Splunk Search

Community Activity

How can I use lookup? How can I do this in splunk? by harishyhrk New Member in Splunk Search 01-22-2018 0 2	0	2
How to edit my subsearch to keep a variable to add to the end results? I am running 2 searches from 2 different source types. Search 1 Search for sidewinder traffic that went through att... by john_glasscock Path Finder in Splunk Search 01-22-2018 0 1	0	1
Is there an easy way to update a record in KV Store from the results of a Splunk search instead of bulk reloading a lookup table? It seems using KV store from migrating from lookups seems to be very easy. Just outputlookup to a KV store stanza. ... by clyde772 Communicator in Splunk Search 01-22-2018 1 5	1	5
lookup Compare value for 2 different Columns This is my search - \| metadata type=hosts \| table host \| lookup Device.csv Hostname as host OUTPUT Status \| where ... by raomu Explorer in Splunk Search 01-22-2018 0 2	0	2
Multiple expressions in single search I'm trying to combine multiple rex expressions in a single search, but I'm having issues with my syntax. More specif... by stlimanika New Member in Splunk Search 01-22-2018 0 5	0	5
Sub-search doesn't work in some apps/dashboards but works in others and as a separate search Been wrestling with this issue for a while now... I have a search like the below (sensitive information redacted). Th... by michael_sleep Communicator in Splunk Search 01-22-2018 0 1	0	1
Pair-wise Comparison Across Values of Different Fields Splunk newbie here. What I'm trying to do is a pair-wise comparison across all of the values of two different fields,... by ikiril01 Engager in Splunk Search 01-22-2018 0 1	0	1
Ingore last result in timechart Hello i have a search query with timechart function but i don't want to display last bucket because it shows not comp... by Ponczi1 Explorer in Splunk Search 01-22-2018 0 3	0	3
How to combine outputs from 2 different searches where fields match? EDIT: Nevermind, I was just being dumb. It seems no matter how I search by field3 value that triggered on field1, fie... by auraria Explorer in Splunk Search 01-22-2018 0 3	0	3
Extract fields using colon (:) except time field Hello, I'm trying to use the field extraction tool for a data file that where the fields are delineated by a colon(:... by richnavis Contributor in Splunk Search 01-22-2018 1 3	1	3
Exttract the first value for multivalue field events Hey, I have a sample event,which is a multivalue field,I want to extract Service ID and Ent_Provider Id from the t... by vrmandadi Builder in Splunk Search 01-22-2018 0 6	0	6
how to divide two fields in a search and print the result values in timechart Hi, suppose a query is like: index="demo1" total_bytes,total_time,date etc I need to divide total_bytes/total_... by sawgata12345 Path Finder in Splunk Search 01-22-2018 0 5	0	5
Chart and table of occurences of field by another field Hi I would like to have some chart ( bar etc.) and table of logs which contain two information titleID and userID. I... by swdowiarz Path Finder in Splunk Search 01-22-2018 0 11	0	11
Multisite Index replication question I must admit I am struggling with wrapping my head around multisite replication... We operate in AWS and do build inf... by brent_weaver Builder in Splunk Search 01-22-2018 0 3	0	3
How do I reference lookup table with a field that have dynamic value? I have a field value for IP address in the lookup dataset but the IP address from real logs are dynamic and constantl... by LeeZeeYuen New Member in Splunk Search 01-22-2018 0 5	0	5
How can I make this search faster and more efficient "index=_internal per_host_thruput \| timechart span=1d dc(series) as hosts" The search below yields a count of hosts each day. It works well but will be extremely slow and inefficient if I run ... by mattbellezza Explorer in Splunk Search 01-22-2018 0 2	0	2
How to move raw data with no field assigned to a table? This might be a really simple question, but I haven't been able to find an answer as of yet. I have some raw data fro... by cdhippen Path Finder in Splunk Search 01-21-2018 0 3	0	3
Sum fields I would like realize a sum of data like that par exemple : data = data + val1 But splunk dioesn’t recognize this s... by isachristophe New Member in Splunk Search 01-21-2018 0 8	0	8
I am looking for a functionality we can create csv look ups based on Month in splunk. Is this possible. Is it possible to delete data based on a certain conditions in lookup ? I need a handle a years data in splunk and looking for suggestions to split the dataset and then populate the dashboa... by priyanka0309 New Member in Splunk Search 01-21-2018 0 7	0	7
How to evaluate multiple values to a single answer . Like if value in(1,5,3,2,7) then Code1 else if value in(4,6,0) Code 2 else Code 3 Hello, I need to creating grouping of a results by error code . There are different type of error code like 1123, 0... by jagdeepgupta813 Explorer in Splunk Search 01-19-2018 0 3	0	3
Tricky regex Hi, I have this data "166.78.66.241" 70.121.107.109 "70.121.107.109" - - [19/Jan/2018:12:24:33 -0600] "POST /fil... by dbcase Motivator in Splunk Search 01-19-2018 0 2	0	2
How to determine the amount of logs per server per day I have about 25 servers to add to Splunk. Currently we run about 35 gig per day with our license at 50 gig. Can it ... by kekac00 Explorer in Splunk Search 01-19-2018 1 1	1	1
Why do I get "Invalid key in stanza..." Deploying app to collect IIS logs. When restarting the forwarder get the following: " Invalid key in stanza [monitor... by JarrettM Path Finder in Splunk Search 01-19-2018 0 4	0	4
How to add hyperlink in specific text? I want to have a hyperlink in my Title text but not all the text in the title will be clickable, the only clickable i... by katrinamara Path Finder in Splunk Search 01-19-2018 0 2	0	2
I want to ready value on specific time for last one week I want to read specific string between 9:15-9:45, each day for last 7 days. host=manana string \| stats dc(count) T... by manapuna New Member in Splunk Search 01-19-2018 0 5	0	5