Splunk Search

Community Activity

Automatic field extractions best practices on Splunk Cloud We have a number of different log types, but many of which contain similar fields. I understand the it is preferred t... by ohookins New Member in Splunk Search 07-09-2018 0 1	0	1
how to calculate a running average of events by user for 'All time' (Part 2) I am looking for a way to compare an hourly ave(count) with the All time historic average. Below is a sample query p... by Log_wrangler Builder in Splunk Search 07-09-2018 1 12	1	12
How to convert time as DD:HH:MM:SS How can I convert 2+12:54:32 as 2:12:54:32 (2 days 12 hours 54 minutes 32 seconds) Current search is this : \| eval... by Sp3ctre1 New Member in Splunk Search 07-09-2018 0 1	0	1
How to create a timechart with unit field values in nanoseconds which is based on a token filter? Hello I want t to do a timechart with unit field values in nanoseconds and based on a token filter $field$ The timec... by jip31 Motivator in Splunk Search 07-09-2018 0 4	0	4
Rawdata may be corrupt Hi anyone and everyone, Please could somebody help. I have been using Splunk for the past 2 and a half years. I am ... by profileaudio New Member in Splunk Search 07-08-2018 0 3	0	3
How to edit the search_mrsparkle's, viz_editor_schema.js Hi all, I've edited the viz_editor_schema.js to change the maximum limit of rows displayed of a statistic table, I d... by mjlsnombrado Communicator in Splunk Search 07-08-2018 0 8	0	8
Events Indexed Only For Specific Days Hi all, I have configured Splunk to poll a REST API to pull certain events. The message is in JSON format, and after ... by claudio_palmeri Explorer in Splunk Search 07-08-2018 0 2	0	2
Transpose and Group By? I am currently trying to format the amount of memory used by each node during a given time in a way that I could crea... by SudeepDell New Member in Splunk Search 07-08-2018 0 3	0	3
What are the differences between append, appendpipe, and appendcols search commands? I know that there is a splunk documentation page for the append command, but I have not found any splunk documentatio... by landen99 Motivator in Splunk Search 07-08-2018 12 15	12	15
How can I create a new_column based on new_column(row-1 previous row) and another_column condition? Hi, I'm fairly new to Splunk and lately I've tried to create a new_column trying to do the following condition: if(... by theocarvalho Engager in Splunk Search 07-07-2018 1 3	1	3
line break help with incoming logging data I've tried several attempts at fixing this incoming line data. Looks to be pretty straight forward, but splunk is ing... by joesrepsol Path Finder in Splunk Search 07-06-2018 0 7	0	7
How to add to a lookup csv without having to delete the old and create it again? I have a lookup table file csv. Every now and then I have to add a couple of domains to it along with a hard coded ... by Log_wrangler Builder in Splunk Search 07-06-2018 0 4	0	4
How do you resolve the error "The lookup table 'windows_event_descriptions' does not exist"? Running Splunk 6.2.4. Search results are displayed but message says "22 errors occured while the search was executing... by jjryanjj New Member in Splunk Search 07-06-2018 0 9	0	9
DispatchThread: Search auto-finalized after disk usage limit (500mb) reached One of our Splunk users is running the following search: index=customindex fieldip!=10.0.0.0/8 fieldip!="0.0.0.0" \|... by mlevsh Builder in Splunk Search 07-06-2018 0 3	0	3
Brute Force Alarm Hello, I do a alarm that detects 10 logins in one minute, but i need to detect this 10 logins from the same ip in 1 ... by Isaor New Member in Splunk Search 07-06-2018 0 2	0	2
How to divide events in a field by events in another field? I want to divide events in one field by events in another field that would then display in a dashboard as a single va... by Ragate Explorer in Splunk Search 07-06-2018 0 2	0	2
downloading the Jobs that are being executed I would like to download all the jobs that are being executed currently / if possible in past. Something like the Jo... by dtakacssplunk Explorer in Splunk Search 07-06-2018 0 1	0	1
Compare stats of current day with previous day Hi all! I am currently getting stats of current day as followed Port Count 25 25 443 75 53 990 I wan... by aqudoos Explorer in Splunk Search 07-06-2018 0 3	0	3
Help with evaluating date Hi all, Struggling to get my Service Now times to evaluate just tickets older than 30 days. The date picker isn't p... by gabarrygowin Path Finder in Splunk Search 07-06-2018 0 3	0	3
sourcetypes comparison for the similar data with varies filed names I had 2 different sourcetypes on each contains the Domain, hostname,ipaddress sourcer1 having data like. Domain... by svemurilv Path Finder in Splunk Search 07-06-2018 0 3	0	3
How to do a timechart of a week with a timewrap on the previous year? Hi ! I am trying to display a timechart that gives the data of a week, and the data of the same week but one year ear... by Clovisa Path Finder in Splunk Search 07-06-2018 0 3	0	3
How to search data for a unique user count by date? Hi, I am completely new to Splunk and I have a specific need to address so please be patient with my newbie incompet... by NealM New Member in Splunk Search 07-06-2018 0 5	0	5
Merging Splunk Searches Hi Pros, I want to merge results of two queries together and need some help in achieving the best possible way to do... by memow8 New Member in Splunk Search 07-06-2018 0 1	0	1
Exclude non-standard IIS result codes I am trying to get a chart of IIS result codes (mapped as sc_status) and ignore crap data. For example, one of the r... by drultima New Member in Splunk Search 07-06-2018 0 2	0	2
Grouping Errors extracted with field extraction for to run trasform commands Hi All, I am trying to group different errors that i have extracted to run transform commands, like stats, chart, e... by VI371887 Path Finder in Splunk Search 07-06-2018 0 1	0	1