Splunk Search

Community Activity

How to display the time field? In one of the search queries, I am displaying the Latest and Oldest value of a field. Please refer the below sample q... by akarivaratharaj Communicator in Splunk Search 05-15-2018 0 2	0	2
Question regarding brute force query Please see this query for brute force detection- index="wineventlog" sourcetype=wineventlog:security \| search (Event... by rahul_mckc_splu Loves-to-Learn in Splunk Search 05-15-2018 0 3	0	3
How to search a matching string using lookup? I have a query like this, which prints the number of message matches and an abbreviation: sourcetype=source1 \| rex "... by equick Explorer in Splunk Search 05-15-2018 1 6	1	6
How to rearrange columns in a timechart result? Hi, I have a timechart result with two columns as shown in the 1st screenshot. Hour column contain a count for each... by Allampally Path Finder in Splunk Search 05-15-2018 0 2	0	2
Would like timechart (count) to show a legend with overall % next to each item I've been looking at some similar questions .. (for instance, this showed how to have timechart display % each day in... by bhartmann New Member in Splunk Search 05-14-2018 0 0	0	0
How do you restore the local.meta if it has been corrupted The local.meta file on our splunk 5.0.4 version on the Search Head/Deployer server has had data removed (assuming acc... by nls7010 Path Finder in Splunk Search 05-14-2018 0 3	0	3
How to group by object's keys? I would like to create stats from the data whose structure looks like mentioned below: { data: { ... by developer_de New Member in Splunk Search 05-14-2018 0 4	0	4
search to find users that worked most events i want to know who worked the most splunk events per day. We have corelation searches that fire on specific use cases... by ahmar74 Explorer in Splunk Search 05-14-2018 0 0	0	0
How to Eval urldecode and then regex? I have some URL encoded logs. ...\| eval decoded_raw = urldecode(_raw) how would I write a rex to find any decoded_... by Log_wrangler Builder in Splunk Search 05-14-2018 1 4	1	4
subtraction of timestamp from two search i would like to calculate response time by extracting timestamp from two different search then subtracting Response=S... by jayaraj1717 New Member in Splunk Search 05-14-2018 0 9	0	9
How to calculate concurrent operations on a server in a timechart? Hi, I'm trying to show the concurrent number of 2 operations(eg, data 'export', and data 'import') on a server in a ... by jackie_1001 New Member in Splunk Search 05-14-2018 0 4	0	4
How to count the number of alerts with various time ranges and displays, together? I want to create a visualization that shows the number of sales in the last 1, 2, and 7 days all within the same visu... by DEAD_BEEF Builder in Splunk Search 05-14-2018 0 5	0	5
Unable to use regex to index logs Hi, I wish to configure splunk forwarder to pick logs from a directory that match any of the below patterns. Essentia... by pimco_rgoyal Observer in Splunk Search 05-14-2018 0 6	0	6
How to populate a column that generates time difference for the results which are generated from a stats command? I have this query. index=azure Operation=UserLoggedIn user!=Unknown\|sort - _time \| iplocation ClientIP \| eval Tim... by pkhedwal New Member in Splunk Search 05-14-2018 0 2	0	2
TimeChart implemention over two grouping i have log file as below need to calculate Execution time for each events and dispay data by grouping with Errorcode ... by jayaraj1717 New Member in Splunk Search 05-14-2018 0 3	0	3
Splunk freezing for other users when doing large base search. Hi Other users are unable to open splunk screens for up to 1 minute while one user is running a large base search? ... by robertlynch2020 Influencer in Splunk Search 05-14-2018 0 22	0	22
Process end with load job I have modified the xml of my dashboard in order to load some data directly form the results of the process related t... by brober27 New Member in Splunk Search 05-14-2018 0 1	0	1
item and time column lookup help I have several rows of a CSV lookup Name,00:00,00:15,00:30 test1,A,A,A test2,A,N,N I want to matchup _time with the ... by BP9906 Builder in Splunk Search 05-13-2018 0 1	0	1
How to write a query to show the top performer (Single Value)? Hello All, I want to write something that shows a single value with the below data Customer M 5 Units Customer N 15 ... by ranjitbrhm1 Communicator in Splunk Search 05-13-2018 0 1	0	1
Stats Values Multisearch Hi, I wonder whether someone could help me please. I'm using the following join query which extracts the data perfec... by IRHM73 Motivator in Splunk Search 05-13-2018 0 0	0	0
When creating an app, how to configure it that after the install, "Restart Required" dialog would be displayed? I am creating an app which is using a lookup file. That lookup file is populated by a saved search with this setting ... by imrago Contributor in Splunk Search 05-13-2018 0 3	0	3
Date parsing incorrect I have logs from two Unifi switches. One parses the date just fine, the other gets the year messed up, but parses the... by bdf0506 Path Finder in Splunk Search 05-12-2018 0 6	0	6
round function doesn't work with timechart but does with table This following doesn't work. I don't see the decimals limiting to two digits. \| eval n=round(var5,2) \| timechart spa... by zacksoft Contributor in Splunk Search 05-12-2018 0 7	0	7
How to round up a number and avoid infinite zeros? I am trying to round UP numbers one decimal to the left whenever its, for example: 10510 ---> 11000 10499 ---> 10000 ... by adonio Ultra Champion in Splunk Search 05-11-2018 0 6	0	6
How to input the value of key from the second search result in the "in" clause of "where" of the first search? HI I want to write a query like this index=* "searchString1" \| where in ([search "searchString2" \| field key]) It... by sramya New Member in Splunk Search 05-11-2018 0 2	0	2