Splunk Search

Community Activity

Using values of a field, compare them in another field and pulling relevant data into one Hi All, I have a field named Issues Reported, whose values go something like this. Question 1. Can I use these va... by shiv1593 Communicator in Splunk Search 02-06-2018 0 2	0	2
Split IP Address in network and host part Hi everyone, I've got a little problem. I want to split up IP addresses in network and host part (to create a chart ... by MOberschelp Explorer in Splunk Search 02-06-2018 1 5	1	5
Can I call a macro without using transaction in my search? The current search I am running calls "transaction" and then a macro to output results into my table. When I remove t... by msteinb4 New Member in Splunk Search 02-06-2018 0 4	0	4
Splunk Newbie: Using buckets/bins Hi Splunkers, I can't seem to find a efficient way to bucket my results where anything greater than 174 days gets to... by rfernandez2010 New Member in Splunk Search 02-06-2018 0 3	0	3
Why are the stats values not working with append? I need the field concate_CSV to list all concatenations for each machine but it is not working. (Actual v Desired out... by davidcraven02 Communicator in Splunk Search 02-06-2018 0 2	0	2
Timechart Search using TextBox I want to include search box to search account and it should display the timechart also. Please help. Presently only ... by sathish2k8 Explorer in Splunk Search 02-06-2018 0 6	0	6
Transaction based alert trigger for EventCode=4740 showing previous 60 minutes events Good morning. I am looking to generate an alert for when EventCode=4740 (User lockout) is shown in the event logs fr... by soniquella Path Finder in Splunk Search 02-06-2018 1 5	1	5
How to force DBconnect to send fields with NULL values to the index? DBconnect is not sending fields with NULL values to the index Is there a way to force DBconnect to do this ? by rajacybermak Explorer in Splunk Search 02-06-2018 0 3	0	3
How to filldown by multiple criteria ? I, My use case : We monitor change state events on projects : {<!-- --> date: 2018-02-06T11:00:07+01:00 id: 473184 ... by erichard Explorer in Splunk Search 02-06-2018 0 0	0	0
Field reference in search (Not in dashboard) (i.e. Token replacement in search) Hello, I try with no success since here to do something like : \| makeresults \| eval super_important_field="super_im... by jeanyvesnolen Path Finder in Splunk Search 02-06-2018 0 3	0	3
compare 2 different search results and list out the missing data from search 1 result Hi, I have 2 results from 2 different searches. I need to compare it & find out the missing data from search result ... by SathyaNarayanan Path Finder in Splunk Search 02-06-2018 1 8	1	8
regex pattern Hi, I am trying to regex only -R from this following results. However rex I used is not working. Please suggest Tes... by dhandu Explorer in Splunk Search 02-06-2018 0 2	0	2
Regex with conditional statement Hi there, I need some help to form regex command. My requirement is to first search for code=SEND then stats count t... by krusovice Path Finder in Splunk Search 02-06-2018 0 7	0	7
Find the string and the number of occurences Hi, I have a log file that has a set of information about some users. Each of the users have an id and the same is l... by gowthamjs New Member in Splunk Search 02-05-2018 0 4	0	4
Need help extracting timestamp from unstructured data (JSON) Need help to extract timestamp and structure data - {<!-- -->"time":"2017-12-12 16:25:27.418 +05:30", "severity":"INFORMATIO... by nmohammed Builder in Splunk Search 02-05-2018 0 4	0	4
Automatic Lookup matching on multiple fields I'm attempting to create an automatic lookup that matches src_ip, dest_ip, and signature in returns a "reason" and "s... by chillsgrove Explorer in Splunk Search 02-05-2018 0 3	0	3
If a token is equal to a value run query 1 if it is equal to another value run query 2 Hi, I have this query which works just fine in my dashboard. What I'd like to do is if the Properties.index=17 (ins... by dbcase Motivator in Splunk Search 02-05-2018 1 5	1	5
How to make headers as field-values? I have a table that looks like this Site 1 2 3 4 ... by teddyidc1101 Communicator in Splunk Search 02-05-2018 0 8	0	8
How to apply rex on a field/variable? I have a basic rex question: In my splunk query I have: \| eval foo = .... and I would like to be able to apply r... by viggor Path Finder in Splunk Search 02-05-2018 0 1	0	1
How to find the average of top (max) values of a field sorted by other fields? I have the following table of data generated by a search: category a category b count A E 1... by andrewhlui Explorer in Splunk Search 02-05-2018 0 2	0	2
difficulty in updating a lookup file via rest i have a script that generates a csv under /var/run/splunk I would like to update my lookup file I read the docs an... by dominiquevocat SplunkTrust in Splunk Search 02-05-2018 0 3	0	3
How to create a Splunk query to help determine profit/loss revenue? this is a daunting task at least to me but I am looking for a query to start with that would help identify number of ... by ahmar74 Explorer in Splunk Search 02-05-2018 0 1	0	1
How to remove part of my value to create a new value? Hi guys, My goal is to remove part of my value to create a new value. For example, I have a field called created_... by Robbie1194 Communicator in Splunk Search 02-05-2018 0 2	0	2
How to group values on the Flat\Untable multiple columns to get Trellis to work? Hello, either I'm missing something or this is impossible, I have a table like this: Type,Model,Vendor,Total A,100C,... by kuzkuz Explorer in Splunk Search 02-05-2018 0 1	0	1
How to sum all values in a column using the "eval" command? I have a query in which each row represents statistics for an individual person. I want to sum up the entire amount f... by mstrozyk25 Engager in Splunk Search 02-05-2018 1 2	1	2