Splunk Search

Community Activity

How to extract new fields in a log file Here is a sample content from my application log. I wish to extract the fields "rib-rmq Status is STATE_ACTIVE. Lo... by sarvan7777 New Member in Splunk Search 04-12-2018 0 5	0	5
Should the records in time-based lookup csv file must to be sequence (order) by time? Hi, As title. I have done some test using small set of data in my lab. It looks like the time-based lookup work corre... by leo_systex Explorer in Splunk Search 04-12-2018 0 0	0	0
How to 'grep' multi-line event? How would I perform a Unix grep on a multi-line event? Ex.: _raw="one two three" _raw="tree bee eleven" I'd like ... by axelabs Explorer in Splunk Search 04-12-2018 0 1	0	1
Field not fillled through eval in map I have a search like this: \|inputlookup CSV-Generic-GenCus-GenLBL-SensitiveDataKeyWords.csv \| map [search index="*" ... by fvegdom Path Finder in Splunk Search 04-12-2018 0 5	0	5
Why is the mvcombine breaking sparkline? Hi everyone, I have a requirement to use mvcombine after stats. When I use mvcombine the sparkline stops working ... by subtrakt Contributor in Splunk Search 04-12-2018 0 1	0	1
What should I use instead of foreach when iterating? When running the following - \| makeresults 1 \| eval total=0 \| eval server1=host1 \| eval server2=host2 \| eval ser... by ddrillic Ultra Champion in Splunk Search 04-12-2018 0 18	0	18
How can I retain certain field values for all events with tstats when some fields may not exist on all events? I have an accelerated data model where all events contain a duration field (ReqTot). In addition, some events include... by aboese New Member in Splunk Search 04-12-2018 0 3	0	3
Why are there field extraction issues on events with no sourcetype information? Hi there, I know there is an answer related to my question but I don't understand it. I already have this sourcetyp... by carlyleadmin Contributor in Splunk Search 04-12-2018 0 4	0	4
InputLookup - find unique values across 4 fields I have a lookup file that contain 4 fields (field1, field2, field3, field4) which contains an account number. Same ac... by brdr Contributor in Splunk Search 04-12-2018 0 2	0	2
complete data not coming through search When I run the following query , I am getting data for limited days. Eg. When I run this query for 1 month ,I didn't... by harshal94 Engager in Splunk Search 04-12-2018 0 1	0	1
case - expression is malformed What am I doing wrong? * Account_Name=smithjt OR Account_Name=jonestt* \|eval X1=case (Account_Name=="smithjt", "John ... by jtitus3 Explorer in Splunk Search 04-12-2018 0 4	0	4
Eval commands Does anyone know if you do a rex and create a new field could you use that field for the eval commands? IE: \| rex fi... by HealyManTech Explorer in Splunk Search 04-12-2018 0 3	0	3
Dashboard views by user using REST & index=_internal I'd like to search dashboard views by user, which is stored in index=_internal. REST allows me to limit results using... by mgianola Explorer in Splunk Search 04-12-2018 0 3	0	3
Hi Team, can we use REST API in Splunk Cloud version? We want to integrate JIRA Server with Splunk cloud using REST API. Is it possible? If yes, please share documentatio... by shrikant0507198 New Member in Splunk Search 04-12-2018 0 0	0	0
sum up several fields with integer counts to one Hi, I have several fields which should be summed up to one count. I tried the following but the field is not showing... by mhornste Path Finder in Splunk Search 04-12-2018 0 2	0	2
How to join two indexes in different time ranges? I have two indexes: index 1 contains a list of domains and event_timestamp, index 2 contains a description for every ... by mcohen13 Loves-to-Learn in Splunk Search 04-11-2018 0 5	0	5
how can i get each value for specific filed? index=test host=rider258 APP=TEST \| rex field=_raw "CAR:(?\d+)" \| table CAR this is my query. But whenever i run... by prabhunesanket1 New Member in Splunk Search 04-11-2018 0 2	0	2
Add total at the end of a column in Splunk Hello, I have a splunk query that goes into our AWS bill and outputs totals for various AWS resources: index=prd_aw... by tdunphy_ Explorer in Splunk Search 04-11-2018 0 9	0	9
How to perform aggregations on multiple occurrences of a field inside a single event Hi, I have data something like this: Events in splunk search are as follows 04:30 [timestamp] [text] ty... by hsharma20 Engager in Splunk Search 04-11-2018 1 2	1	2
Pass a variable to fields command in a search - not working Hi, I'm trying to build a mechanism to pre-define a set of fields in my searches. The mechanism normally uses a macr... by cardinalga Explorer in Splunk Search 04-11-2018 0 9	0	9
REX question. Hello, I'm having a really hard time pulling the status code from an HA proxy log using a rex command. there are a n... by fotc1969 New Member in Splunk Search 04-11-2018 0 1	0	1
What is the difference between keeporphans and keepevicted in a transaction? Hi Folks, I'm fairly brand new to splunk, and trying to build a transaction out of cisco ASA data. My search looks ... by robmoser Explorer in Splunk Search 04-11-2018 0 5	0	5
Only show rows from a certain year based on datestamp? I have the following query that looks at data from all-time (according to Splunk date window). My understanding is th... by rkassabov Path Finder in Splunk Search 04-11-2018 0 2	0	2
How to use a lookup table to restrict a search? Hi, I have a lookup table that is just a list of MAC addresses. I need to be able to search a data set that has mac... by dbcase Motivator in Splunk Search 04-11-2018 0 10	0	10
how to get tthe average of a count value ? hi, can someone help me to complete the search to get the average of a count ?? we have a file that has the logins ... by abilis Explorer in Splunk Search 04-11-2018 0 6	0	6