Splunk Search

Community Activity

Sum fields I would like realize a sum of data like that par exemple : data = data + val1 But splunk dioesn’t recognize this s... by isachristophe New Member in Splunk Search 01-21-2018 0 8	0	8
I am looking for a functionality we can create csv look ups based on Month in splunk. Is this possible. Is it possible to delete data based on a certain conditions in lookup ? I need a handle a years data in splunk and looking for suggestions to split the dataset and then populate the dashboa... by priyanka0309 New Member in Splunk Search 01-21-2018 0 7	0	7
How to evaluate multiple values to a single answer . Like if value in(1,5,3,2,7) then Code1 else if value in(4,6,0) Code 2 else Code 3 Hello, I need to creating grouping of a results by error code . There are different type of error code like 1123, 0... by jagdeepgupta813 Explorer in Splunk Search 01-19-2018 0 3	0	3
Tricky regex Hi, I have this data "166.78.66.241" 70.121.107.109 "70.121.107.109" - - [19/Jan/2018:12:24:33 -0600] "POST /fil... by dbcase Motivator in Splunk Search 01-19-2018 0 2	0	2
How to determine the amount of logs per server per day I have about 25 servers to add to Splunk. Currently we run about 35 gig per day with our license at 50 gig. Can it ... by kekac00 Explorer in Splunk Search 01-19-2018 1 1	1	1
Why do I get "Invalid key in stanza..." Deploying app to collect IIS logs. When restarting the forwarder get the following: " Invalid key in stanza [monitor... by JarrettM Path Finder in Splunk Search 01-19-2018 0 4	0	4
How to add hyperlink in specific text? I want to have a hyperlink in my Title text but not all the text in the title will be clickable, the only clickable i... by katrinamara Path Finder in Splunk Search 01-19-2018 0 2	0	2
I want to ready value on specific time for last one week I want to read specific string between 9:15-9:45, each day for last 7 days. host=manana string \| stats dc(count) T... by manapuna New Member in Splunk Search 01-19-2018 0 5	0	5
Filter events from syslog Hi at all, this is a recursive question which I often I answered in past! I have to filter before indexing logs rece... by gcusello SplunkTrust in Splunk Search 01-19-2018 0 3	0	3
Generate Matrix from Table Data Hi, I am currently working with a table that looks like this: col1 \| col2 \| value xA \| yA \| 1.0 xA \| yB \| 1.5 xB \|... by jean_boulanger Explorer in Splunk Search 01-19-2018 0 4	0	4
How do I set a query to run overnight without it expiring before it completes? I need to run a search that will take around 6-8 hours. Just a lot of URLs with wildcards to look for in a terabyte o... by thisissplunk Builder in Splunk Search 01-19-2018 0 4	0	4
Include zero in the average Splunkers! I'm not able to solve a strange issue... Basically, the stats avg() is omitting values in the calculatio... by CarmineCalo Path Finder in Splunk Search 01-19-2018 0 5	0	5
How to add string on a field value? Hi Guys! I am creating a table with number of errors per robot. The field values of these robots are "IGH2001", "IGH... by auaave Communicator in Splunk Search 01-18-2018 0 5	0	5
Search on an eval variable - find filenames with yesterday's date I used eval to create a field with the yesterday's date: \| eval today=strftime(now(),"%Y%m%d") I want to search on ... by raziasaduddin Path Finder in Splunk Search 01-18-2018 1 9	1	9
mvcount and stats count give different results I have a log file where each line has an itemId and a clusterId. When I run the following sort of queries \| stats c... by viggor Path Finder in Splunk Search 01-18-2018 0 3	0	3
How to "join" two different searches with no common fields? Splunkers! I need to join the follow inputlookup + event searche in order to have, for each AppID, the full set of m... by CarmineCalo Path Finder in Splunk Search 01-18-2018 0 7	0	7
How to remove limitations of join command Hi, I'm using the join command to join to searches based on a common field called ITEM. Based on this join, I want t... by mahbs Path Finder in Splunk Search 01-18-2018 0 9	0	9
How to break multiple values into a new row ? Thanks in advance, We are having a hard time trying to split free and used space by partition, hope you can help. by rsokolova Path Finder in Splunk Search 01-18-2018 1 21	1	21
HEC - Can I have 2 soucetype associated with single HEC token I have created a HEC which is associated with index "AAA" and soucertype"ZZZ". Is it possible to have another soucety... by raomu Explorer in Splunk Search 01-18-2018 0 1	0	1
How to show max TPS with trendline I'm trying to show MAX TPS on a single value panel, with a trendline. Showing just TPS is easy: <search> earliest=1... by randy_moore Path Finder in Splunk Search 01-18-2018 0 12	0	12
Foreach weird bug in variable So I have this chunk of code eval matched=0 \| foreach UF* [eval matched = if(like('<<FIELD>>',valMask),matched+1,mat... by greggz Communicator in Splunk Search 01-18-2018 0 6	0	6
Club two different searches into one I have one search which gives results like below: PlanNumber PlanType 123456 C 879879 ... by bashtekar New Member in Splunk Search 01-18-2018 0 9	0	9
Timechart on dates in a file that may or may not change I want a rolling 12 month bar chart. I have a lookup file (flagcve.csv) as follows. CVE,ReleaseDate CVE-2017-0144, 0... by claatu Explorer in Splunk Search 01-18-2018 0 3	0	3
How to find difference between errors by server based on time? I am attempting to do the following, I want to look at one system, a test system, for the last few months and compare... by aohls Contributor in Splunk Search 01-18-2018 0 4	0	4
Locate where field extractions are used Is there a way to determine everywhere that a field extraction is used? We're turning down an app and it just dawned... by sheltomt Path Finder in Splunk Search 01-18-2018 1 5	1	5