Splunk Search

Community Activity

WHOIS Search I've looked at splunkbase for "whois" apps and searched the community for whois-type scripts, but found none that mee... by afarmer Explorer in Splunk Search 04-03-2018 0 1	0	1
How to loop through columns and do further calculation on a particular column? I have data like this: `a----b----c----d` `10----12----30----5` `50----34----46----55` `22----23----98----56` `32---... by pramit46 Contributor in Splunk Search 04-03-2018 0 2	0	2
How to create a funnel using a subsearch? Hello, I am trying to create a funnel that first count the number visits to page one and out of those how many went t... by Valisha2005 New Member in Splunk Search 04-03-2018 0 5	0	5
Should I hide Extreme Search? All, I just installed ES. We're moving nice and slow here. I see it installs a supporting app called "Extreme" Sear... by daniel333 Builder in Splunk Search 04-03-2018 0 1	0	1
How can I compare the results of two weeks ago with one week ago, with several fields? I have the following issue: 1- Two weeks ago I have 10 results of my entity with 3 fields; 2- One week ago I have 12 ... by splunk_exercice New Member in Splunk Search 04-03-2018 0 9	0	9
Does ignoreOlderThan work on Windows? Does ignoreOlderThan work on Windows? Apparently for windows events logs and for open files there might be issues. by ddrillic Ultra Champion in Splunk Search 04-03-2018 0 2	0	2
Is there a way to deduplicate data by date? I'm trying to run a quarterly report that lists unique individuals in a building. The search lists each building name... by brcrommett Engager in Splunk Search 04-03-2018 0 2	0	2
Still lost - Where do props and transforms go?? We have data coming from a file on a Universal Forwarder that requires field extractions. The extractions are in a p... by aferone Builder in Splunk Search 04-03-2018 0 10	0	10
How to remove null entries from chart? hi to all, I have a query that produces a chart of hosts, speeds and connection types, index=* \| table host, s... by chavarfa New Member in Splunk Search 04-03-2018 0 4	0	4
hide navigation tabs(Messages ,settings,Activity,Help,find) when a user logs in. Hi all, I am using splunk 6.6. My requirement is hide the tabs like message ,setting ,help and others for a particul... by abhishekroy168 Path Finder in Splunk Search 04-03-2018 0 5	0	5
How to trigger savedsearch on state change and match fields? Hello, I have the following events: host1,message,service1,status host2,message,service1,status host1,message,servi... by andrei1bc Communicator in Splunk Search 04-03-2018 0 2	0	2
I want to show data result group by month where data sorted as string not as date In data, I have complete date time field , which is formatted in Month format then we added group by clause as below ... by archanachaudhar New Member in Splunk Search 04-03-2018 0 2	0	2
How to convert GMT timestamp to EST? All of my splunk events have the timestamp GMT. How do I evaluate _time to show EST? I was thinking of using: eval n... by kdimaria Communicator in Splunk Search 04-03-2018 0 1	0	1
Regex for props.conf Hello All, I have an XML file which i need to injest. I cannot seem to set the correct regex to match the todo-item h... by ranjitbrhm1 Communicator in Splunk Search 04-03-2018 0 2	0	2
Why am I unable to append a lookup table with OUTPUTLOOKUP? I am trying to append some custom IP Addresses to a lookup table of IP addresses \|inputlookup mk_ip_list \| append [... by MonkeyK Builder in Splunk Search 04-03-2018 0 6	0	6
About Real-time alert and "stats" command I have two questions. Q1. About rt-alert and stats command I created a real-time alert in my environment, but it do... by yutaka1005 Builder in Splunk Search 04-03-2018 0 4	0	4
How to include date wise success and failures for comparison in table format in the dashboard? Below query is working fine But i want to include date wise success and failures for comparison. (index="x") AND (ho... by guru89044 Explorer in Splunk Search 04-02-2018 0 17	0	17
strptime for a existing time field in lookup table and adding new time field (_time) in the same lookup table i have a timefield "date_last" in a lookup table: 2018-03-20T12:25:00.000Z which i have tried to extract the field ... by esmonder Path Finder in Splunk Search 04-02-2018 0 8	0	8
Why is Join not returning all events? [\|tstats latest(source) as source where source="F:\\FTPROOT\\Splunk Inputs\\IDM_*.csv" \| fields source] returns 245,5... by Harold9000 New Member in Splunk Search 04-02-2018 0 8	0	8
Place value in custom column if date is a certain month? I am trying to populate a custom column if a date stamp (that has been converted to epoch) if that date stamp matches... by rkassabov Path Finder in Splunk Search 04-02-2018 0 7	0	7
data count from differents report in the same report Hi I use 4 différents reports for doing a count of data 1) index="wineventlog" sourcetype="wineventlog:application"... by jip31jip31 Explorer in Splunk Search 04-02-2018 0 5	0	5
Attempting to extract multiple fields out of a large logfile and creating a stats chart I have a logfile which has multiple lines of logs with each logline having nearly 700+ lines. I am trying to extract ... by deepwater New Member in Splunk Search 04-02-2018 0 5	0	5
Limit message length Hello, How can i limit the nuber of character displayed in the message field? Thank you. by smarechal Explorer in Splunk Search 04-02-2018 0 4	0	4
Eval if date stamp is a certain month? I need to eval if a date+time stamp (for example: 2018-02-22 21:54:00.380000) falls in a certain month (i.e. jan, fe... by rkassabov Path Finder in Splunk Search 04-02-2018 0 11	0	11
how to hide options like message, setting,activity from the first page Hi Experts, I do not want to show Message, Setting , activity , help to my user it is present at the top right corne... by vikas_gopal Builder in Splunk Search 04-02-2018 1 5	1	5