Splunk Search

Community Activity

correlate data without subsearch or transaction Hi, I got data that have some fields missing in some events, e.g. field1 field2 field3 field4 field5 A... by stwong Communicator in Splunk Search 03-28-2018 0 4	0	4
useing metadata commend to display sourcetype host and sources at the same time HI I want to use \| metadata commend to display sourcetype host and sources at the same time, so far I cant make conn... by samlinsongguo Communicator in Splunk Search 03-28-2018 0 2	0	2
Modify token based on user moving forward and back on a panel's search results. On my dashboard I have a panel that displays a table. When the user clicks on the table, the drilldown sets a token ... by BearMormont Path Finder in Splunk Search 03-27-2018 0 1	0	1
How to edit my search to compare indexed data with lookup data? There are 2 sister companies say A & B. Employee of A and B have access of both the company as they are sister compa... by kumargaurav New Member in Splunk Search 03-27-2018 0 1	0	1
Inputlookup and sourcetype NOT not working I have 2 searches that I am trying to derive information on. The first is an inputlookup that is derived from a powe... by willadams Contributor in Splunk Search 03-27-2018 0 3	0	3
Group same IPs used in time period by user Hello, I am trying to create a search where the same IP is used more than 50 times by the same email address. So far... by mobrienmoore1 New Member in Splunk Search 03-27-2018 0 3	0	3
How do I change the REST API execution timeout? I am trying to setup the DUO Splunk Connector and am getting the following error in Splunk Web upon submitting the co... by thelucas Explorer in Splunk Search 03-27-2018 0 7	0	7
transaction grouping with startwith and endwith log format: start: A End: A start: B End: B Start: C Start: D End: C End: D Start:E End:F Query I am using: \| rex f... by xinde Path Finder in Splunk Search 03-27-2018 0 3	0	3
Extracting data from JSON log event I currently have the below event. I'm trying to extract the field name, and value. I'm unable to edit config for this... by hippe21 Explorer in Splunk Search 03-27-2018 0 2	0	2
eventstats distinct values I have used below query to get distinct values: stats values(gitRepo) AS serviceName BY buildNum This gives correc... by kasimbekur Explorer in Splunk Search 03-27-2018 0 3	0	3
Drilldown using fields not displayed in original table I've searched and found all sorts of advice and links to articles, but nothing has worked. Granted I am a Splunk newb... by grahamcampbell Explorer in Splunk Search 03-27-2018 1 7	1	7
Filter based on Null or blank or whitespace value.... Good afternoon all, As a relative noob to Splunk searching, I have a relatively easy (I hope) question. I have a Sp... by wwhitener Communicator in Splunk Search 03-27-2018 0 13	0	13
Joining Two base searches with a join Hi I have a very large base search. Full of tokens that can be driven from the user dashboard. It is built of 2 tsta... by robertlynch2020 Influencer in Splunk Search 03-27-2018 0 2	0	2
How to write a search to exclude an existing field(s) if Field1 has a value in ColumnA? Table below showing Column A, Column B, Column C and Column D. Calculation has to be: If Field1 has ColumnA value, ... by parikhapurva04 New Member in Splunk Search 03-27-2018 0 2	0	2
how to make single column content bold for specific values I have a statistic table in my dashboard. Which looks like the attached image. 1st column heading Area Now how ca... by surekhasplunk Communicator in Splunk Search 03-27-2018 0 2	0	2
Change command is not working for checkbox HI, I am trying to assign values to the token based on the values selected in the check box. If label="All" then I a... by madakkas Explorer in Splunk Search 03-27-2018 0 2	0	2
Regex to extract fields with different format Hello all, I need your help in order to get a regex that may extract fields from some messages. Example 1 USER: use... by nuaraujo Path Finder in Splunk Search 03-27-2018 0 6	0	6
How to check the status and start mode of these services? Hello all I want to check the status and the start mode of the 2 services below and I wrote this code. Does it seem t... by jip31 Motivator in Splunk Search 03-27-2018 0 19	0	19
Why strftime with %Z work differently between query and eval + token Hello In my dashboard, i saw a strange things with Timezone printing. In fact i have to make time conversion and sho... by ralzate Explorer in Splunk Search 03-27-2018 1 5	1	5
Create outliers split by clause I can create a table of numerical outliers for requests to a web service with something like \| timechart limit=11 us... by bowesmana SplunkTrust in Splunk Search 03-27-2018 0 1	0	1
Perform calculation based on 2 stats count result Hello, I've a requirement to perform the following calculation in percentage. First query is as below and single va... by krusovice Path Finder in Splunk Search 03-27-2018 0 2	0	2
Detecting outlier without using Splunk Machine Learning Toolkit Hi all, Not sure if it is a good way to solve this. Currently I do not have access to Splunk Machine Learning Toolk... by quahfamili Path Finder in Splunk Search 03-26-2018 0 5	0	5
multi value fields in subsearch to join become single value in parent I have a subseqrch to a join that returns a multivalued field. However, when that's put into a table in the parent se... by bowesmana SplunkTrust in Splunk Search 03-26-2018 0 2	0	2
How can I create a subsearch with multiple time ranges? I'm trying to write a subsearch that searches multiple sections of time. What I have works until I wrap it in bracket... by aguthrie1190 Path Finder in Splunk Search 03-26-2018 0 10	0	10
Stumped on basic stats to return a unique identifier from the slowest event by action So the concept is ridiculously simple, however I am having a monumental brain fart. I want to generate a table with ... by Cuyose Builder in Splunk Search 03-26-2018 0 4	0	4