Splunk Search

Community Activity

how to get items from a large json file? Hi everyone I´m new in splunk ,I need to get items from a json file but when i search in my file i see this in many ... by cleal New Member in Splunk Search 04-30-2018 0 1	0	1
using multiselect to concatenate fields into a compound key We have a dashboard where the user can select multiple in a multiselect input field. Those values correspond to colu... by mschellhouse Path Finder in Splunk Search 04-30-2018 0 4	0	4
Excel Like Pivot Table I'm trying to figure out how to build an excel-like pivot table using 3 or more columns. As example, I have this dat... by jperry_intact New Member in Splunk Search 04-30-2018 0 2	0	2
If i have 3 column in lookup table like column "A" has 10 entries column "B" has 5 entries and column "C" has 2 entries how can i match in search if i have 3 fields A,B,C and i need to match all entries for that fields index=main \|search [\|inputlookup abc.csv \| f... by rahul_mckc_splu Loves-to-Learn in Splunk Search 04-30-2018 0 2	0	2
Multi level table Hi, I am trying to build a multi-level pivot table in SPLUNK, where you can have multiple rows under one another lik... by jackreeves Explorer in Splunk Search 04-30-2018 0 1	0	1
Multivalue xml field extraction Hi Splunkers, Part of the incoming xml data looks like this, <metaDataSet> <metaData key="DocName">mm12... by jsanjeb Explorer in Splunk Search 04-30-2018 0 8	0	8
How to filter a dashboard search based on a date field that is not the default _time field? Hello, I am having trouble setting up a dashboard to filter based on a date field which isn't the default _time fiel... by jwch Explorer in Splunk Search 04-30-2018 0 4	0	4
How to group by a by Title? Hi guys!! I have this search: index=temp sourcetype=sdc cs_host="mto.ree." WT_dl=0 NOT (cs_uri_stem ="*/es-es/... by mogoj Engager in Splunk Search 04-30-2018 0 4	0	4
Comparing multivalue field with single value field (v6.5.2) I was looking for a way to input multiple text inputs on a dashboard and searching the inputs against a single value ... by esmonder Path Finder in Splunk Search 04-29-2018 0 3	0	3
On-Premises documentation server I run Splunk Enterprise in a distributed cluster architecture, in an offline environment that is completely disconnec... by eden881 Path Finder in Splunk Search 04-29-2018 0 1	0	1
Average command vs count and average command Maybe im just bad in mathematics. but why does splunk docs always take the count of events and then the avg of event... by ranjitbrhm1 Communicator in Splunk Search 04-29-2018 0 2	0	2
Add a blank row in the table I have a search which would give me a table of results and at the end the total count of columns. I want a blank lin... by Navanitha Path Finder in Splunk Search 04-28-2018 0 15	0	15
Source Workstation shows random IP Hi there, I'm looking into why one of our users is getting locked out, but when I run a search to try to find out the... by brosariochan New Member in Splunk Search 04-28-2018 0 2	0	2
how to Configure positional timestamp extraction in log using RegEx? hi All, Am trying to extract the time stamp inside event as index time. We have similar sourcetype of logs from 4 di... by mallempatisreed Explorer in Splunk Search 04-28-2018 0 2	0	2
Help with ending search for rex expression Hi All - I am using the below query index=ABC "XYZ"\| rex field=_raw "\"code\":\"(?.*)\"" \| stats count by errorcode ... by pushpender07 Explorer in Splunk Search 04-28-2018 0 5	0	5
Calculate totals and then sort based on a field and separate out results accountId: 12345678 action: Test publishId: 123 or 456 tile: Tile1 How can I get this result: [accountI... by dwong2 New Member in Splunk Search 04-27-2018 0 2	0	2
Insert a heading between rows and customise it.? How can I add a heading between two rows , my each row on dashboard has three panels . and can i customize it ? by navd New Member in Splunk Search 04-27-2018 0 8	0	8
Mimecast for Splunk not showing Target Threat Protection Data Hello, We've had the Mimecast for Splunk v2 running in our environment for almost a year now and most of the data ha... by summitsplunk Communicator in Splunk Search 04-27-2018 1 0	1	0
Separate out results based on wildcard field ...search \| stats count(tile) as launches by tile publishId \| sort -"launches" accountExId: 12345678 publishId: 6... by dwong2 New Member in Splunk Search 04-27-2018 0 2	0	2
Calculating distinct counts with multiple conditions I am trying to compute distinct counts of a field based on multiple conditions. Can anyone please help with the calc ... by bhumikajpatel Explorer in Splunk Search 04-27-2018 0 7	0	7
how to get the list of non matching values of lookup with search? I have a search which will give list of a values for field A and I have a look up which has values for the same Fiel... by vrmandadi Builder in Splunk Search 04-27-2018 0 6	0	6
Searches running in Batches and needs to be triggered once the previous search is completed i am creating various reports which are schedule on cron expression but i wanted to see if there is any possibilites ... by chintan_shah Path Finder in Splunk Search 04-27-2018 0 1	0	1
Timechart /chart I'm looking to have line chart, which shows AccountID , Username and duration, how would put this with timechart char... by swetasoneji New Member in Splunk Search 04-27-2018 0 8	0	8
substr result Hi, I'm trying to use substr to extract the first 4 characters of my result (perc_err_test1 & perc_err_test2), but ... by katouoma New Member in Splunk Search 04-27-2018 0 9	0	9
sort csv by current dates I want to sort out a csv but it not working tried ......\| fields Date,count \| stats by Date,count \| eval Date=strp... by Bentash Explorer in Splunk Search 04-27-2018 0 3	0	3