Splunk Search

Community Activity

Changing the now() reference point before running a saved search Is it possible to change the value of now (or the reference point it uses) so that I can back-date and run a saved se... by Kindred Path Finder in Splunk Search 09-18-2018 0 3	0	3
How do you present an All Green Dashboard when no alerts have been triggered? I have a requirement to present a management dashboard that shows the number of alerts triggered for any clients, but... by kozanic_FF Path Finder in Splunk Search 09-18-2018 0 4	0	4
Searching two indexes to compare and show the difference index="proxy_logs" category="none" \| top category, protocol, url, cs_Referer limit=1000 \| eval results = if(match(u... by SGun Explorer in Splunk Search 09-18-2018 0 6	0	6
How do you create a total column in a chart? Hi, I'm pretty new to Splunk and have been playing around with it. index=sse_cae_summary_idx new_sourcetype=sse_al... by barrowvian Explorer in Splunk Search 09-18-2018 1 6	1	6
How to search only events based on values from a field in lookup file? Lookup file jobsla.csv: Contains start and end batch jobnames for different apps, frequency the jobs will run on(like... by naraininfy Explorer in Splunk Search 09-17-2018 0 8	0	8
How do you use a range with the where command? TransactionName=WPP* \| stats count(TransactionStatus) as TOTAL count(eval(TransactionStatus == "true")) as SUCCESS c... by rsm1444 New Member in Splunk Search 09-17-2018 0 5	0	5
How do you search to return a table of only fields that change between events? Lets say I have a query that returns all of the updates for a given bug ID. This returns a result set for the specif... by smahone11 Engager in Splunk Search 09-17-2018 0 5	0	5
How do you remove all duplicate events from a search? I have two indexes, A and B. Events are copied using the \|collect command from Index A to index B. Later, I am trying... by strickland12345 Explorer in Splunk Search 09-17-2018 0 23	0	23
Why is the following regex expression not matching as expected? I have a field user= xyz\user11 and i need to match user11 ignoring xyz in the user filed below is the regex expres... by SunilMaharishi Path Finder in Splunk Search 09-17-2018 0 3	0	3
Best way to publish a live dashboard that does not allow the logged in user to search other data, and has a persistent login. I'm trying to put a dashboard on a TV in a high traffic hallway with people that aren't allowed to search the other i... by bgagliardi1 Path Finder in Splunk Search 09-17-2018 0 3	0	3
How do you use multiple y-axis fields while using the xyseries command? I have a static table data which gives me the results in the format like ERRORCODE(Y-Axis) and When It happens(_time... by rshivakrishna New Member in Splunk Search 09-17-2018 0 1	0	1
Why is tstats command with eval not working on a particular field? hi, I am trying to combine results into two categories based of an eval statement. The original query returns the... by nmohammed Builder in Splunk Search 09-17-2018 0 3	0	3
Enable FTP How do I enable FTP? (I know how to capture the logs after they are FTP'd to us) We have devices that cannot have a... by Michael_Schyma1 Contributor in Splunk Search 09-17-2018 0 10	0	10
How do I use a comparison search to find all devices not reporting to Splunk? I am trying to find all devices not reporting into splunk via a qualys scan of our DMZ and searching against all inde... by edwardrose Contributor in Splunk Search 09-17-2018 0 4	0	4
Can you use a regex in serverclass.conf? Trying to filter out a specific type of device type, by host name, in serverclass.conf. Currently all our tablets ar... by stcrispan Communicator in Splunk Search 09-17-2018 0 6	0	6
How do you count the difference in an ongoing count for a given time period? I have a JMX search going on which tracks orders placed every 30 seconds. index=dot_jmx mbean_property_destinationNa... by stcrispan Communicator in Splunk Search 09-17-2018 0 16	0	16
In a chart count where days are the column header, how do I get the days to list in chronological order? I'm trying to get a table where "Days" are the column headers (chronologically) and hours are the row headers that sh... by rossblassingame New Member in Splunk Search 09-17-2018 0 2	0	2
What does "P" stand for in regular expression query? I am trying to understand more about a regular expression query used in Splunk. what does character P stands for in t... by pradjswl Explorer in Splunk Search 09-17-2018 0 3	0	3
Why are two of my columns empty in a table returned by a lookup file with multiple fields? I used a lookup file which is configuring like this field1, field2, field3, field4 value1, value2, value3, value4 v... by faribole Path Finder in Splunk Search 09-17-2018 0 2	0	2
How do I combine 3 searches? I have search1 which is a join of 2 different log sources ( S1 , S2 ). After joining these sources, I used rex to ext... by USER78 New Member in Splunk Search 09-16-2018 0 0	0	0
Transpose command causes other columns to be displayed as rows? I am having issues with the QuestionText fields in my query below. I am trying to take all the QuestionText entries a... by rkassabov Path Finder in Splunk Search 09-16-2018 0 0	0	0
How to rebuild Timeline custom visualization app in windows? Need to change the date format for timeline graph and found solution. Accordingly updated the 2 js file for the app a... by sunith35 Engager in Splunk Search 09-16-2018 0 1	0	1
Can you help me with my table count? Hello, I use the table count below : index="wineventlog" sourcetype="wineventlog:" SourceName="" Type="Critique" ... by jip31 Motivator in Splunk Search 09-16-2018 0 5	0	5
count events from a radio button choice issue Hello I use the code below in order to display the events corresponding to these event code index="windows" sour... by jip31 Motivator in Splunk Search 09-16-2018 0 7	0	7
How do I extract farm name from IIS logs to a table? I'm Trying to run a table on IIS logs. The farm is https://sp001, examples below)... However, within the farm we hav... by smudge797 Path Finder in Splunk Search 09-15-2018 0 3	0	3