Splunk Search

Community Activity

Bold x-value in column chart Hi everyone , I am creating a column chart for a bunch of country. The country names appear to be very small and hard... by rosehoang Engager in Splunk Search 07-11-2018 1 1	1	1
files are not picked within 30 minutes Hi All, I have scenario. File will placed by one applicationA on below folder , Same file will be picked by another ... by samani27 Observer in Splunk Search 07-11-2018 0 1	0	1
Is it possible to display the results of a search in a table visualization with a scroll bar instead of pages of events? Is it possible to display the results of a search in a table with a scroll bar instead of pages of data? I want to di... by clwizard Engager in Splunk Search 07-11-2018 1 1	1	1
How can I break events in my search? Hi, Trying to break events and can't figure this one out. I receive a bunch of events in a single line, I want to b... by patouellet Path Finder in Splunk Search 07-11-2018 0 7	0	7
Why are users getting different data for the same query? I recently overheard someone asking this and I thought it was worth reposting on here for others' benefit. Essential... by sloshburch Ultra Champion in Splunk Search 07-11-2018 1 5	1	5
How to outputlookup historic IP activity / userID and create an alert that will occur if the IP address is not on the historic IP activity list? I am trying to monitor an application where remote users with different GeoLoc(s) and unique sourceIP(s) login and in... by Log_wrangler Builder in Splunk Search 07-11-2018 0 9	0	9
What is the difference between rare vs stats values(field) count? Hi, I'm trying to find least common agent useing two commands: 1) sourcetype=access_combined\| rare useragent 2) sou... by danielwysockiar Explorer in Splunk Search 07-11-2018 0 5	0	5
Automatic Lookup not working I've followed http://docs.splunk.com/Documentation/Splunk/latest/User/CreateAndConfigureFieldLookups and looked at pl... by gokulakrishnans Explorer in Splunk Search 07-11-2018 1 2	1	2
Perform stats count based on the value of a field What I am looking to do is something of this nature: \| stats count(eval(if(action=success))), count(eval(if(action=f... by JeffBothel Explorer in Splunk Search 07-11-2018 1 8	1	8
Display hosts with no data Currently, I have a search where I'm looking for a specific string in a set of logs across a large number of hosts (6... by sepkarimpour Path Finder in Splunk Search 07-11-2018 0 11	0	11
Splunk SH Cluster with HAProxy configuration FYI, posting our config setting to make a 3-node Splunk SH cluster work with HAProxy (1.5.18) using pure TCP and usin... by perfecto25 Path Finder in Splunk Search 07-11-2018 0 0	0	0
How to drill down with readable format of date and NOT EPOCHs? I have a search index=abc sourcetype=xyz \| bucket created_time span=1w \| stats count by date_epoch \| eval date_reada... by joydeep741 Path Finder in Splunk Search 07-11-2018 0 8	0	8
How to merge eventcount output of indexes with stats call to max(_indextime)? I want to query splunk so that it can find all index names that do not have _ at the beginning and query for the max(... by evuk Engager in Splunk Search 07-11-2018 0 8	0	8
Conditional Eval based on value in the field I am trying to use transaction command to correlate two event types. I need to correlate events based on value in "id... by abhisheks2412 New Member in Splunk Search 07-11-2018 0 3	0	3
incomprehensible value of Scancount Hi, I have this SPL request in a search : index=<my_index> (url_host="yqe-tractors.stenchkrzl.xyz" OR url_host="ste... by Naaba New Member in Splunk Search 07-11-2018 0 0	0	0
What will be the Regex for the below? How to capture all the below in one variable using Regex. Below is the sample. Each line is a separate value and in a... by abhi04 Communicator in Splunk Search 07-11-2018 0 4	0	4
Combining field names into one new result name Hi, I'm trying to combine results of varying operating systems into one, for example: Microsoft Windows Server 2008... by Grant007701 New Member in Splunk Search 07-11-2018 0 4	0	4
INDEXED_EXTRACTIONS error in splunkd.log Can you please advise, what do I do if my Splunk complains often (every couple minutes) in splunkd.log in production ... by znaesh Path Finder in Splunk Search 07-11-2018 0 4	0	4
How to get an accurate count of total users logged into Splunk today? Hi, I am planning to display the distinct count of users logged into Splunk today. I came across, following two sear... by uddhav New Member in Splunk Search 07-11-2018 0 1	0	1
Display search result as a read-only text box or a small sized table I have a dashboard with a drop-down that will have a list of values populated to it. When the user selects a value fr... by sh254087 Communicator in Splunk Search 07-11-2018 0 3	0	3
Why am I getting an error on this timechart syntax when trying to display two curves? Hello I need help to display two curves in my chart and the 2 curves refer to host="$field1$ and host="$field2$ So I ... by jip31 Motivator in Splunk Search 07-11-2018 0 3	0	3
How to remove a row from lookup table and update it? Hi, I wonder whether someone may be able to help me please. I have created in a separate search with a lookup table... by nazanin2016 Path Finder in Splunk Search 07-11-2018 1 9	1	9
How to get 3rd word using regex? Hi, City:{city1: 4, city2: 3, city3: 2, city4: 5} I used this regex to get the 3rd word from the above line: (?<"C... by saranyaa21 Path Finder in Splunk Search 07-11-2018 0 16	0	16
How to outputlookup historic IP activity / userID and create an alert that will occur if the IP address is not on the historic IP activity list? (PART 2) I created this PART 2 as the previous thread is getting long. Recap: I am trying to monitor login behavior to an on... by Log_wrangler Builder in Splunk Search 07-10-2018 0 0	0	0
Sub Search Limit Any ideas on how I can get around the 10k subsearch limit? This search is quick, and works fine, however I'm hitting... by Kendo213 Communicator in Splunk Search 07-10-2018 0 5	0	5