Splunk Search

Community Activity

Does ignoreOlderThan work on Windows? Does ignoreOlderThan work on Windows? Apparently for windows events logs and for open files there might be issues. by ddrillic Ultra Champion in Splunk Search 04-03-2018 0 2	0	2
Is there a way to deduplicate data by date? I'm trying to run a quarterly report that lists unique individuals in a building. The search lists each building name... by brcrommett Engager in Splunk Search 04-03-2018 0 2	0	2
Still lost - Where do props and transforms go?? We have data coming from a file on a Universal Forwarder that requires field extractions. The extractions are in a p... by aferone Builder in Splunk Search 04-03-2018 0 10	0	10
How to remove null entries from chart? hi to all, I have a query that produces a chart of hosts, speeds and connection types, index=* \| table host, s... by chavarfa New Member in Splunk Search 04-03-2018 0 4	0	4
hide navigation tabs(Messages ,settings,Activity,Help,find) when a user logs in. Hi all, I am using splunk 6.6. My requirement is hide the tabs like message ,setting ,help and others for a particul... by abhishekroy168 Path Finder in Splunk Search 04-03-2018 0 5	0	5
How to trigger savedsearch on state change and match fields? Hello, I have the following events: host1,message,service1,status host2,message,service1,status host1,message,servi... by andrei1bc Communicator in Splunk Search 04-03-2018 0 2	0	2
I want to show data result group by month where data sorted as string not as date In data, I have complete date time field , which is formatted in Month format then we added group by clause as below ... by archanachaudhar New Member in Splunk Search 04-03-2018 0 2	0	2
How to convert GMT timestamp to EST? All of my splunk events have the timestamp GMT. How do I evaluate _time to show EST? I was thinking of using: eval n... by kdimaria Communicator in Splunk Search 04-03-2018 0 1	0	1
Regex for props.conf Hello All, I have an XML file which i need to injest. I cannot seem to set the correct regex to match the todo-item h... by ranjitbrhm1 Communicator in Splunk Search 04-03-2018 0 2	0	2
Why am I unable to append a lookup table with OUTPUTLOOKUP? I am trying to append some custom IP Addresses to a lookup table of IP addresses \|inputlookup mk_ip_list \| append [... by MonkeyK Builder in Splunk Search 04-03-2018 0 6	0	6
About Real-time alert and "stats" command I have two questions. Q1. About rt-alert and stats command I created a real-time alert in my environment, but it do... by yutaka1005 Builder in Splunk Search 04-03-2018 0 4	0	4
How to include date wise success and failures for comparison in table format in the dashboard? Below query is working fine But i want to include date wise success and failures for comparison. (index="x") AND (ho... by guru89044 Explorer in Splunk Search 04-02-2018 0 17	0	17
strptime for a existing time field in lookup table and adding new time field (_time) in the same lookup table i have a timefield "date_last" in a lookup table: 2018-03-20T12:25:00.000Z which i have tried to extract the field ... by esmonder Path Finder in Splunk Search 04-02-2018 0 8	0	8
Why is Join not returning all events? [\|tstats latest(source) as source where source="F:\\FTPROOT\\Splunk Inputs\\IDM_*.csv" \| fields source] returns 245,5... by Harold9000 New Member in Splunk Search 04-02-2018 0 8	0	8
Place value in custom column if date is a certain month? I am trying to populate a custom column if a date stamp (that has been converted to epoch) if that date stamp matches... by rkassabov Path Finder in Splunk Search 04-02-2018 0 7	0	7
data count from differents report in the same report Hi I use 4 différents reports for doing a count of data 1) index="wineventlog" sourcetype="wineventlog:application"... by jip31jip31 Explorer in Splunk Search 04-02-2018 0 5	0	5
Attempting to extract multiple fields out of a large logfile and creating a stats chart I have a logfile which has multiple lines of logs with each logline having nearly 700+ lines. I am trying to extract ... by deepwater New Member in Splunk Search 04-02-2018 0 5	0	5
Limit message length Hello, How can i limit the nuber of character displayed in the message field? Thank you. by smarechal Explorer in Splunk Search 04-02-2018 0 4	0	4
Eval if date stamp is a certain month? I need to eval if a date+time stamp (for example: 2018-02-22 21:54:00.380000) falls in a certain month (i.e. jan, fe... by rkassabov Path Finder in Splunk Search 04-02-2018 0 11	0	11
how to hide options like message, setting,activity from the first page Hi Experts, I do not want to show Message, Setting , activity , help to my user it is present at the top right corne... by vikas_gopal Builder in Splunk Search 04-02-2018 1 5	1	5
How to get at two fields from a subsearch to the main search results Hello, I am stuck with a scenario and can not figure out the right way out. I want my Sub search to retrieve 2 field... by Sayanta_Basak_I Explorer in Splunk Search 04-02-2018 0 10	0	10
unable to all the display values if a condition is met Hi Everyone I am trying to display the status of all the servers even if one one server status is OUT. like below. ... by sukundur Engager in Splunk Search 04-02-2018 0 4	0	4
Timechart total selles over month period Hello I need to timechart sum of selles over month period. how to do this? I am new in splunk. by dibrova911 New Member in Splunk Search 04-02-2018 0 3	0	3
Join in Splunk Hi there! Just want to ask if possible to execute a non-equijoin in Splunk? A non-equijoin (in SQL) joins two table ... by cx233alvin Explorer in Splunk Search 04-01-2018 0 9	0	9
Modify the result of a query using csv lookup Before asking the question, here is a brief description of what I have done and doing. Below query is working fine w... by AdsicSplunk New Member in Splunk Search 04-01-2018 0 4	0	4