Splunk Search

Community Activity

Using a lookup to translate an IP to host name which can then be used in a search where only hostnames populate the field Hi, I am trying to create a dashboard where a user can use either a hostname or IP address to search through Windows... by gerald_contrera Path Finder in Splunk Search 11-22-2018 0 3	0	3
How do we include our "app" assets on every page within an application? How do we include our "app" assets on every page within an application, we can pre-compile the components to use in a... by lucasfbeinjamin Path Finder in Splunk Search 11-22-2018 0 0	0	0
Accessing data become slow over time Hello, I am uploading few logs to Splunk and accessing the data using complex tstat query. After few minutes of uplo... by AKG1_old1 Builder in Splunk Search 11-22-2018 0 0	0	0
Why won't my multiple "eval if match" expressions work? Hi I'm trying to check a field for an OS. If Windows, then replace the entire field with "Windows". If mac is found,... by jsven7 Communicator in Splunk Search 11-22-2018 1 14	1	14
How to get the values for time_hour? I have a below query, which displays the Success, Failure, Total and Failure_Percent by time_hour. It only displays t... by abhi04 Communicator in Splunk Search 11-22-2018 0 1	0	1
Generating statistics from combined fields using rex Hi, I'm having difficulty creating a splunk query which generates an overview of field combinations using regular ex... by josipj New Member in Splunk Search 11-21-2018 0 1	0	1
Extract Field from Multiple lines of 1 event I have an event that I'm trying to extract the Email address between "Forwarding Address: " and ", Verification" The... by rwiltzius2 Engager in Splunk Search 11-21-2018 0 14	0	14
How do I append event(s) fields to a separate event based on two timestamps? Hello, I have two sets of data: Trip Metadata(A) and Individual Trip Coordinates(B). Set A fields: - StartTime -... by kligms Engager in Splunk Search 11-21-2018 0 4	0	4
How do I create a Splunk query that generates an overview of field combinations? Hi, I'm having difficulty creating a Splunk query that generates an overview of field combinations using regular exp... by josipj New Member in Splunk Search 11-21-2018 0 1	0	1
How can I merge two columns in a timechart? I'm using the timechart command and I have a chart that looks something like this: _time ... by alanzchan Path Finder in Splunk Search 11-21-2018 0 10	0	10
Over a week's timespan, how do I display how many restarts are happening per day on a host? I am getting a bunch of nulls in my results and I'm not sure why. I am trying to build a graph that will show over a ... by orchapellico Explorer in Splunk Search 11-21-2018 0 5	0	5
How do you use the where clause in a cluster map? I'm trying to make a cluster map in Splunk by their IP address. I grouped the IP by id number, and I want to only s... by everynameIwanti Explorer in Splunk Search 11-21-2018 0 1	0	1
Can you help me design an event count summary? Currently, we have about 100 applications writing about 50 million events to a logging index/sourcetype per day. It w... by tjago11 Communicator in Splunk Search 11-21-2018 0 4	0	4
How do you compare the last two recent events for different devices sending data to Splunk? Hey, i have different devices that are sending temperature data to my Splunk instance. For alarming, I want to compa... by hypePG Path Finder in Splunk Search 11-21-2018 0 3	0	3
How to group events and extract a field when grouped events contain a specific value? We have some overnight jobs that run and log out to Splunk. On top of this, we have a dashboard which groups by the ... by kevinkuszyk Engager in Splunk Search 11-21-2018 0 3	0	3
Why are my events not in time order? We just upgraded our Splunk server to version 7.0. I created a query that has a time range Between 05/19/2018 04:28:0... by iqtroy New Member in Splunk Search 11-21-2018 0 5	0	5
Search returning duplicated/wrong results after upgrading to 7.1 For some reason, after upgrading Splunk to 7.1 some searches no longer return the results for certain days; instead o... by jmangs Explorer in Splunk Search 11-21-2018 3 8	3	8
Field name getting reflected in the same field value While listing out the values of a field in a table, the name of the field is getting listed in the field values. does... by qbolbk59 Path Finder in Splunk Search 11-21-2018 0 6	0	6
Filter consumed event types and/or collect start date? Hi, Is it possible to configure this app to only collect logs from a particular start date as opposed to all histori... by snort80 Explorer in Splunk Search 11-21-2018 0 0	0	0
Create data table conditinally My logs are below content : Export of US successfully transferred to FR Import successfully ended on US from export ... by dhirendra761 Contributor in Splunk Search 11-21-2018 0 1	0	1
How do I rename a hostname in Splunk? Hi, How do I rename hostname in Splunk? I am trying to enroll a particular syslog in Splunk. I want to rename a host... by dbashyam Explorer in Splunk Search 11-21-2018 0 3	0	3
Sorting the data values in a stacked timechart How do I order the horizontal slices in a stacked timechart by value? The working search string looks like this: ti... by adrianblakey New Member in Splunk Search 11-21-2018 0 1	0	1
How do you rename count of field values conditionally? Hi, I have below data in below format using stats count command Date - FR GE SP UK NULL 16/11/18 ... by dhirendra761 Contributor in Splunk Search 11-20-2018 0 4	0	4
How do I combine multiple rex commands into a single one? Hello, I am working with some unstructured data so I'm using the rex command to get some fields out of it. I need th... by andrewtrobec Motivator in Splunk Search 11-20-2018 0 5	0	5
Can you help me build a regex that extracts an IP Address from a log message? How do I extract an IP address from a log message using regex? All the four octets need to be pulled at a time, rex... by gokikrishnan198 New Member in Splunk Search 11-20-2018 0 3	0	3