Splunk Search

Community Activity

How to force DBconnect to send fields with NULL values to the index? DBconnect is not sending fields with NULL values to the index Is there a way to force DBconnect to do this ? by rajacybermak Explorer in Splunk Search 02-06-2018 0 3	0	3
How to filldown by multiple criteria ? I, My use case : We monitor change state events on projects : {<!-- --> date: 2018-02-06T11:00:07+01:00 id: 473184 ... by erichard Explorer in Splunk Search 02-06-2018 0 0	0	0
Field reference in search (Not in dashboard) (i.e. Token replacement in search) Hello, I try with no success since here to do something like : \| makeresults \| eval super_important_field="super_im... by jeanyvesnolen Path Finder in Splunk Search 02-06-2018 0 3	0	3
compare 2 different search results and list out the missing data from search 1 result Hi, I have 2 results from 2 different searches. I need to compare it & find out the missing data from search result ... by SathyaNarayanan Path Finder in Splunk Search 02-06-2018 1 8	1	8
regex pattern Hi, I am trying to regex only -R from this following results. However rex I used is not working. Please suggest Tes... by dhandu Explorer in Splunk Search 02-06-2018 0 2	0	2
Regex with conditional statement Hi there, I need some help to form regex command. My requirement is to first search for code=SEND then stats count t... by krusovice Path Finder in Splunk Search 02-06-2018 0 7	0	7
Find the string and the number of occurences Hi, I have a log file that has a set of information about some users. Each of the users have an id and the same is l... by gowthamjs New Member in Splunk Search 02-05-2018 0 4	0	4
Need help extracting timestamp from unstructured data (JSON) Need help to extract timestamp and structure data - {<!-- -->"time":"2017-12-12 16:25:27.418 +05:30", "severity":"INFORMATIO... by nmohammed Builder in Splunk Search 02-05-2018 0 4	0	4
Automatic Lookup matching on multiple fields I'm attempting to create an automatic lookup that matches src_ip, dest_ip, and signature in returns a "reason" and "s... by chillsgrove Explorer in Splunk Search 02-05-2018 0 3	0	3
If a token is equal to a value run query 1 if it is equal to another value run query 2 Hi, I have this query which works just fine in my dashboard. What I'd like to do is if the Properties.index=17 (ins... by dbcase Motivator in Splunk Search 02-05-2018 1 5	1	5
How to make headers as field-values? I have a table that looks like this Site 1 2 3 4 ... by teddyidc1101 Communicator in Splunk Search 02-05-2018 0 8	0	8
How to apply rex on a field/variable? I have a basic rex question: In my splunk query I have: \| eval foo = .... and I would like to be able to apply r... by viggor Path Finder in Splunk Search 02-05-2018 0 1	0	1
How to find the average of top (max) values of a field sorted by other fields? I have the following table of data generated by a search: category a category b count A E 1... by andrewhlui Explorer in Splunk Search 02-05-2018 0 2	0	2
difficulty in updating a lookup file via rest i have a script that generates a csv under /var/run/splunk I would like to update my lookup file I read the docs an... by dominiquevocat SplunkTrust in Splunk Search 02-05-2018 0 3	0	3
How to create a Splunk query to help determine profit/loss revenue? this is a daunting task at least to me but I am looking for a query to start with that would help identify number of ... by ahmar74 Explorer in Splunk Search 02-05-2018 0 1	0	1
How to remove part of my value to create a new value? Hi guys, My goal is to remove part of my value to create a new value. For example, I have a field called created_... by Robbie1194 Communicator in Splunk Search 02-05-2018 0 2	0	2
How to group values on the Flat\Untable multiple columns to get Trellis to work? Hello, either I'm missing something or this is impossible, I have a table like this: Type,Model,Vendor,Total A,100C,... by kuzkuz Explorer in Splunk Search 02-05-2018 0 1	0	1
How to sum all values in a column using the "eval" command? I have a query in which each row represents statistics for an individual person. I want to sum up the entire amount f... by mstrozyk25 Engager in Splunk Search 02-05-2018 1 2	1	2
How to write a script to correlate data in a file with an event in Splunk? Hello, I want to know if it is possible to do a script which read a file and correlate the data in this file with an... by amir_thales Path Finder in Splunk Search 02-05-2018 0 3	0	3
How can I calculate the number of days between now() and a transaction date? Hello Splunkers, How would I be able to calculate the number of days between todays days which I'm using the now() f... by rfernandez2010 New Member in Splunk Search 02-05-2018 0 4	0	4
How to compare two search results to produce unique results within a table Hi I run a search which produces a list of users that have logged an incident ticket within our fault system. I then... by TDR57 Explorer in Splunk Search 02-05-2018 0 9	0	9
How can I verify basic OS tweaking is applied in the container version of Splunk? All, So currently when I start an instance of Splunk I use an init.d script which disable THP and sets ulimits. How... by daniel333 Builder in Splunk Search 02-05-2018 0 2	0	2
How do I extract data from logfile while doing search? I have the following type of logfile TEST_BEG;0;30/12/2015 10:45:16:1000;1;DSLR5590;MYSHOP;;1139;IMPORT OF THE UPDA... by pradiptam Explorer in Splunk Search 02-05-2018 0 4	0	4
Is there an input that only selects whole dates (not dates and times)? I want my users only to be able to select entire days, not certain hours and minutes. Is there an input type that do... by sillingworth Path Finder in Splunk Search 02-05-2018 0 2	0	2
Combining multiple tables by join in Splunk Hey folks, I am new here and glad to find this useful resource. I have four tables that I am trying to create a join... by dbrewerton New Member in Splunk Search 02-05-2018 0 11	0	11