Splunk Search

Community Activity

Locate where field extractions are used Is there a way to determine everywhere that a field extraction is used? We're turning down an app and it just dawned... by sheltomt Path Finder in Splunk Search 01-18-2018 1 5	1	5
Result of subsearch field repeated instead of displaying unique values Hi, I have a could of fields that contain multiple values, and I am trying to seperate them into sepereate records. ... by mahbs Path Finder in Splunk Search 01-18-2018 0 10	0	10
Source and sourcetype filtering no longer working after upgrade After upgrade from Splunk 6.2. to 6.6.3 having large existing indexes, any search by either source or sourcetype does... by ufotech Explorer in Splunk Search 01-18-2018 0 3	0	3
Adding data from multiple fields into a new field Hi All, Out of the many data fields, I have three fields "Created Time", "Number" and "Priority" (Image below). What... by shiv1593 Communicator in Splunk Search 01-18-2018 0 8	0	8
Lookup with variable Output Splunkers! I'm facing the following use case. I've a search that return fields like: - date (month/year) - AppID - ... by CarmineCalo Path Finder in Splunk Search 01-18-2018 0 3	0	3
How can I use dnslookup only when input logs. We use DHCP. If dnslookup works for past ip address, they will change current host name. by micchiiii New Member in Splunk Search 01-18-2018 0 0	0	0
what format are raw logs stored in the Indexer ? In addition to the main question, Client wants to install Splunk in non-default partition (i.e not the default Splun... by damode Motivator in Splunk Search 01-17-2018 0 1	0	1
How do I find count of duplicates along with total events count? I have payload field in my events with duplicate values like val1 val1 val2 val2 val3 How to do I search for the c... by relango Explorer in Splunk Search 01-17-2018 0 9	0	9
Why am I getting the following error after updating from 6.6.0 to 6.6.3: Invalid key in stanza [auditTrail] in /opt/splunk/etc/system/local/audit.conf I'm getting this error: Invalid key in stanza [auditTrail] in /opt/splunk/etc/system/local/audit.conf Looking at th... by gregbo Communicator in Splunk Search 01-17-2018 0 6	0	6
iplocation/geostats to show events from statistics tab. Hi, I'm trying to view event related to a specific country or city based on the source ip,so i ran the following quer... by prithvi08 Engager in Splunk Search 01-17-2018 0 4	0	4
How can I compare values from a lookup file with the indexed data? Hi, A lookup file, with a single column, was configured for comparing the data that it's already indexed. The lookup... by Yaichael Communicator in Splunk Search 01-17-2018 0 6	0	6
Comparing results from two different dates Hello all, Search string: index=blahblah host=blahblah \| fields host, EventCode \| stats count by host, EventCode \| s... by matthew_foos Path Finder in Splunk Search 01-17-2018 0 3	0	3
Removed index from indexes.conf but still getting errors about index I tried removing an index from /opt/splunk/etc/master-apps/_cluster/local/indexes.conf as per https://answers.splunk.... by wsanderstii Path Finder in Splunk Search 01-17-2018 0 2	0	2
EVALstatement not working My eval statement below is to check if 'Action is Required' only if the below conditions are met, I have also used ca... by davidcraven02 Communicator in Splunk Search 01-17-2018 0 1	0	1
Need to exract amountTendered EWS Response Content:{_ "responseHeader" : {_ "success" : "true",_ "serviceName" : "payment",_ "resourceNam... by yograjpatel New Member in Splunk Search 01-17-2018 0 9	0	9
EVAL statement not correct My eval statement below is to check if 'Action is Required' only if the below conditions are met, I have also used ca... by davidcraven02 Communicator in Splunk Search 01-17-2018 0 3	0	3
fieldset input depends not valid Hi, I'm trying to add conditional form inputs, but I just get an error even though the docs say it's supported??? DO... by cdstealer Contributor in Splunk Search 01-17-2018 0 18	0	18
Subsearch vs. stats = different results. Why? Here are two searches, which I think are logically equivalent, yet they return different results in Splunk. Option 1... by lguinn2 Legend in Splunk Search 01-16-2018 0 5	0	5
How to add sub totals to a table Suppose I have the following table: comonent \| count \| --------------\|---------\| a1 \| 3 \| ... by vshakur Path Finder in Splunk Search 01-16-2018 0 2	0	2
Splunk instance disappeared, 404 Just started a trial yesterday, restarted splunk and can't access my instance. Hopefully someone checks their own sup... by NYCNFC New Member in Splunk Search 01-16-2018 0 2	0	2
simple moving average hi , i am analysing the daily data of product which has a closing price. i wish to find all products which has clos... by himpor Engager in Splunk Search 01-16-2018 0 1	0	1
time chart / stats for each type of request and time in log file. Hi All, I have a weird log file which I have parsed using regex to extract fields.(attached screenshot). Now I want... by vamsi199 Engager in Splunk Search 01-16-2018 0 1	0	1
How to group events to recreate the detail of a session I have some events representiong a customer’s interaction with one of my company’s applications. The typical flow is... by mikeydee77 Path Finder in Splunk Search 01-16-2018 0 7	0	7
stats count by not working I want to use stats count (machine) by location but it is not working in my search. Below is my current query displ... by davidcraven02 Communicator in Splunk Search 01-16-2018 0 3	0	3
Calculate percentage in every row \| adding two search results into one I am fairly new to Splunk and I have a Two fold question. I am running a query to find the top issues reported in the... by shiv1593 Communicator in Splunk Search 01-16-2018 1 8	1	8