Splunk Search

Community Activity

tstats results different from eventcount Can anyone provide an explanation on why these two searches produce different results? I am trying to set up an alert... by marian_coman Explorer in Splunk Search 12-27-2017 0 2	0	2
How to arrange column sequentially by month? I'm having a trouble arranging my columns per month. I want it to the be arranged like this: \|Sept-15-2017\| \|Sept-3... by patricianaguit Explorer in Splunk Search 12-27-2017 0 6	0	6
I would like to make custom_fields a table column. We have imported Json data with the following custom_fields. {<!-- --> "id": 100, "custom_fields": [{<!-- --> ... by TAmemiya Explorer in Splunk Search 12-27-2017 0 3	0	3
How do I modify my search to get the stats count by a field in lookup? I have a lookup file "hosts.csv" as below with multiple fields category my_hostname .. ... ... A ... by pavanae Builder in Splunk Search 12-26-2017 0 3	0	3
Compare data in different souretypes with no common field I am having below situation I am having 2 different sourcetypes "logs" and "range". logs contains log events which... by kashifqau Explorer in Splunk Search 12-26-2017 0 7	0	7
Why is my _indextime earlier than my event time? I have a number of events, received from bluecoat proxies, in which the _indextime field is earlier than the _time fi... by philcovell New Member in Splunk Search 12-26-2017 0 3	0	3
How can I use regex to match only certain parts of a field string value? I am using a CSV lookup table (MyCSVTable) which contains a list of 10 digit numbers (examples: 2345678900, 213456789... by waeleljarrah Explorer in Splunk Search 12-26-2017 0 6	0	6
run command , while splunk is a container Dear Splunkers, I am beginner in splunk administration, for that I am struggling to run command on commandline , sinc... by imranechafik Explorer in Splunk Search 12-26-2017 0 3	0	3
Is the iplocation command compatible with the commercial version of MAXMIND mmdb? I am evaluating the commercial version of MAXMIND city DB(mmdb) and would like to replace it with the free version th... by lohitkidu Path Finder in Splunk Search 12-25-2017 2 3	2	3
Performance suggestions for indexing cluster and search cluster. We will be deploying a search head cluster to go along with out 10 indexer cluster. As it stands now these indexers ... by Cuyose Builder in Splunk Search 12-24-2017 0 4	0	4
How to use stats range(_time) and pass the results to timechart I have data where every line has a timestamp and a correlationID. I can find the time elapsed for each correlation ID... by mkatta New Member in Splunk Search 12-24-2017 0 2	0	2
Converting an encoded IP address to dotted decimal I've got a log that includes an obfuscated IP address. The source takes dotted decimal, reverses the order of the oc... by wbfoxii Communicator in Splunk Search 12-23-2017 1 5	1	5
How can I combine 2 searches consisting of inputlookup and outputlookups? how can i combine queries to populate a lookup table? I have a lookup table with the following values item 1 2 3 i'm... by pc1234 Explorer in Splunk Search 12-23-2017 0 3	0	3
Why do I get error message "Unknown search command" for my custom search command? Hello All, I am using Splunk Enterprise 6.6.3 on Windows 10 and trying to get a custom search to work. I've followe... by andrewtrobec Motivator in Splunk Search 12-23-2017 0 4	0	4
How to group my search results with respect to response time ranges? here is the situation: I have two fields 1. Response time that needs grouping like this (Low=0-1.2, Medium=1.2-1.5, ... by kmahamkali New Member in Splunk Search 12-22-2017 0 3	0	3
Looking for a search that will provide the duration of time a VPN user was seen online The search should provide the time period in which the user was logged through VPN and possibly when the IP lease is ... by bluemarvel Path Finder in Splunk Search 12-22-2017 0 4	0	4
Merge two search results in one row I have the below events and I want to merge the search results: 20171222.103330 Fr I - 0 Fn=makeRequest Endpoint=htt... by pankajad Explorer in Splunk Search 12-22-2017 0 1	0	1
Need help with field-extractions on these events I have the following value: Events X\|0001\|NAME\|PHONE X\|0002\|NAME\|ADDRESS\|INFO1\|INFO2 Based on the type (0001 or 000... by gabrieldiasrosa New Member in Splunk Search 12-22-2017 0 1	0	1
Using eval to create date in epoch time I need to create a field today that is equal to the epoch timestamp in milliseconds for midnight yesterday. I've bee... by hcannon Path Finder in Splunk Search 12-22-2017 0 3	0	3
How to add delay between two commands in search Hi, How can I add delay between two commands in Splunk. I have a scenario, 1) where I will append the search results... by ankithreddy777 Contributor in Splunk Search 12-22-2017 0 4	0	4
Unable to extract fields from source I have props.conf defined as- [source::C:\Web\...\...\Web\log\mobile.log] EXTRACT-Customer,Country = C:\\\Web\\\(?<C... by siddharthmis Explorer in Splunk Search 12-22-2017 0 5	0	5
I am trying to query all data that belong to the same "Segment" across 3 different sources I am attempting to perform a count/eval of the TransactionStatus=success across the following 3 sources for each Segm... by 2powder New Member in Splunk Search 12-21-2017 0 4	0	4
Is it efficeint to use lookups to save historic data? I have several searches I use to trend historic data, however they take a long time to complete. The data is histori... by glenngermiathen Path Finder in Splunk Search 12-21-2017 1 6	1	6
Converting from KB to GB Hi All, i have search that brings data from C and D Drives and results are in KB so i want to convert those fields t... by carlyleadmin Contributor in Splunk Search 12-21-2017 0 3	0	3
Wildcard field used in table, return only fields with selected values. We're pulling in a JSON from an API call. I'd like to setup an alert that only shows when field state is NOT active. ... by JDukeSplunk Builder in Splunk Search 12-21-2017 0 9	0	9