Splunk Search

Community Activity

	Basic Key Value extraction Hello, I receive message like this : topic="Sniffer" message=""timestamp"="1524387631351","process"="com.x.android... by erichard Explorer in Splunk Search 04-22-2018 0 2	0	2
	How to search for multiple fields with 2 sourcetypes? HI All, I need to search two sourcetypes and multiple fields at the same time. Following query is working correctly... by Chandras11 Communicator in Splunk Search 04-22-2018 0 2	0	2
	Using fillnull for multiple fields? What is the best way to use fillnull for multiple fields? What is the best way to avoid it working for only the first... by dannyzen Explorer in Splunk Search 04-22-2018 0 4	0	4
	How to extract a float value from 2 strings? How can I get all the float values that are between the strings "totalElapsedTime^" and "^" from the log sample bello... by alangularte New Member in Splunk Search 04-22-2018 0 3	0	3
	How to find the difference from the previous day in a lookup table? Hi. How to use Splunk query to compare to the "count" field from previous day from a lookup table? For instance, t... by splunkrocks2014 Communicator in Splunk Search 04-21-2018 0 3	0	3
	Remove last values of a field result following are the output of a filed file=a.csv file=a1.csv file=a2.csv file=b.csv file=b1.csv What i required is w... by n4niyaz Explorer in Splunk Search 04-21-2018 0 4	0	4
	the max time of day hello guys I have a problem at work index=mailog relay=10.204.0.0 I timechart span=1h count I timechart span=1d m... by baoamin New Member in Splunk Search 04-21-2018 0 12	0	12
	dedup and unique difference Could you please explain the difference between dedup and unique by logloganathan Motivator in Splunk Search 04-20-2018 0 4	0	4
	What would be the strategy to extract relevant data from field with unnecessary data? Description field parsing data from has some unnecessary survey data that I would like to ignore and NOT count. That ... by nqjpm Path Finder in Splunk Search 04-20-2018 0 4	0	4
	key error in Python call to search results Json I have a custom action alert based on an App The search is looking for a file, event, and file type. it then pipes th... by Athildjax64 New Member in Splunk Search 04-20-2018 0 2	0	2
	How to extract key-value field extraction? Need help with key value extraction for the following: Apr 20 10:38:59 10.1.8.25 {"adf": 1, "virtualservice": "virtu... by mcbradford Contributor in Splunk Search 04-20-2018 0 2	0	2
	how to display only those rows with a particular value in a particular value using \|table command I am applying few conditions and logic to come up with values for different fields. I'm then displaying them using te... by sh254087 Communicator in Splunk Search 04-20-2018 0 10	0	10
	Combinding results in fields with mulitple results I have two types of logs in an index. Both can have multiple entries for a ip address. What i need to do is find all... by jerrythoms Explorer in Splunk Search 04-20-2018 0 5	0	5
	eval match with NOT condition I've figured out how to use the match condition to use a wildcard in my eval, however now I need to put at NOT with i... by kmaron Motivator in Splunk Search 04-20-2018 0 6	0	6
	extract fields from rex _raw trying to extract a fields from logfile's text (have both examples in logfile): search sourcetype=apache "/apps/publ... by oustinov New Member in Splunk Search 04-20-2018 0 11	0	11
	Eval and If else value return or else null Hello Splunkers, Im constructing Eval field " user1" actually user field contain 5 digit number so i have to const... by Splunk_rocks Path Finder in Splunk Search 04-19-2018 0 4	0	4
	How to compare multiple fields? Hi All, I want to compare three fields value(may be) to arrive at new field. (mentioned 3 as it may require to compar... by Kwip Contributor in Splunk Search 04-19-2018 0 2	0	2
	What's causing the error message in the extraction of new fields? Why do I get the following error message when I try to extract new fields? The events associated with this job have ... by atemourt Engager in Splunk Search 04-19-2018 0 1	0	1
	How can I replace that field values to another and vice versa? For example, my account number is coming as device number and vice versa and that is expected based on the condition ... by saivardhan New Member in Splunk Search 04-19-2018 0 1	0	1
	How to create a second set of metrics, stats count by the field within the same table? Hi, I wonder whether someone may be able to help me please: I'm using the following query to record customer ratings... by IRHM73 Motivator in Splunk Search 04-19-2018 0 5	0	5
	How can I build a chart that show the difference between two fields? index=app sourcetype=application1 source=server1production with this search I get back two field Baseprice and finalp... by jfallon1 New Member in Splunk Search 04-19-2018 0 2	0	2
	How to show count increase by percent from average of the last X months? Is it possible to index="myindex" mcType=auditLog \| search auditType="*" \| stats count by auditType \| where count ... by summitsplunk Communicator in Splunk Search 04-19-2018 0 5	0	5
	rex field extraction How would I extract account number here, message:Receiving exp from: Long URL /Eex for account(s): 8768 rex field... by swetasoneji New Member in Splunk Search 04-19-2018 0 22	0	22
	Find consecutive duplicates in a field, by terminal Hi, I can't find a similar example already answered, so here goes: The data looks like this - _time, Terminal, ... by markyelland New Member in Splunk Search 04-19-2018 0 7	0	7
	Question on Selected fields in fields side bar Hi, In the selected fields to the left, I have a selected field by name source_address and it looks like below: Top... by muralisushma7 Explorer in Splunk Search 04-19-2018 0 1	0	1