Splunk Search

Community Activity

How to create a timechart based on index time? I'm trying to create a timechart to show when logs were ingested. Trying to use _indextime but it doesn't seem to be... by DEAD_BEEF Builder in Splunk Search 08-27-2018 0 3	0	3
How to capture type of events in fields based on single event type? Hi All , 1)How do you capture INFO/ERROR/WARN events using regular expression ? 2)How do you capture the rest of the ... by raj_mpl Path Finder in Splunk Search 08-27-2018 0 3	0	3
How do I search for low counts of specific user logons per host? I'm trying to do some least common occurance hunting in our environment, and would like to see if I can make a search... by rwmilligan Explorer in Splunk Search 08-27-2018 0 3	0	3
How do I search for all the IPs that are located in the domain controller? This is my first time using Splunk and I don't know many commands. I am looking for a command where I can get all the... by Esmeralda1 New Member in Splunk Search 08-27-2018 0 2	0	2
How to convert KB to MB? Hi I need to convert these 2 counters from KB to MB TotalSpaceKB=486757372 FreeSpaceKB=435455092 Do I have to divide ... by jip31 Motivator in Splunk Search 08-27-2018 0 4	0	4
Splunk7.1.2 でタイムゾーン・時刻ズレ／日時のデフォルトフィールド(date_xxxx)の不具合 Splunk 7.1.2でデータ取込みを行い、日時の不デフォルトフィールドを使って9:00～17:00以外の時間範囲というサーチを設定していました。 index=test_index date_hour>=9 AND date_ho... by cipherjake Explorer in Splunk Search 08-26-2018 0 1	0	1
mvexpand gives less results Now when i use mvexpand i just get 600 results in statistics, instead of getting 1412 alll the events as below: So ... by patilsh Explorer in Splunk Search 08-26-2018 0 5	0	5
How can I extract values starting with a specific name using regex? Hi All, Kindly help me with regex for below sample data. Its only a sample there might be some other pattern of data... by Shan Builder in Splunk Search 08-26-2018 0 6	0	6
Dynamic conditions composition into a search uses fields extracted from a lookup Hi to all, I would like to define a dynamic condition into a lookup, which uses the fields defined inside a search, ... by robertosegantin Path Finder in Splunk Search 08-26-2018 0 5	0	5
How do I convert the following data into a pivot table? With the following search index=msperf sourcetype="perfmon_processor_xml" \| xpath outfield=Architecture "//COMMAND/... by tamakg Path Finder in Splunk Search 08-26-2018 0 1	0	1
Why is the chart only valuing 15% above calculated average response? I've created a chart that only shows run times above a 60 day average and it's corresponding average, which works per... by fisuser1 Contributor in Splunk Search 08-26-2018 0 3	0	3
rex extract field not working as expected/ miss handling ")" in regex Hi I have a field with following value 16/08/2018 03:04:11 - Christian (Work notes) Remote Desktop Notes: - still u... by samlinsongguo Communicator in Splunk Search 08-25-2018 0 4	0	4
correlate between two sources hi i have tow devices, i want to check the result of the same event in tow devices. for example if one source is blo... by khanlarloo Explorer in Splunk Search 08-25-2018 0 2	0	2
How do you get events time interval as 15 minutes on timechart x-axis? Hi one and all, I have my log data as below for every 15min interval. 2018-08-23,16:16,11230,37393,49019 2018-08-23,... by prathapkcsc Explorer in Splunk Search 08-24-2018 0 3	0	3
What regex search could I use to find fields that contain exactly 6 digits? I need to search for fields that contain exactly 6 digits. For example, it should return fields that contain "123456... by Piggyy New Member in Splunk Search 08-24-2018 0 3	0	3
Why do I get a 400 stanza error when using a join command in searches? I tried to add a simple join onto my search but Splunk throws a 400 error {"messages":[{"type":"FATAL","text":"Miss... by tb5821 Communicator in Splunk Search 08-24-2018 1 4	1	4
How do I split _raw data into multiple table fields? I have the following data in _raw and I need to split the data at the semicolon into multiple fields in a table LOG ... by slord Engager in Splunk Search 08-24-2018 0 4	0	4
The command table does not show all fields My data : _time MODULE NOMBRE_DE_WA_ECRITS [...] 2016-07-18 20:02:37 MOD1... by splk_clheureux Explorer in Splunk Search 08-24-2018 1 5	1	5
How do I find missing information from query 2 and query 1 I am trying to find missing stores from query 2 in the below script. However, it returns no results, or all results d... by benj851 Explorer in Splunk Search 08-24-2018 0 6	0	6
Charts with positive and negative values Is it possible to have charts with both positive and negative values? For example, if I have a time series that can ... by bojanz Communicator in Splunk Search 08-24-2018 0 3	0	3
How to concatenate results from the same field? Hi, I want to concatenate results from same field into string. How can I do that? e..g \|inputlookup user.csv\| tabl... by praspai Path Finder in Splunk Search 08-24-2018 0 3	0	3
How can I compare sum(bytes) in two time period using sub-search? Hi. im new to Splunk. I'm trying to compare the sum(bytes) for an hour ago, and the same hour one week before by cer... by everynameIwanti Explorer in Splunk Search 08-24-2018 0 2	0	2
Can I use join by using multiple fields from the main search to match a single field on the subsearch? I have a search with the following table as output: time customer circuit_id parent_circuit device_card 8:1... by christopheryu Communicator in Splunk Search 08-24-2018 0 4	0	4
Extract string to use for lookup Need to do a lookup using the hostname field from my events data and an asset name from my asset/cmdb data. However, ... by malmiran Path Finder in Splunk Search 08-23-2018 0 5	0	5
How to use SPL to count the number of clients of a deployment server? We know we can see the number of clients on the Forwarder Management page of the deployment server, but I want to sho... by bestSplunker Contributor in Splunk Search 08-23-2018 0 1	0	1