Splunk Search

Community Activity

Split a column in the search data into multiple columns Hi All, I have a file of Tickets to analyse. I want to arrange the data as per the following image. What can I do to... by shiv1593 Communicator in Splunk Search 01-10-2018 0 4	0	4
Multiple grouping ofdata over chart I have to group defects based on severity and again based on release.the chart should contain multiple grouping first... by ujwalagangakoth New Member in Splunk Search 01-10-2018 0 2	0	2
General question on concatenation or joining two indexes for data Hi all, I read a few searches on this topic but I wasn't able to get this to work for me. I have two datasources, o... by brian1_tate Path Finder in Splunk Search 01-10-2018 0 2	0	2
How can you change the width of a column in a table(HTML) or add a new line break to a field? Hello! So I am running into a problem where my table visualization looks weird because one of my columns is too long.... by kdimaria Communicator in Splunk Search 01-10-2018 1 3	1	3
how to get middle string from source field in splunk sourcetype=XXX "Server has been shutdown" \| table _time, host, tag::host, _raw,source,field hear my source is /opt/M... by sreebms New Member in Splunk Search 01-10-2018 0 2	0	2
Splunk indexing issues for logs: WatchedFile - Checksum for seekptr didn't match Hello Everyone, I have a questions regarding ingesting log files which doesn't have time stamp in the file name. ... by rchittip Path Finder in Splunk Search 01-10-2018 0 3	0	3
multiline extraction issue I'm having problem with a multi-line field extraction which I have been struggling to figure out. 2017-05-19T12:48:1... by rraje_rgandhi New Member in Splunk Search 01-10-2018 0 7	0	7
black-out/ simple way to combine events from two sourcetypes on same Id I must have a blackout because the case does not seem to difficult but i cant get it working. I have two sourcetypes,... by Mike6960 Path Finder in Splunk Search 01-10-2018 0 20	0	20
If statment is not returning value with evaluate a "tag" value Hi, i'am trying to evaluate a tag value like this: eval X=if(tag="NY",_time,"1") I have trying everything and stuck i... by steinroardahl Observer in Splunk Search 01-09-2018 0 5	0	5
Virustotal Checker: How to set the VT API key? Hello! How to set the VT API key for the Virustotal Checker app? by borshoff Explorer in Splunk Search 01-09-2018 1 6	1	6
How to create a lookup matching non-exact words ? I have the below type of event and I want to add a category field to it using lookups time Transaction Business n... by damode Motivator in Splunk Search 01-09-2018 0 6	0	6
Join 2 events with same "source" I want to join the nmap scanning results. The common field is the source "nmapscan_1.gnmap" while other scans will ha... by henryyiu2degree Engager in Splunk Search 01-09-2018 0 7	0	7
Field Extractions in Search Head GUI Hi Team, I have an event which is getting segregated with pipe (\|) symbol and i want to separate those events with a... by anandhalagarasa Path Finder in Splunk Search 01-09-2018 0 16	0	16
Time Input to Form Not Working Maybe I've been overthinking this, but for the life of me I cannot get my Time Input to my form working! I'm using th... by jroes014 New Member in Splunk Search 01-09-2018 0 2	0	2
Count items satisfying a condition I have a event created each time a user does an action in my system (e.g. login, open_page, close_page). I need to do... by feridamana Engager in Splunk Search 01-09-2018 0 2	0	2
port sweep 1 source to multiple destination to more than 4 dest_ports This is the query which is for port sweep------- 1source->dest_ips>800->1dest_port \| tstats summariesonly dc(All_Traf... by rahul_acc_splun New Member in Splunk Search 01-09-2018 0 1	0	1
Multiple/Nested IF statement My logic for my field "Action" is below, but because there is different else conditions I cannot write an eval do ach... by davidcraven02 Communicator in Splunk Search 01-09-2018 1 2	1	2
Count a field value for one field, but not for another in Stats Hello All, I am running a report that uses multiple stats commands to achieve the final output, in this report I hav... by raby1996 Path Finder in Splunk Search 01-09-2018 0 1	0	1
Field extraction showing up for different sourcetype Hello. I used the Splunk field extractor to get a field from sourcetype=sourcetype_a For some reason, when I search s... by xxkenta Explorer in Splunk Search 01-09-2018 0 3	0	3
Why is KV_MODE=xml not working in my distributed environment? Hi, i'm using a distributed splunk setup (search head with several indexers) with version 6.1.3. I'm having problems... by HansWurscht Path Finder in Splunk Search 01-09-2018 1 4	1	4
How to restrict User access to search from dashboard? I have a dashboard which uses internal index and I made it available for role "user". I couldn't get the dashboard ru... by googs524 Explorer in Splunk Search 01-09-2018 0 4	0	4
Security Key in server.conf what is the diff between the security key in the clustering stanza and the key in the general stanza in server.conf ?... by nawazns5038 Builder in Splunk Search 01-09-2018 0 1	0	1
Regex Help Hi, Struggling yet again with another regex. The sample string looks like the following: .........,"errorCode":"500... by brajaram Communicator in Splunk Search 01-09-2018 0 3	0	3
Can we find the events which are not matched by Lookup table? I have a lookup table with which I am categorizing the Error Messages received from a particulat Sourcetype "error". ... by maria2691 Path Finder in Splunk Search 01-09-2018 0 2	0	2
How to make search faster Hello, below is my search . Since i am using join , search is slow . Can i please know if there is a way to increas... by kteng2024 Path Finder in Splunk Search 01-09-2018 0 3	0	3