Splunk Search

Community Activity

disable mouse hover on line chart I want to disable hover on line chart, so it should not respond to hover, just a line. I was able to remove tooltip a... by dsiob Communicator in Splunk Search 05-16-2018 3 1	3	1
Splunk maintenance Is there maintenance procedure that Splunk Enterprise/deployment/instance requires periodically to ensure high perfo... by teddyidc1101 Communicator in Splunk Search 05-16-2018 0 4	0	4
How to create a timechart with multiple values? Hello! I'm trying to make a timechart like this one below, but I have some hosts that I need to show their medium cpu... by ppatrikfr Path Finder in Splunk Search 05-16-2018 0 3	0	3
can't extract the field, below error shows up, Argument 'value' contains invalid character : ^[\d+;\d+\w+\s+\d+-\d+-\d+\s+\d+:\d+:\d+,\d+\s+[\w+::\w+.\w+.\w+.\w+.\w... by simranrathi New Member in Splunk Search 05-16-2018 0 4	0	4
Stats Question passing one field common to two sourcetypes where location is in one sourcetype to use field in second sourcetype Where am i going wrong here: I'm trying to get a list of user ID's by location and pass them up to a search which al... by Skins Path Finder in Splunk Search 05-16-2018 0 1	0	1
Error in 'eval' command: The expression is malformed. An unexpected character is reached I was getting when I run the below query, can someone give me the solution pls, below is my query: \| convert num(ac... by sarathipattam New Member in Splunk Search 05-15-2018 0 2	0	2
How do I search for multiple errors found in /var/log/messages? I want to search for the following 3 error combinations and send alert if any, some or all are found: Error #1 - pro... by damonmanni Path Finder in Splunk Search 05-15-2018 0 1	0	1
How to filter and append a value from a subsearch into the primary search? My data is in JSON format split into two different sourcetypes. Between the two sourcetypes exists a linking logID th... by brajaram Communicator in Splunk Search 05-15-2018 0 1	0	1
How to modify my search to check mvindex count before eval? Hello Splunkers, I'm trying to figure out how to apply an if statement to check the count of an index before adding ... by splunker1981 Path Finder in Splunk Search 05-15-2018 0 2	0	2
JOIN to list user per DeviceId Search is trying to show all users within the companyOu that have Mobile Iron setup (Status=Allowed) and those that d... by davidcraven02 Communicator in Splunk Search 05-15-2018 0 7	0	7
What is the best way to handle repeating fields in a single event? Hi all, What would be the best way for Splunk to handle repeating fields in a single event? For instance, one of my ... by bcarr12 Path Finder in Splunk Search 05-15-2018 0 2	0	2
What is a better way of comparing EPOCH times? I have the query below that checks for the expiration date of a certificate, converts it to epoch time, and then basi... by Kendo213 Communicator in Splunk Search 05-15-2018 0 3	0	3
How to report to see how much time a user spends on a PC? I have a search that captures when a user logs in and logs out of his PC: index=win* (EventCode=4800 OR EventCode=48... by vpatsalos New Member in Splunk Search 05-15-2018 0 1	0	1
Unicode characters in dashboards/searches Hi Is it fine to use Unicode characters as a quick way to to set checklist marks & various other formatting/make pr... by stanwin Contributor in Splunk Search 05-15-2018 5 4	5	4
Regex or rex LDAP extraction I keep trying to figure things out myself but my head is getting bruised from hitting it against my desk... I am try... by ccsfdave Builder in Splunk Search 05-15-2018 0 4	0	4
How to edit timestamp to one day previously? I have a report running in SPLUNK on a daily basis. The timestamp for this report is the "Report Date" field (i.e. to... by jackreeves Explorer in Splunk Search 05-15-2018 0 9	0	9
How to format data in a table column to print one entry on a line? Is there a way to format data in a table column to print one entry on a line? In my alert the table data shows up so... by OldManEd Builder in Splunk Search 05-15-2018 0 5	0	5
How to cluster "SMS messages" ? how to do the Grouping of text messages based on the sms content? I have a CSV file with fields mentioned below: Updated Date, SMSMessage,Sender,SMS Date,userID The SMSMessage field ... by simon21 Path Finder in Splunk Search 05-15-2018 0 1	0	1
Extract wrapped field for auto extraction Today we have messages from our application like this: 2018-May-1 12:00:00.000 [Thread=4d2ce108-c322-49ff-bcc0-380d7... by azulcactus New Member in Splunk Search 05-15-2018 0 0	0	0
How to convert field date into week values? Good Day all, I have a query, I am uploading a CSV regularly onto splunk. Since its uploaded in a random time, splunk... by ranjitbrhm1 Communicator in Splunk Search 05-15-2018 0 2	0	2
How to display the time field? In one of the search queries, I am displaying the Latest and Oldest value of a field. Please refer the below sample q... by akarivaratharaj Communicator in Splunk Search 05-15-2018 0 2	0	2
Question regarding brute force query Please see this query for brute force detection- index="wineventlog" sourcetype=wineventlog:security \| search (Event... by rahul_mckc_splu Loves-to-Learn in Splunk Search 05-15-2018 0 3	0	3
How to search a matching string using lookup? I have a query like this, which prints the number of message matches and an abbreviation: sourcetype=source1 \| rex "... by equick Explorer in Splunk Search 05-15-2018 1 6	1	6
How to rearrange columns in a timechart result? Hi, I have a timechart result with two columns as shown in the 1st screenshot. Hour column contain a count for each... by Allampally Path Finder in Splunk Search 05-15-2018 0 2	0	2
Would like timechart (count) to show a legend with overall % next to each item I've been looking at some similar questions .. (for instance, this showed how to have timechart display % each day in... by bhartmann New Member in Splunk Search 05-14-2018 0 0	0	0