Splunk Search

Community Activity

How to compare two fields in a event and list out the field when one of the fields does not exist? Hello, I have a multiple events in a log file which contains field A and field B but not in all the events, I need t... by bollam Path Finder in Splunk Search 04-26-2018 0 2	0	2
why 2 searches dont return same results This search: index=dev_tsv source="activity" "Organization Name"="NA" "Added a comment" \| rename Action as N... by tkwaller_2 Communicator in Splunk Search 04-26-2018 0 5	0	5
Splunk Trigger alert no transaction inside log file from the directory? I have two directory having two log files Directory: /logs/Test1/ /logs/Test2/ The directory have two log files: ... by karthi2809 Builder in Splunk Search 04-26-2018 0 2	0	2
Is it possible to ignore the last result? good afternoon I have the following query \| dbxquery connection = connection query = "....." \| chart eval (round ... by efaundez Path Finder in Splunk Search 04-26-2018 0 6	0	6
eval IP function - help Hello, I have a search woring which returns single IP addresses as source for certain events. As part of this I want... by griggsy New Member in Splunk Search 04-26-2018 0 1	0	1
Transpose Multiple Column Headers HI, I wonder whether someone can help me please. I'm running the query below which works fine, but I'm having some d... by IRHM73 Motivator in Splunk Search 04-26-2018 1 2	1	2
How to get sum of a column Hello, I am new in Splunk and trying to figure out sum of a column. i run following sql query on database: SELECT c... by singh321 New Member in Splunk Search 04-25-2018 0 14	0	14
how to get events for exact matched string only in the field value I am searching : index=web account_domain="INCCORP" bur getting result which have account_doamain with "INCCORP","... by Meharkant123 New Member in Splunk Search 04-25-2018 0 3	0	3
how to exclucde number of values from search sourcetype="source_traffic" \| stats values(dest_port) by dst_ip Hi I am lookin for result of IP which have more than... by Meharkant123 New Member in Splunk Search 04-25-2018 0 2	0	2
How to create a table for pfsense firewall logs using rex command? I was trying to create a table for pfsense firewall logs using rex command. But it is not creating a table, instead s... by jawadak New Member in Splunk Search 04-25-2018 0 3	0	3
How to use where command to keep only specific rows? My query so far looks like this: sourcetype="type1" OR sourcetype="type2" \|chart count(sales1) over sales2 by source... by summitsplunk Communicator in Splunk Search 04-25-2018 0 1	0	1
How to add a column to the results table based on an existing field? Hello: I am trying to add a column to the results table, the reason for this is so that I can then use that value fo... by ivtashev New Member in Splunk Search 04-25-2018 0 1	0	1
How to extract values from a field instead of _raw? Hi I am getting below log and want to extract the data/values from the field using props.conf / transforms.conf. F... by soumyacharya91 Path Finder in Splunk Search 04-25-2018 0 7	0	7
Calculation using the number of events returned to determine average I have data similiar to this: Account Count TotalSessions abc 4 12 xyz ... by dwong2 New Member in Splunk Search 04-25-2018 0 3	0	3
Using a lookup file to run queries I'm trying to create a search based on error strings in a lookup file and i'd like the output to include stats based... by gferreira New Member in Splunk Search 04-25-2018 0 2	0	2
Why am I seeing different results with dashboard/query results using "index in ( A B C )" vs. "index=A"? Okay, I have an issue between the results from "index in ( index1 index2 )" and "index=index1 OR index=index2". What... by scknogas Path Finder in Splunk Search 04-25-2018 0 6	0	6
How to create a single value element for the dashboard? I have following stats. I want to create a single value element which will show the revenue of 2014 and increase/decr... by leanpro Engager in Splunk Search 04-25-2018 0 2	0	2
Timechart Volume per hour same day over several weeks...Seeking alternative way. This is a working search that charts Volume per hour for the same day (Current day) over multiple weeks. The search t... by nqjpm Path Finder in Splunk Search 04-25-2018 0 7	0	7
Splunk Search For Exact Word Hi When I execute a search for "foo", I only want events that have the word foo and not events that have words like ... by sajbutler Path Finder in Splunk Search 04-25-2018 1 4	1	4
Why is Hunk 6.1.1 ignoring 'earliest' and 'latest' in search? I have a vix defined with the following parameters: [mydata] vix.provider = myprovider vix.input.1.path = /user/hunk... by shaskell_splunk Splunk Employee in Splunk Search 04-25-2018 2 6	2	6
How to stop Splunk from recognizing a large number as a (epoch) timestamp? I'm using the map function to do a search on reach row of a table I've created with some IDs that link certain things... by koenV Explorer in Splunk Search 04-25-2018 0 6	0	6
How to categorize count results by country I have the following code from a web log, which gives me a table of the Time (by minute) the total for that minute, a... by parwindertaank Explorer in Splunk Search 04-25-2018 0 2	0	2
How to separate query result by country I have the following which provides me the total number of events for each minute and the predicted value as well as ... by parwindertaank Explorer in Splunk Search 04-25-2018 0 5	0	5
Read timezone from openvas logs? Regex, strftime, won't detect it. I'm inputting openvas logs into splunk. Works great for .messages, not so much for .log files. Below is how the lines... by JSkier Communicator in Splunk Search 04-25-2018 0 3	0	3
Is it possible to change the IP address to the name of the switch? We send syslog direct from switches to the Splunk indexer. Is it possible to change the IP address to the name of the... by chrisitanmoleck Path Finder in Splunk Search 04-25-2018 0 5	0	5