Splunk Search

Community Activity

is the stats count is count of event or count of word? For example I have a query like below index=ABC \| stats count by host Does stats is the word count of all the eve... by pavanae Builder in Splunk Search 01-28-2018 0 3	0	3
In a time limited table, I'd like to indicate which field values are unique across the whole data set? Hi there, I have this dashboard that displays a table of field values from a data set. At the top are some filters, ... by jezwebb New Member in Splunk Search 01-27-2018 0 1	0	1
Match value from lookup table to values of specific fields Hi, How to match lookup table of ip addresses with the existing field value of host_ip I want to display IP addres... by onkarkore1 Explorer in Splunk Search 01-27-2018 0 4	0	4
How to extract field from data like this? Hi All, I am working on some weather RSS indexing, some of the data look like this. King's Park\| 17 degrees ; Wong... by cflam Splunk Employee in Splunk Search 01-27-2018 0 5	0	5
How to search what values are missing in my lookup table? How to write a search to get a list of items which are not matching. Example : I have a list of devices : A B C D... by raomu Explorer in Splunk Search 01-27-2018 1 8	1	8
Search to display the first instance of a particular field I have a search which extracts some values into a table including the date. For one of the fields, e.g. src_ip, I wan... by jsc7 New Member in Splunk Search 01-27-2018 0 1	0	1
Head scratcher regex Hi I have the below data and need to extract three things, 2 of which are pretty easy (method (GET or POST) and resp... by dbcase Motivator in Splunk Search 01-26-2018 0 5	0	5
How to create a transaction that startswith=(something!="(null)") endswith=(something="(null)") My goal is to create a transaction that ends with customerId being "(null)" and starts with customerId being somethin... by ib_321 New Member in Splunk Search 01-26-2018 0 6	0	6
How to filter out IPs from being indexed? I am not good at regex, so I need help filtering some IPs from being indexed. raw event looks like this: 192.168.18... by mcbradford Contributor in Splunk Search 01-26-2018 0 3	0	3
How to extract events from multi-level json? Please believe me  that I have searched for an answer until my index finger bled (pun intended, but seriously...I ha... by mgallacher Engager in Splunk Search 01-26-2018 0 1	0	1
How to get different results for strptime on different laptops? I've to run a count difference for a query over a period of time. For example. I need the difference of counts for my... by skomaravelli Engager in Splunk Search 01-26-2018 0 0	0	0
How do I use a lookup table to resolve ips to their hosts, when some ip's have hosts and some don't, but I want to show both? I am trying to make a pie chart with a breakdown of ip's that have been resolved to their hosts, if they have one, or... by ResurgoSplunkKn New Member in Splunk Search 01-26-2018 0 8	0	8
Need help with TIME_PREFIX Given a representative sample of my logs: Jan 25 14:19:20 1.1.1.1 64: Jan 25 22:19:19.281: %LINK-3-UPDOWN: xxxxxxxxx... by reswob4 Builder in Splunk Search 01-26-2018 0 6	0	6
Differentiate between environments in a search I am building our new dashboards and alerts in our Acceptance environment, later we will move the whole app to Produc... by Bob_Bard Explorer in Splunk Search 01-26-2018 0 8	0	8
How can I order events based on how they appear in a file? I have an XML file which is in this format: <?xml version="1.0"?> <EvaluateMethods xmlns:xsi="http://www.w3.org/2001... by mawomommoh Path Finder in Splunk Search 01-26-2018 0 5	0	5
What is the scope of the FILLNULL command? A co-worker has a macro that generates a new field TIME by first testing if the field value is null then converts the... by RickCurry Explorer in Splunk Search 01-26-2018 0 7	0	7
Does frozenTimePeriodInSecs work in [default]? I have a local indexes.conf file on all my indexers: [default] frozenTimePeriodInSecs = 63072000 # 2 yr... by wsanderstii Path Finder in Splunk Search 01-26-2018 1 3	1	3
Can you add a search peer with expired license? I am running in to some problems adding search peers and have a question. Does the free version of Splunk with an ex... by mhouse3 Path Finder in Splunk Search 01-26-2018 0 1	0	1
How to extract the profile from the log? INFO Decrypted user token received as header: {"phoneNumber":"888888888","firstName":"Alan ","lastName":"Mmm","emai... by yograjpatel New Member in Splunk Search 01-26-2018 0 9	0	9
Difference between the time mentioned in the splunk query and time range picker? which time does my query pulls the results? I have a query as follows _index_earliest="01/20/2018:00:00:00" _index_latest="01/21/2018:00:00:00" index="ABC"....... by pavanae Builder in Splunk Search 01-26-2018 0 1	0	1
How to get the stats in multiline for each event? Hello all, I've been trying to get some stats from JSON data that I've been receiving in Splunk. See: I think I'm ... by marina_rovira Contributor in Splunk Search 01-26-2018 0 14	0	14
How to negate Join Command Hi, I have two sets of records, let's call them V1 and V2. They both share a common field called ITEM. I basically ... by mahbs Path Finder in Splunk Search 01-26-2018 0 6	0	6
How to collect Windows event logs and field extractions without using a universal forwarder? In my situation, installing a universal forwarder is NOT an option for the remote Windows machine. I am using snare ... by hopnscotch Path Finder in Splunk Search 01-26-2018 0 5	0	5
About using "bin" command with "dedup" command Each events were outputed to sample1.csv and sample2.csv at same one-minute intervals. However, when we performed th... by yutaka1005 Builder in Splunk Search 01-25-2018 0 7	0	7
How to use streamstats to display the last current result? Hi all, I am trying to use streamstats to display an event for a particular user, their current Payment Number for ... by desslerlee Explorer in Splunk Search 01-25-2018 1 3	1	3