Splunk Search

Community Activity

Table command losing field names in non-Verbose searches Hi, One of my users reported a bit of an odd issue that spontaneously developed recently. He's got a very long and ... by howyagoin Contributor in Splunk Search 02-02-2018 0 4	0	4
How can we check the number of searches ran by user? How can we check the number of searches ran by user? We tried installing Search Activity app but a majority of the u... by abhijit_mhatre Path Finder in Splunk Search 02-02-2018 0 1	0	1
extracting latitude and longitude for countries from csv lookup Hi, I have a csv lookup with country names mentioned already. How can I extract & table the longitude and latitude ... by aartivig289 Engager in Splunk Search 02-02-2018 0 2	0	2
How can we exclude rows which are present in another table/lookup ? Hi, I am using one search query to extract list of data and I want to exclude those rows which are present in one ... by AKG1_old1 Builder in Splunk Search 02-02-2018 0 6	0	6
Group results by similar name into one The name for Windows 7 Enterprise is spelt incorrectly for 6 machines as "Entreprise" and I need to group both these ... by davidcraven02 Communicator in Splunk Search 02-02-2018 0 10	0	10
How can I perform a field extraction and display it as a table that contains all the values from my search? Hi Team, Please find the below log sample. I want to extract from the line "program" till the end and display as a t... by senthamilselvan Engager in Splunk Search 02-02-2018 0 3	0	3
Sort Date in header I don't know what's wrong with my code. I cannot sort the date using sort. Below is my code. I need to sort it by Da... by katrinamara Path Finder in Splunk Search 02-02-2018 0 6	0	6
reset zoom button hide when click on other chart Hi, If we zoom in on any chart and we click reset zoom button and without making it neutral i.e setting the graph to ... by splunk_ankman Explorer in Splunk Search 02-02-2018 0 2	0	2
How Can I Separate Events Using Search Query? Hi All, Good Day, I've indexed an event from scripted input but the events are not breaking every line, example logs... by dantimola Communicator in Splunk Search 02-02-2018 0 8	0	8
Multiple Regex on a single file name Hello! I'm using splunk to monitor kubernetes pod log files. Which sit on the nodes, the file name is as follows: p... by bellsam New Member in Splunk Search 02-01-2018 0 4	0	4
Why are the data models intrusion and malware only working in the app search? Hi, I'm using Security enterprise but the datamodels intrusion and malware are not working but if I use the app searc... by paola92 Explorer in Splunk Search 02-01-2018 0 1	0	1
Geostats zoom-in on dashboard panel click G'day, So I have a pretty standard geostats search populating a dashboard map index="locations" (incident_type_1="F... by BenThwaites Explorer in Splunk Search 02-01-2018 1 0	1	0
how do I table common nested json keys that have uncommon parent json keys? I have the following JSON event that I'm indexing in splunk: { "plugins": { "Redirection": { ... by zhatsispgx Path Finder in Splunk Search 02-01-2018 0 0	0	0
How can I combine stats count by host into a single string to be used in an alert actions token? I have a search that looks like index=foo value=bar \| stats count by host Imagine you might get results like host... by burwell SplunkTrust in Splunk Search 02-01-2018 0 2	0	2
Why can I not search in Smart Mode or Verbose Mode in a specific sourcetype? Hi! I am trying to perform a very basic search to bring back results but the search appears to never finish when I q... by matthewssa Path Finder in Splunk Search 02-01-2018 0 2	0	2
Is there a way to remove the min outlier from the graph? I have the following chart: now I can use outliers to remove the max outliers: ... \| outlier action=remove But... by HattrickNZ Motivator in Splunk Search 02-01-2018 0 2	0	2
Why does the query only work in eval and not fieldformat? Hi, I have this query. If I change fieldformat to eval the query works but if it is left as fieldformat the query r... by dbcase Motivator in Splunk Search 02-01-2018 0 3	0	3
Adding 2 searches together sounds easy index=ABC source="ABC" ServiceName=ABC \| stats distinct_count(CorrelationId) as TotalA \| appendcols [search "T... by rob3770 Explorer in Splunk Search 02-01-2018 0 7	0	7
How can I find an IP address that only requested a specific URL? Trying to search web access logs to find instances where a specific IP only called a single URL, and no other URLs. ... by mbeauchamp Engager in Splunk Search 02-01-2018 0 3	0	3
How can I count the number of field values not present? I have a set of field values 101,102,103,104,105 Here are sample log events datetime, val=101 datetime, val=105 dat... by crisjnelson Explorer in Splunk Search 02-01-2018 0 2	0	2
How do I split one event on my Splunk instance into multiple events? I have several indexes in my Splunk Instance. One of these instances is merging some of my log events into a single e... by swinte12 New Member in Splunk Search 02-01-2018 0 2	0	2
Why is my column chart not displaying any data even though it is setup correctly? Here is my search query: index=jenkins* job_name="jenkins-representative-jobs_github_organization/math_utilities/ma... by cdgill Explorer in Splunk Search 02-01-2018 0 8	0	8
How do I return all events whether they're in Lookup table or not? I have the following search: index="foo" EventCode=* \| lookup windows_signatures.csv signature_id AS EventCode OUTPU... by jwalzerpitt Influencer in Splunk Search 02-01-2018 1 3	1	3
How do I have a single Total column without adding it to the stacked chart? I have created a nice stacked timechart that I would like to see the Totals of in the table under the chart. The add... by shargrave Engager in Splunk Search 02-01-2018 0 2	0	2
How to search multiple virtual indexes with Splunk Analytics for Hadoop? Hello, we currently have two virtual indexes with data in them retrieving data from Hadoop Distributed File System. W... by EricLloyd79 Builder in Splunk Search 02-01-2018 0 5	0	5