Splunk Search

Community Activity

Today count match with same day in last week and prior week Hi Experts, Below is my search, index=something source=something "error" \| stats count I want to create an alert f... by john_q Explorer in Splunk Search 08-04-2018 0 8	0	8
How to break the XML file into multiple events from search head? Hi All, I have indexed the XML file without breaking it into events, I need to break the events using on tag. Hence ... by nasrinmulani New Member in Splunk Search 08-04-2018 0 11	0	11
error of calculate in field of Lookup with the use strptime Hi, I have an alert if time is greater that the field end Time. The time field I extrated it from the log and fie... by Carolina Engager in Splunk Search 08-03-2018 0 4	0	4
What will be the Regex for creating the below alert? I have below two events which I hav separated by "=" line for better view.I want to extract the below mentioned lines... by abhi04 Communicator in Splunk Search 08-03-2018 0 12	0	12
How to list multiple fields separately and calculate stats? good afternoon It is possible to group in a variable the state of multiple fields? Currently I have several fields a... by efaundez Path Finder in Splunk Search 08-03-2018 0 8	0	8
What is the distinction between "events" versus "results"? I hear people talk about the difference between "events" and "results" in Splunk. What is the exact difference and wh... by LukeMurphey Champion in Splunk Search 08-03-2018 0 1	0	1
Better way to track sequence of web logs other than transaction command I am using the transaction command to follow the sequence of a successful WordPress login (and the URIs the user hits... by jwalzerpitt Influencer in Splunk Search 08-03-2018 0 2	0	2
Query running time I want to run a query every 5 minutes starting from today 7 AM to next day 5 AM and so on. Throughout my run earliest... by Kwip Contributor in Splunk Search 08-03-2018 0 13	0	13
With regular expression how to auto extract JSON elements? I've created a Field Transform that attempts to extract all JSON key-value pairs, via the following regex: (?:\"\|\'... by dijikul Communicator in Splunk Search 08-03-2018 0 20	0	20
Are there any good lispy docs out there? Has anyone come across any good references or resource material explaining lispy? This is visible from the search in... by Lowell Super Champion in Splunk Search 08-03-2018 0 2	0	2
Reload commands.conf without restarting splunk Is there a way where I do not have to restart splunk to enable a new custom search command? How to reload commands.co... by lpolo Motivator in Splunk Search 08-03-2018 0 3	0	3
Displaying stats count as single value but with sparkline and trend indicator Hi fellow Splunkers, I've read Single Value support docs and it seems to have distinct application for Stats or Timec... by eddychuah Path Finder in Splunk Search 08-03-2018 1 7	1	7
Can splunk interface with an OLAP SQL Server instance? I can use DBConnect to acquire data from SQL Server OLTP databases into splunk. Is there a similar app to connect to ... by kenhausman Engager in Splunk Search 08-03-2018 3 2	3	2
CSV lookup with multiple values for one field Hi! I'm pulling events from a monitoring system and these events only contains an id for the host/server being down. ... by epacke Path Finder in Splunk Search 08-03-2018 0 1	0	1
Is it possible to show a custom tooltip whenever a user hovers over a slice of a pie chart, or column in a bar chart using Simple XML with splunk js? Is it possible to show a custom tooltip whenever a user hovers over a slice of a pie chart, or column in a bar chart?... by lyndac Contributor in Splunk Search 08-02-2018 2 10	2	10
How can I sort the split columns in this pivot? Hello I have a dataset that I created along with a pivot table. the table has a split column called RR_Score which i... by tkwaller_2 Communicator in Splunk Search 08-02-2018 0 3	0	3
How to run a macro with a group by field? I have a macro that I want to run on multiple subsets of a data source (a group-by field). I can set up the search m... by wcooper003 Communicator in Splunk Search 08-02-2018 0 4	0	4
Extract Multiple String Values from Key I am looking to return the multiple values I have on my dashboard currently only one shows up. Here is an example: Ke... by ebkeys94 Engager in Splunk Search 08-02-2018 0 2	0	2
How to create a regex for multiple headers and header values? I'm still not overly comfortable with regex and this has completely stumped me so I'm looking for help. I'm trying t... by kmaron Motivator in Splunk Search 08-02-2018 0 20	0	20
Which capability I should have to be able to rerun the search request? I know that admin role has rerun button next to the error message "The search you requested could not be found." for ... by hun1ahpu New Member in Splunk Search 08-02-2018 0 1	0	1
All Search that I do show message Partial results? I have a test environment on my machine with my DEV license however any search I have to do on that Splunk after abou... by justodaniel Path Finder in Splunk Search 08-02-2018 0 1	0	1
rex extration with double quotes "ContactId":"12345" and i have tried rex "\"ContactId\":\"(?[0-9]*)\"" and no result.. please help.. what did i... by mwibowo1 New Member in Splunk Search 08-02-2018 0 12	0	12
Why is Lookup before transforming command not producing any results? I have a network attributes sheet which contains all the details of the network devices across the enterprise, and i ... by macadminrohit Contributor in Splunk Search 08-02-2018 0 2	0	2
display start and endtime in results I would like to write a query which will start with starttime=06/08/2018:00:00:00 endtime=06/08/2018:00:01:00 index=... by dtakacssplunk Explorer in Splunk Search 08-02-2018 0 7	0	7
tstats not showing results for Splunk DB Input I have a Splunk DataBase Input which is sending logs to Splunk by DB Connect app. I am trying to use tstats command o... by siva_cg Path Finder in Splunk Search 08-02-2018 0 2	0	2