Splunk Search

Community Activity

Lookup with variable Output Splunkers! I'm facing the following use case. I've a search that return fields like: - date (month/year) - AppID - ... by CarmineCalo Path Finder in Splunk Search 01-18-2018 0 3	0	3
How can I use dnslookup only when input logs. We use DHCP. If dnslookup works for past ip address, they will change current host name. by micchiiii New Member in Splunk Search 01-18-2018 0 0	0	0
what format are raw logs stored in the Indexer ? In addition to the main question, Client wants to install Splunk in non-default partition (i.e not the default Splun... by damode Motivator in Splunk Search 01-17-2018 0 1	0	1
How do I find count of duplicates along with total events count? I have payload field in my events with duplicate values like val1 val1 val2 val2 val3 How to do I search for the c... by relango Explorer in Splunk Search 01-17-2018 0 9	0	9
Why am I getting the following error after updating from 6.6.0 to 6.6.3: Invalid key in stanza [auditTrail] in /opt/splunk/etc/system/local/audit.conf I'm getting this error: Invalid key in stanza [auditTrail] in /opt/splunk/etc/system/local/audit.conf Looking at th... by gregbo Communicator in Splunk Search 01-17-2018 0 6	0	6
iplocation/geostats to show events from statistics tab. Hi, I'm trying to view event related to a specific country or city based on the source ip,so i ran the following quer... by prithvi08 Engager in Splunk Search 01-17-2018 0 4	0	4
How can I compare values from a lookup file with the indexed data? Hi, A lookup file, with a single column, was configured for comparing the data that it's already indexed. The lookup... by Yaichael Communicator in Splunk Search 01-17-2018 0 6	0	6
Comparing results from two different dates Hello all, Search string: index=blahblah host=blahblah \| fields host, EventCode \| stats count by host, EventCode \| s... by matthew_foos Path Finder in Splunk Search 01-17-2018 0 3	0	3
Removed index from indexes.conf but still getting errors about index I tried removing an index from /opt/splunk/etc/master-apps/_cluster/local/indexes.conf as per https://answers.splunk.... by wsanderstii Path Finder in Splunk Search 01-17-2018 0 2	0	2
EVALstatement not working My eval statement below is to check if 'Action is Required' only if the below conditions are met, I have also used ca... by davidcraven02 Communicator in Splunk Search 01-17-2018 0 1	0	1
Need to exract amountTendered EWS Response Content:{_ "responseHeader" : {_ "success" : "true",_ "serviceName" : "payment",_ "resourceNam... by yograjpatel New Member in Splunk Search 01-17-2018 0 9	0	9
EVAL statement not correct My eval statement below is to check if 'Action is Required' only if the below conditions are met, I have also used ca... by davidcraven02 Communicator in Splunk Search 01-17-2018 0 3	0	3
fieldset input depends not valid Hi, I'm trying to add conditional form inputs, but I just get an error even though the docs say it's supported??? DO... by cdstealer Contributor in Splunk Search 01-17-2018 0 18	0	18
Subsearch vs. stats = different results. Why? Here are two searches, which I think are logically equivalent, yet they return different results in Splunk. Option 1... by lguinn2 Legend in Splunk Search 01-16-2018 0 5	0	5
How to add sub totals to a table Suppose I have the following table: comonent \| count \| --------------\|---------\| a1 \| 3 \| ... by vshakur Path Finder in Splunk Search 01-16-2018 0 2	0	2
Splunk instance disappeared, 404 Just started a trial yesterday, restarted splunk and can't access my instance. Hopefully someone checks their own sup... by NYCNFC New Member in Splunk Search 01-16-2018 0 2	0	2
simple moving average hi , i am analysing the daily data of product which has a closing price. i wish to find all products which has clos... by himpor Engager in Splunk Search 01-16-2018 0 1	0	1
time chart / stats for each type of request and time in log file. Hi All, I have a weird log file which I have parsed using regex to extract fields.(attached screenshot). Now I want... by vamsi199 Engager in Splunk Search 01-16-2018 0 1	0	1
How to group events to recreate the detail of a session I have some events representiong a customer’s interaction with one of my company’s applications. The typical flow is... by mikeydee77 Path Finder in Splunk Search 01-16-2018 0 7	0	7
stats count by not working I want to use stats count (machine) by location but it is not working in my search. Below is my current query displ... by davidcraven02 Communicator in Splunk Search 01-16-2018 0 3	0	3
Calculate percentage in every row \| adding two search results into one I am fairly new to Splunk and I have a Two fold question. I am running a query to find the top issues reported in the... by shiv1593 Communicator in Splunk Search 01-16-2018 1 8	1	8
Percentage Difference between 2 indexes I have 2 searches from 2 different indexes. The first search is index="softwareimport" Product_Name="ActiveX" \|... by willadams Contributor in Splunk Search 01-16-2018 0 9	0	9
assign filed value to _time index=level3 host=Test \| table "Opened D" _time How to get Opened D time value into _time field so that I can use ti... by surekhasplunk Communicator in Splunk Search 01-16-2018 0 6	0	6
How to rex using sed rex command? How to rex using sed rex command? index = main \| rex field=URI "^(?.+?)(\?\|\z)" \|rex field=New_APIName mode=sed "... by karthi2809 Builder in Splunk Search 01-16-2018 1 3	1	3
How write a search to alert when a SiteMinder policy server or LDAP connection goes down? We need to develop an alert when the SiteMinder policy server or ldap connection goes down. Can any one help with t... by krishnacasso Path Finder in Splunk Search 01-16-2018 0 3	0	3