like ... by darraghlong New Member in Splunk Search 11-30-2018 0 1	0	1
	How do I use an eval command with a case function with regex to separate the blank vs any character? hi, I have a field PORT_DESC with the values as: "somethings sdsa Device:XYZ PORT: 1.2.3 BackPort: 4.5.6 some oth... by Chandras11 Communicator in Splunk Search 11-30-2018 0 4	0	4
	Recursively Search Until Condition Hi, I am looking for a way to connection multiple events with two corresponding values together until I hit a condit... by mrstrozy Path Finder in Splunk Search 11-30-2018 0 1	0	1
	In a dashboard, how do you do a filter so that only certain values appear in the chart dropdown ? Hi all, I have created a dashboard as below. But I had a problem during the chart generation. When the first dropd... by kingwaras Engager in Splunk Search 11-30-2018 0 1	0	1
	How do I break multiline events beginning with a #? Hello, I have to break an event that begins with a # on the first line. ds-sync-hist: modifyTimestamp:00000167645c9... by ktn01 Path Finder in Splunk Search 11-30-2018 0 5	0	5
	How do I combine unique values of a field into one for multiple fields? I am trying to make a report with the unique combination of ID, AVER SRV, ZONE, IPADDR & host. Unfortunately, I am ge... by srizan Path Finder in Splunk Search 11-30-2018 0 2	0	2
	Enterprise 7.2 - Extract doesn't work, rex does Hello all, I have a problem with one field extract that works if I use the exact regex syntax in the rex command but... by mweissha Path Finder in Splunk Search 11-30-2018 0 5	0	5
	Process high memory usage hello, on my splunk i have about 50 dashboards with 10 panels for each one. Many times i see "process is waiting for ... by null0 New Member in Splunk Search 11-30-2018 0 0	0	0
	Multiple alerts in one query Please help I want the query with below scenario. Requirement 1: Check occurence of 0 in 10 mins timeframe. If conti... by sahil237888 Path Finder in Splunk Search 11-30-2018 0 3	0	3
	Join two seaches with a range time Hello there. I have reading some answers similar to mine, but none of them fit with what I have in mind. I have two... by slorente Explorer in Splunk Search 11-30-2018 0 2	0	2
	Reset_after command not working for resetting values of multiple columns Reset_after command not working for resetting value of multiple columns. I am using below command (replace @ symbol ... by sahil237888 Path Finder in Splunk Search 11-30-2018 0 0	0	0
	Need help with REST API & SDK We are using Splunk Cloud. How can I access REST API? Do I need to request to enable REST API? by splunkusr9 New Member in Splunk Search 11-30-2018 0 1	0	1
	How do you make a count based on multiple fields? index=syslog \| eval length=len(field1) \| where length > 100 \| table field1,field2 I want to create a search that, i... by rotundwizard Explorer in Splunk Search 11-30-2018 0 1	0	1
	Need some clarification on search-time _meta field extraction. I have got a question about using _meta fields in the /opt/splunkforwarder/etc/system/local/inputs.conf of a Splunk ... by AndreAtNN New Member in Splunk Search 11-29-2018 0 4	0	4
	Why can't I do an eval with a rest call in a subsearch? Hi there, I'm trying to add a column to my base search that is the user currently logged into Splunk. This is a code... by nick405060 Motivator in Splunk Search 11-29-2018 0 5	0	5