Splunk Search

Community Activity

Query running time I want to run a query every 5 minutes starting from today 7 AM to next day 5 AM and so on. Throughout my run earliest... by Kwip Contributor in Splunk Search 08-03-2018 0 13	0	13
With regular expression how to auto extract JSON elements? I've created a Field Transform that attempts to extract all JSON key-value pairs, via the following regex: (?:\"\|\'... by dijikul Communicator in Splunk Search 08-03-2018 0 20	0	20
Are there any good lispy docs out there? Has anyone come across any good references or resource material explaining lispy? This is visible from the search in... by Lowell Super Champion in Splunk Search 08-03-2018 0 2	0	2
Reload commands.conf without restarting splunk Is there a way where I do not have to restart splunk to enable a new custom search command? How to reload commands.co... by lpolo Motivator in Splunk Search 08-03-2018 0 3	0	3
Displaying stats count as single value but with sparkline and trend indicator Hi fellow Splunkers, I've read Single Value support docs and it seems to have distinct application for Stats or Timec... by eddychuah Path Finder in Splunk Search 08-03-2018 1 7	1	7
Can splunk interface with an OLAP SQL Server instance? I can use DBConnect to acquire data from SQL Server OLTP databases into splunk. Is there a similar app to connect to ... by kenhausman Engager in Splunk Search 08-03-2018 3 2	3	2
CSV lookup with multiple values for one field Hi! I'm pulling events from a monitoring system and these events only contains an id for the host/server being down. ... by epacke Path Finder in Splunk Search 08-03-2018 0 1	0	1
Is it possible to show a custom tooltip whenever a user hovers over a slice of a pie chart, or column in a bar chart using Simple XML with splunk js? Is it possible to show a custom tooltip whenever a user hovers over a slice of a pie chart, or column in a bar chart?... by lyndac Contributor in Splunk Search 08-02-2018 2 10	2	10
How can I sort the split columns in this pivot? Hello I have a dataset that I created along with a pivot table. the table has a split column called RR_Score which i... by tkwaller_2 Communicator in Splunk Search 08-02-2018 0 3	0	3
How to run a macro with a group by field? I have a macro that I want to run on multiple subsets of a data source (a group-by field). I can set up the search m... by wcooper003 Communicator in Splunk Search 08-02-2018 0 4	0	4
Extract Multiple String Values from Key I am looking to return the multiple values I have on my dashboard currently only one shows up. Here is an example: Ke... by ebkeys94 Engager in Splunk Search 08-02-2018 0 2	0	2
How to create a regex for multiple headers and header values? I'm still not overly comfortable with regex and this has completely stumped me so I'm looking for help. I'm trying t... by kmaron Motivator in Splunk Search 08-02-2018 0 20	0	20
Which capability I should have to be able to rerun the search request? I know that admin role has rerun button next to the error message "The search you requested could not be found." for ... by hun1ahpu New Member in Splunk Search 08-02-2018 0 1	0	1
All Search that I do show message Partial results? I have a test environment on my machine with my DEV license however any search I have to do on that Splunk after abou... by justodaniel Path Finder in Splunk Search 08-02-2018 0 1	0	1
rex extration with double quotes "ContactId":"12345" and i have tried rex "\"ContactId\":\"(?[0-9]*)\"" and no result.. please help.. what did i... by mwibowo1 New Member in Splunk Search 08-02-2018 0 12	0	12
Why is Lookup before transforming command not producing any results? I have a network attributes sheet which contains all the details of the network devices across the enterprise, and i ... by macadminrohit Contributor in Splunk Search 08-02-2018 0 2	0	2
display start and endtime in results I would like to write a query which will start with starttime=06/08/2018:00:00:00 endtime=06/08/2018:00:01:00 index=... by dtakacssplunk Explorer in Splunk Search 08-02-2018 0 7	0	7
tstats not showing results for Splunk DB Input I have a Splunk DataBase Input which is sending logs to Splunk by DB Connect app. I am trying to use tstats command o... by siva_cg Path Finder in Splunk Search 08-02-2018 0 2	0	2
How to arrange table values according to the time present in a log file? I have a created table using query source="logfile1.log" OR source="logfile2.log" OR source="3logfile3.zip:*" Cycle... by rajeswarir New Member in Splunk Search 08-02-2018 0 5	0	5
uniq command usage Hi , i have a events based on such a flow : every transaction id has 4 logpoints (logpoint is a field) : request-in... by Mohsin123 Path Finder in Splunk Search 08-02-2018 0 16	0	16
How can I get the list of saved realtime searches and alerts as my disptach is filling up every now and then Hi, I want to have list of all saved realtime searches and alerts as my dispatch is filling up every now and then. I... by Amandeepsin New Member in Splunk Search 08-02-2018 0 1	0	1
Identify users and searches searching over all time Is there a way to query the internal logs to see the timeframe over which searches ran specifically if they were run ... by jklumpp_splunk Splunk Employee in Splunk Search 08-02-2018 1 6	1	6
How to Timechart for only the 10 highest counted values? I am monitoring access logs for various endpoints (which I denote as path), and in each event I have some data includ... by dsitek Explorer in Splunk Search 08-01-2018 1 10	1	10
Windows Event Query Hi, I am having some difficulty creating an alert with the following criteria: EventCode 4769 AND multiple requests ... by mnakhuda New Member in Splunk Search 08-01-2018 0 3	0	3
How can I get the results of merging? There are two result sets , How can I get the results of merging? and how does command (join) use？ by flzhang132 Explorer in Splunk Search 08-01-2018 1 1	1	1