Splunk Search

Community Activity

	How to compare two fields and result in a 'pass' or 'fail' in another field (give or take a count of 5)? Hello. I'm trying to compare two panels to see if there are any changes in the count. Both panels should be equal b... by Derben New Member in Splunk Search 03-22-2018 0 11	0	11
	What is a command that does the opposite of mvcombine? So, I know MV Combine asks that you specify the one unique field in a set of results, and returns a multi-value entry... by Haybuck15 Explorer in Splunk Search 03-22-2018 0 1	0	1
	How to search for all IP's not in a lookup table. Basically I want to use the inputlookup myspreadsheet.csv and I want to find all IP's that are not in that .csv file. by turnerde New Member in Splunk Search 03-22-2018 0 4	0	4
	Trying to match 2 fields in 2 different sources by wildcard I have 2 sources with different pieces information and i'm trying to return a coalesced search based on a partial mat... by fotc1969 New Member in Splunk Search 03-22-2018 0 3	0	3
	Why is the Syntax Highlighting options missing? When I visit my account setting in my splunk web instance any reference to Search options are not visible. Including ... by jat75 Explorer in Splunk Search 03-22-2018 0 2	0	2
	Why do I get "-bash: splunk: command not found" when I try to run the "splunk enable boot-start -user splunk" command? I log in to my Indexer as root, cd to /etc/init.d and then ran the "splunk enable boot-start -user splunk" command. A... by dharveynswccd Path Finder in Splunk Search 03-22-2018 0 3	0	3
	What this query will do? streamstats current=f latest(up) as oldUP by lowername I am bit confused what will streamstats calculate here? by harshal94 Engager in Splunk Search 03-22-2018 0 2	0	2
	three search in same page with alert and time span=3 month i want to do three different search in same page for time span is 3 month i need a alert to be configured by logloganathan Motivator in Splunk Search 03-21-2018 0 11	0	11
	xpath not giving result I want to extract NewValue when Network Settings is International Roaming Bar. Tried with \| xpath outfield=NewValue ... by payal23 Path Finder in Splunk Search 03-21-2018 0 14	0	14
	Case insensitive search in rex I am having a field such as Exception: NullReferenceException. And sometimes, EXCEPTION:NullReferenceExcpetion. I ne... by Naren26 Path Finder in Splunk Search 03-21-2018 0 3	0	3
	Splunk - Join two queries from same index and eventtype I have the following two events from the same index (VPN). I've been unable to try and join two searches to get a tab... by mikeyemane New Member in Splunk Search 03-21-2018 0 7	0	7
	Splunk license usage per sourcetype Hello, Is there a way to find out which sourcetype is sending too much of data to an index. i know an index but i wo... by iamlearner123 Explorer in Splunk Search 03-21-2018 0 3	0	3
	How do I remove rows with null values on single/multivalue fields? Hello Everyone I have a below search query that results me 4 column table. Process, RunID, StartTime and EndTime. s... by maria2691 Path Finder in Splunk Search 03-21-2018 0 20	0	20
	extract name from multivalue Within MSAD, the manager field looks like this: manager=CN=The Boss,OU=HLGIT,OU=CO,OU=mytownUsers,OU=ourFIRE,DC=ourc... by mcbradfordwcb Engager in Splunk Search 03-21-2018 0 1	0	1
	How to find the oldest timestamp of an event available for search I would like to find the oldest timestamp of events available for search (with respect to sourcetype) in an index. Me... by jayakumar89 Explorer in Splunk Search 03-21-2018 0 3	0	3
	How to sort using formatted time Hi, I have a result table with two columns "formattedTime" and "Unsuccessful logins". I am displaying time in the fo... by rakeshyv0807 Explorer in Splunk Search 03-21-2018 0 2	0	2
	Why is the background search failed with an error "search was canceled"? We are running Splunk v 7.0.1. One of our splunk users sent a search to the background and received the following ema... by mlevsh Builder in Splunk Search 03-21-2018 0 4	0	4
	How to use an index for a lookup Noob question. I had about a dozen CSVs that had the same information on them but the columns were out of order. I ... by subhuman New Member in Splunk Search 03-21-2018 0 3	0	3
	Why it changes the sourcetype for all sourcetype I am trying to change the sourcetype of all events that are not from sourcetype starting with xyz. I am using follow... by ss026381 Communicator in Splunk Search 03-21-2018 0 7	0	7
	Search all the login events from a location Need to run a report where the user is supposed to work remotely for 110 days in any given 365 days. The 365 days is ... by jarapally Explorer in Splunk Search 03-21-2018 0 8	0	8
	Tracking of particular field I have two fields from them I want to track particular one field with starting of this & ending of that value. For th... by N92 Path Finder in Splunk Search 03-21-2018 0 3	0	3
	Can Splunk perform multiple searches using a single request and return the results separately? I am querying Splunk REST API and wish to send multiple queries in a single POST request. Is it possible to get separ... by mj8909 New Member in Splunk Search 03-21-2018 0 2	0	2
	Search if a field is in the results of a subsearch I have a search that starts out like this; index=my_index field1=abc field2=def ( field3=aaa OR field... by OldManEd Builder in Splunk Search 03-21-2018 0 5	0	5
	Regex to extract email domain name I have two regexes below which are pulling the domain name of the email sender (from). i.e linkedin.com, amazones.com... by davidcraven02 Communicator in Splunk Search 03-21-2018 0 5	0	5
	Colud not use strptime to prase the timestamp pipe Hi , I am not able to parse the below log format using timeformat -props.conf It is giving me a warning unable to pa... by smdasim Explorer in Splunk Search 03-21-2018 0 3	0	3