Splunk Search

Community Activity

How to format data in a table column to print one entry on a line? Is there a way to format data in a table column to print one entry on a line? In my alert the table data shows up so... by OldManEd Builder in Splunk Search 05-15-2018 0 5	0	5
How to cluster "SMS messages" ? how to do the Grouping of text messages based on the sms content? I have a CSV file with fields mentioned below: Updated Date, SMSMessage,Sender,SMS Date,userID The SMSMessage field ... by simon21 Path Finder in Splunk Search 05-15-2018 0 1	0	1
Extract wrapped field for auto extraction Today we have messages from our application like this: 2018-May-1 12:00:00.000 [Thread=4d2ce108-c322-49ff-bcc0-380d7... by azulcactus New Member in Splunk Search 05-15-2018 0 0	0	0
How to convert field date into week values? Good Day all, I have a query, I am uploading a CSV regularly onto splunk. Since its uploaded in a random time, splunk... by ranjitbrhm1 Communicator in Splunk Search 05-15-2018 0 2	0	2
How to display the time field? In one of the search queries, I am displaying the Latest and Oldest value of a field. Please refer the below sample q... by akarivaratharaj Communicator in Splunk Search 05-15-2018 0 2	0	2
Question regarding brute force query Please see this query for brute force detection- index="wineventlog" sourcetype=wineventlog:security \| search (Event... by rahul_mckc_splu Loves-to-Learn in Splunk Search 05-15-2018 0 3	0	3
How to search a matching string using lookup? I have a query like this, which prints the number of message matches and an abbreviation: sourcetype=source1 \| rex "... by equick Explorer in Splunk Search 05-15-2018 1 6	1	6
How to rearrange columns in a timechart result? Hi, I have a timechart result with two columns as shown in the 1st screenshot. Hour column contain a count for each... by Allampally Path Finder in Splunk Search 05-15-2018 0 2	0	2
Would like timechart (count) to show a legend with overall % next to each item I've been looking at some similar questions .. (for instance, this showed how to have timechart display % each day in... by bhartmann New Member in Splunk Search 05-14-2018 0 0	0	0
How do you restore the local.meta if it has been corrupted The local.meta file on our splunk 5.0.4 version on the Search Head/Deployer server has had data removed (assuming acc... by nls7010 Path Finder in Splunk Search 05-14-2018 0 3	0	3
How to group by object's keys? I would like to create stats from the data whose structure looks like mentioned below: { data: { ... by developer_de New Member in Splunk Search 05-14-2018 0 4	0	4
search to find users that worked most events i want to know who worked the most splunk events per day. We have corelation searches that fire on specific use cases... by ahmar74 Explorer in Splunk Search 05-14-2018 0 0	0	0
How to Eval urldecode and then regex? I have some URL encoded logs. ...\| eval decoded_raw = urldecode(_raw) how would I write a rex to find any decoded_... by Log_wrangler Builder in Splunk Search 05-14-2018 1 4	1	4
subtraction of timestamp from two search i would like to calculate response time by extracting timestamp from two different search then subtracting Response=S... by jayaraj1717 New Member in Splunk Search 05-14-2018 0 9	0	9
How to calculate concurrent operations on a server in a timechart? Hi, I'm trying to show the concurrent number of 2 operations(eg, data 'export', and data 'import') on a server in a ... by jackie_1001 New Member in Splunk Search 05-14-2018 0 4	0	4
How to count the number of alerts with various time ranges and displays, together? I want to create a visualization that shows the number of sales in the last 1, 2, and 7 days all within the same visu... by DEAD_BEEF Builder in Splunk Search 05-14-2018 0 5	0	5
Unable to use regex to index logs Hi, I wish to configure splunk forwarder to pick logs from a directory that match any of the below patterns. Essentia... by pimco_rgoyal Observer in Splunk Search 05-14-2018 0 6	0	6
How to populate a column that generates time difference for the results which are generated from a stats command? I have this query. index=azure Operation=UserLoggedIn user!=Unknown\|sort - _time \| iplocation ClientIP \| eval Tim... by pkhedwal New Member in Splunk Search 05-14-2018 0 2	0	2
TimeChart implemention over two grouping i have log file as below need to calculate Execution time for each events and dispay data by grouping with Errorcode ... by jayaraj1717 New Member in Splunk Search 05-14-2018 0 3	0	3
Splunk freezing for other users when doing large base search. Hi Other users are unable to open splunk screens for up to 1 minute while one user is running a large base search? ... by robertlynch2020 Influencer in Splunk Search 05-14-2018 0 22	0	22
Process end with load job I have modified the xml of my dashboard in order to load some data directly form the results of the process related t... by brober27 New Member in Splunk Search 05-14-2018 0 1	0	1
item and time column lookup help I have several rows of a CSV lookup Name,00:00,00:15,00:30 test1,A,A,A test2,A,N,N I want to matchup _time with the ... by BP9906 Builder in Splunk Search 05-13-2018 0 1	0	1
How to write a query to show the top performer (Single Value)? Hello All, I want to write something that shows a single value with the below data Customer M 5 Units Customer N 15 ... by ranjitbrhm1 Communicator in Splunk Search 05-13-2018 0 1	0	1
Stats Values Multisearch Hi, I wonder whether someone could help me please. I'm using the following join query which extracts the data perfec... by IRHM73 Motivator in Splunk Search 05-13-2018 0 0	0	0
When creating an app, how to configure it that after the install, "Restart Required" dialog would be displayed? I am creating an app which is using a lookup file. That lookup file is populated by a saved search with this setting ... by imrago Contributor in Splunk Search 05-13-2018 0 3	0	3