Splunk Search

Community Activity

Display hosts with no data Currently, I have a search where I'm looking for a specific string in a set of logs across a large number of hosts (6... by sepkarimpour Path Finder in Splunk Search 07-11-2018 0 11	0	11
Splunk SH Cluster with HAProxy configuration FYI, posting our config setting to make a 3-node Splunk SH cluster work with HAProxy (1.5.18) using pure TCP and usin... by perfecto25 Path Finder in Splunk Search 07-11-2018 0 0	0	0
How to drill down with readable format of date and NOT EPOCHs? I have a search index=abc sourcetype=xyz \| bucket created_time span=1w \| stats count by date_epoch \| eval date_reada... by joydeep741 Path Finder in Splunk Search 07-11-2018 0 8	0	8
How to merge eventcount output of indexes with stats call to max(_indextime)? I want to query splunk so that it can find all index names that do not have _ at the beginning and query for the max(... by evuk Engager in Splunk Search 07-11-2018 0 8	0	8
Conditional Eval based on value in the field I am trying to use transaction command to correlate two event types. I need to correlate events based on value in "id... by abhisheks2412 New Member in Splunk Search 07-11-2018 0 3	0	3
incomprehensible value of Scancount Hi, I have this SPL request in a search : index=<my_index> (url_host="yqe-tractors.stenchkrzl.xyz" OR url_host="ste... by Naaba New Member in Splunk Search 07-11-2018 0 0	0	0
What will be the Regex for the below? How to capture all the below in one variable using Regex. Below is the sample. Each line is a separate value and in a... by abhi04 Communicator in Splunk Search 07-11-2018 0 4	0	4
Combining field names into one new result name Hi, I'm trying to combine results of varying operating systems into one, for example: Microsoft Windows Server 2008... by Grant007701 New Member in Splunk Search 07-11-2018 0 4	0	4
INDEXED_EXTRACTIONS error in splunkd.log Can you please advise, what do I do if my Splunk complains often (every couple minutes) in splunkd.log in production ... by znaesh Path Finder in Splunk Search 07-11-2018 0 4	0	4
How to get an accurate count of total users logged into Splunk today? Hi, I am planning to display the distinct count of users logged into Splunk today. I came across, following two sear... by uddhav New Member in Splunk Search 07-11-2018 0 1	0	1
Display search result as a read-only text box or a small sized table I have a dashboard with a drop-down that will have a list of values populated to it. When the user selects a value fr... by sh254087 Communicator in Splunk Search 07-11-2018 0 3	0	3
Why am I getting an error on this timechart syntax when trying to display two curves? Hello I need help to display two curves in my chart and the 2 curves refer to host="$field1$ and host="$field2$ So I ... by jip31 Motivator in Splunk Search 07-11-2018 0 3	0	3
How to remove a row from lookup table and update it? Hi, I wonder whether someone may be able to help me please. I have created in a separate search with a lookup table... by nazanin2016 Path Finder in Splunk Search 07-11-2018 1 9	1	9
How to get 3rd word using regex? Hi, City:{city1: 4, city2: 3, city3: 2, city4: 5} I used this regex to get the 3rd word from the above line: (?<"C... by saranyaa21 Path Finder in Splunk Search 07-11-2018 0 16	0	16
How to outputlookup historic IP activity / userID and create an alert that will occur if the IP address is not on the historic IP activity list? (PART 2) I created this PART 2 as the previous thread is getting long. Recap: I am trying to monitor login behavior to an on... by Log_wrangler Builder in Splunk Search 07-10-2018 0 0	0	0
Sub Search Limit Any ideas on how I can get around the 10k subsearch limit? This search is quick, and works fine, however I'm hitting... by Kendo213 Communicator in Splunk Search 07-10-2018 0 5	0	5
Why is stats avg() not putting in zeros by _time? I am trying to see the average users by day but when there are no events or users for a certain day the _time field d... by kdimaria Communicator in Splunk Search 07-10-2018 0 2	0	2
How to plot a chart or graph based on the number of 500 errors occured for services? I have extracted the 500 error as "server_error" and I want to count the total number of server_error by host and sh... by navd New Member in Splunk Search 07-10-2018 0 1	0	1
continue search logic when first search returns 0 results Is there a way I can continue my search when first search returns 0 events. Returning 0 events is a valid scenario in... by brdr Contributor in Splunk Search 07-10-2018 0 2	0	2
How to retrieve a field value for which no event exists containing another field value? Hello, I would like to perform a search that return only a particular field value for which i don't find in any othe... by laconix New Member in Splunk Search 07-10-2018 0 9	0	9
How to extract fields from a JSON file from Google Analytics API? Hi dear Splunkers I have the following JSON given by a REST calling at Google Analytics: {"kind":"analytics#realtim... by satkumvnr New Member in Splunk Search 07-10-2018 0 1	0	1
Why is the splunk eval case with special characters not working? Hi everyone, when I try to use the following command, it always gives in CA_flag as "Other" although lower_Ticket_De... by Chandras11 Communicator in Splunk Search 07-10-2018 0 6	0	6
Difficulty with transaction keeporphans and stats Hello, I have someone with logs looking a bit like this: QuoA, started QuoB, started QuoC, started QuoB, ended QuoC,... by yanlajeunesse Explorer in Splunk Search 07-10-2018 0 0	0	0
extract message field from JSON trying to extract the msg field from an azure blob which uses the _json sourcetype - the msg : field shows as one lon... by Esky73 Builder in Splunk Search 07-10-2018 0 3	0	3
Splunk fetching results from database in realtime Can we set frequency to fetch results from database to real time. Does that effect anything. Does Splunk take more s... by ankithreddy777 Contributor in Splunk Search 07-10-2018 0 3	0	3