Splunk Search

Community Activity

Remove non alphanumeric in the datamodel Hi I have datamodel data like below. I have tried to remove all non alphanumeric. So i can put it on a new field in ... by robertlynch2020 Influencer in Splunk Search 02-20-2018 0 1	0	1
How to pivot a search off a subsearch result? Since I couldn't find this anywhere, I'm making my own question and answer, to better help the "next guy" who has thi... by Michael Contributor in Splunk Search 02-20-2018 0 1	0	1
How can I compare static time value in a lookup field with current system time +/- 5 m? I'm just learning splunk so sorry if this is a simple question. I have a lookup with a field that has static time va... by donrtowery New Member in Splunk Search 02-20-2018 0 3	0	3
How to eliminate identical values of two similar fields? Suppose I have a field called TESTS which contains some values. This field changes every day (each day is represented... by vshakur Path Finder in Splunk Search 02-20-2018 0 2	0	2
How to display success rate as 100 if no API calls are invoked? Please help me in the below search query index=Index1 sourcetype="Tablename" CounterName="Number of Successful API ... by rgopal88 New Member in Splunk Search 02-20-2018 0 1	0	1
How can I change color on pie chart with rangemap? I have a pie chart and use \| rangemap field=test1 low=0-1 elevated=2-49 severe=50-100. How can I get these colors to... by chadman Path Finder in Splunk Search 02-20-2018 0 2	0	2
Mounted Bundle path - Search Head How does the search head know the location of the mounted bundle? When you configure the mounted bundle you add this... by mookiie2005 Communicator in Splunk Search 02-20-2018 1 4	1	4
How to search to find a match in lookup file? I have 2 lookup files. Am getting empnumber from one file and then trying to search for the corresponding email id fr... by surekhasplunk Communicator in Splunk Search 02-20-2018 0 5	0	5
Help with extraction of field created at index time? All, Testing an index'd time field extraction in a test environment. It SEEMS to have worked, but randomly the fiel... by daniel333 Builder in Splunk Search 02-20-2018 0 2	0	2
Web Data Model no referrer Can anyone help with the following please. Im looking to run a tstats query against the Web Data Model but exclude re... by jacqu3sy Path Finder in Splunk Search 02-20-2018 0 7	0	7
Need a help in Regex? Hi All, Need a small help in the regex, I am able to match the host name but unable to over write to the host field i... by Hemnaath Motivator in Splunk Search 02-20-2018 0 13	0	13
how can I get the per hour results of the sum of max value per location? Hi Guys, I have 10 locations with around 100 spaces each then every 10 mins a new message is sent to update the curr... by auaave Communicator in Splunk Search 02-20-2018 0 5	0	5
How to get overall stats if in a single log a particular event is missing? Hello There, I am trying to get an overall stats for all the logs with a particular sourcetype, however in some sour... by Matinrokz New Member in Splunk Search 02-20-2018 0 10	0	10
How to join 2 searches using time range? Hi all, We're trying to combine 2 searches: Search 1: application transaction log ...\| transaction connId \| eval ... by stwong Communicator in Splunk Search 02-20-2018 0 3	0	3
How do I use a default value if latest(_time) cannot be found? Hi, I'm trying to create a search that calculates how long a device has been offline, with a maximum of two days. H... by packland Path Finder in Splunk Search 02-19-2018 0 1	0	1
Making multi value field in props/transforms from auto-extracted field I have events that whose fields like this: Name=[name1,name2,name3] Application=[app1,app2,app3] Splunk is auto-e... by _smp_ Builder in Splunk Search 02-19-2018 0 3	0	3
How to filter fields (Stats: Value, List, Latest) I have 5 fields of data I want in a stats table, some of these fields have more than 1 value inside and they all corr... by JoshuaJohn Contributor in Splunk Search 02-19-2018 0 2	0	2
How to join 2 query from different sources? Hi Guys, I have 2 queries that I have to combine. I haven't done this before and I'm really struggling.  1st query:... by auaave Communicator in Splunk Search 02-19-2018 0 11	0	11
First match from end of the line regex Hi Everyone, Trying to get the expression to read first match from the end off the line and not the beginning of the... by subtrakt Contributor in Splunk Search 02-19-2018 0 5	0	5
Eval count in two searches Hi, I have a search that lists top 50 events based on the following search : index=servers sourcetype=json appName=... by macadminrohit Contributor in Splunk Search 02-19-2018 0 1	0	1
Does Splunk backup and archive Windows logs on a standalone Windows computer? After installing the free version of Splunk on a standalone Windows 7 PC and configuring Splunk to monitor the window... by codymoore New Member in Splunk Search 02-19-2018 0 1	0	1
Multiple values - mvexpand not doing what I expect Hi , I have a query that looks like this earliest=-100hr index=blahalarm STATUS=readyArmed OR STATUS=ready OR STATU... by dbcase Motivator in Splunk Search 02-19-2018 0 2	0	2
grep -f over multiple fields i'm trying to do something similar to grep -f over multiple sourcetypes that i've appended together into one search. ... by murhammr Path Finder in Splunk Search 02-19-2018 0 3	0	3
How to join multiple sources with common fields and display stats using fields from both tables Hello, I'm new to splunk. I would like to know how to join several sources and have the results stats displayed from ... by Valisha2005 New Member in Splunk Search 02-19-2018 0 1	0	1
Correct syntax for condition Im trying to perform a condition based on 2 varibles, but I can't seem to get right the expression. I've been trying ... by greggz Communicator in Splunk Search 02-19-2018 0 7	0	7