Splunk Search

Community Activity

Why does the query only work in eval and not fieldformat? Hi, I have this query. If I change fieldformat to eval the query works but if it is left as fieldformat the query r... by dbcase Motivator in Splunk Search 02-01-2018 0 3	0	3
Adding 2 searches together sounds easy index=ABC source="ABC" ServiceName=ABC \| stats distinct_count(CorrelationId) as TotalA \| appendcols [search "T... by rob3770 Explorer in Splunk Search 02-01-2018 0 7	0	7
How can I find an IP address that only requested a specific URL? Trying to search web access logs to find instances where a specific IP only called a single URL, and no other URLs. ... by mbeauchamp Engager in Splunk Search 02-01-2018 0 3	0	3
How can I count the number of field values not present? I have a set of field values 101,102,103,104,105 Here are sample log events datetime, val=101 datetime, val=105 dat... by crisjnelson Explorer in Splunk Search 02-01-2018 0 2	0	2
How do I split one event on my Splunk instance into multiple events? I have several indexes in my Splunk Instance. One of these instances is merging some of my log events into a single e... by swinte12 New Member in Splunk Search 02-01-2018 0 2	0	2
Why is my column chart not displaying any data even though it is setup correctly? Here is my search query: index=jenkins* job_name="jenkins-representative-jobs_github_organization/math_utilities/ma... by cdgill Explorer in Splunk Search 02-01-2018 0 8	0	8
How do I return all events whether they're in Lookup table or not? I have the following search: index="foo" EventCode=* \| lookup windows_signatures.csv signature_id AS EventCode OUTPU... by jwalzerpitt Influencer in Splunk Search 02-01-2018 1 3	1	3
How do I have a single Total column without adding it to the stacked chart? I have created a nice stacked timechart that I would like to see the Totals of in the table under the chart. The add... by shargrave Engager in Splunk Search 02-01-2018 0 2	0	2
How to search multiple virtual indexes with Splunk Analytics for Hadoop? Hello, we currently have two virtual indexes with data in them retrieving data from Hadoop Distributed File System. W... by EricLloyd79 Builder in Splunk Search 02-01-2018 0 5	0	5
How can I join 2 tables to create a new table with the given conditions? So this is what I want to do, and I don't know if Splunk can do this. This is the result for Table A Table A hostA... by gts_ame_tfo_cty New Member in Splunk Search 02-01-2018 0 6	0	6
how can i exclude the results of table B from table A ? Here is my query: index="backup_script" conf_brand=ios OR conf_brand=nxos \| rex field=conf_hostname "(?P^[^.]+)" \| ... by gts_ame_tfo_cty New Member in Splunk Search 02-01-2018 0 5	0	5
How to update the lookup table before the scheduled search runs so it gives all lookup entries? I have scheduled search that periodically updates lookup table CSV file every 15 minutes. I updated this lookup with ... by Nam7Splnk Explorer in Splunk Search 02-01-2018 0 1	0	1
help with regex I have the below sample data, and I want to extract everything after the service URL till maxd=60&mind=60 into a new... by vrmandadi Builder in Splunk Search 02-01-2018 0 4	0	4
How to group the data by date and type, so each entry would count as 1, from SQL Datasource? I have a date in my SQL database that I want to group the data by that date and Type. The Year/Month/Week/Day each en... by Bbyers3 New Member in Splunk Search 02-01-2018 0 0	0	0
How to only display the top 3 hits from a values(field) command? I have web logs for my website and am trying to construct a table that shows the top visitors based on country and re... by DEAD_BEEF Builder in Splunk Search 02-01-2018 0 2	0	2
How to get statistics from few rows with the same task id? Hi, I have few rows in 1 log: 2018-01-25 13:49:40,107 INFO [com.wss.service.agent.AgentServlet] (default task-46) ... by niroren New Member in Splunk Search 02-01-2018 0 4	0	4
Merge Lines Query based on ID Hello, I would like to merge 2 lines which an ID is the unique Key. Ex Username Date ID M... by mnorindr Engager in Splunk Search 02-01-2018 1 5	1	5
How do you add dummy events to a search result? I'm currently producing a table from a search. There is some static data that needs to be added which is not in the i... by Marinus Communicator in Splunk Search 02-01-2018 7 7	7	7
i am unable to search the data with sourcetype name but i can search data by index name. i am unable to search the data with sourcetype name but i can search data by index name.Please tell what can i do to ... by Utkarsh_Singh New Member in Splunk Search 01-31-2018 0 2	0	2
How to make a bar chart from stats and divide it according to a field? I have counts of aging tickets which we have divided into different ranges .But I want to show it as chart which will... by chitreshakumar Communicator in Splunk Search 01-31-2018 0 8	0	8
Why is there a big difference in performance of searches run admin vs splunk system users? I have been investigating into searches for both admin user and splunk system user. Searched conducted by System User... by anupkpal New Member in Splunk Search 01-31-2018 0 1	0	1
How to view my error name in where clause? Now i am getting only count i need error messages and host index=test "java.nio.channels.ClosedChannelException"... by karthi2809 Builder in Splunk Search 01-31-2018 0 2	0	2
Can I add a priority field value as P3 for all the output? Hi I want to add a priority as P3 for the below output. Query index=nonprod sourcetype=port_availability \| de... by Mayanakhan Explorer in Splunk Search 01-31-2018 0 5	0	5
regex to find domain\account This is the regex I have, though not finding anything..: \|rex "(?<account>\w{2,6}\\.{3,15})" example of domain and... by zaynaly Explorer in Splunk Search 01-31-2018 0 3	0	3
How to sort results in a search by using a lookup table? So here is what I want to do. I want to be able to search an index and sort the results via subnet/location containe... by dbturner New Member in Splunk Search 01-31-2018 0 1	0	1