Splunk Search

Community Activity

reformat the _time Hi, Is it possible to reformat the _time, for example, remove the day so only the month and the year will remain? I... by jvmerilla Path Finder in Splunk Search 12-17-2017 0 11	0	11
How do I get first match from lookup with multiple entries I am trying to match a field A from base query with a kv store lookup to get field B from lookup. Apparently there ar... by rajashekar_s Path Finder in Splunk Search 12-17-2017 0 2	0	2
Implementing condition in search This is the algorithm of my query. Could someone help me in constructing it. If (A happens) { Then ( Exec... by zacksoft Contributor in Splunk Search 12-17-2017 0 14	0	14
How do divide greater than and less than in splunk? I'm trying to divide my query into two parts, D>8000 as X and D<=8000 as Y, so i put it .... my search \| eval count(i... by sagar1905 New Member in Splunk Search 12-17-2017 0 7	0	7
Time Conversion into readble format Can someone help me converting 1513554224 into readable time format. I tried couple of formats but not working. I am... by ntalwar New Member in Splunk Search 12-17-2017 0 4	0	4
Number of days to AD account password expiry I have a lookup table of AD accounts lookup table fields CN, DisplayName, passwordlastset, pwdlasts... by leagawa New Member in Splunk Search 12-17-2017 0 1	0	1
Extract strings preceded by specific characters, find only the first match per event. Sorry, this is more of a regex question but can't figure it out myself. I would like to extract a string preceded by ... by christopheryu Communicator in Splunk Search 12-17-2017 0 4	0	4
Field extraction Hi , For logs such as below please help me in extracting the data enclosed within double quotes. Contact Dealership... by Deepz2612 Explorer in Splunk Search 12-17-2017 0 4	0	4
Natural sort order instead of lexicographical order in search? I've got a date field that I extracted from log messages, and it is pulled from two different sources. One source ze... by splunknoob408 Explorer in Splunk Search 12-16-2017 0 4	0	4
How do I find events that are related to previous events Hi, I have to analyse a call-centre log. Here’s a brief description if the scenario. There’s a telephone line called... by johndoe23 Engager in Splunk Search 12-16-2017 0 3	0	3
i want to remove the first set of number present in the below sentence.i want number to present at last. 000220170822013085255 017 AWS not associated with salary Number ASSD-BUS-0000 1 000220170822013085259 017 AWS not a... by DataOrg Builder in Splunk Search 12-16-2017 0 6	0	6
How to extract a field within quotes and extract its value based on the following second set of quotes? Hi Guys, I am new to Splunk and regex and trying to extract a given field plus its value. So in the example below,... by dernst New Member in Splunk Search 12-16-2017 0 3	0	3
Maxmind GeoIP2 updates in a Clustered Environment I have a multisite indexer cluster with one SH I configured automated GeoIP2-City Maxmind DB (paid subscription) down... by Ovi Path Finder in Splunk Search 12-16-2017 1 1	1	1
Is there a way to group by multiple fields in a timechart? All, I am looking to create a single timechart which displays the count of status by requestcommand by action. So t... by daniel333 Builder in Splunk Search 12-15-2017 0 2	0	2
How to get the volume of events at a specific percentile? Let's say you have 100 events, and each one increases in duration by 1 second. So event 1 is 1 second long and event ... by efavreau Motivator in Splunk Search 12-15-2017 0 1	0	1
"ERROR" Search Factory: Unknown search command '1'. when I ran a script to access Splunk API , and got this error: Search Factory: Unknown search command '1'. could you... by jenniferhao Explorer in Splunk Search 12-15-2017 0 8	0	8
How can i set different timeline for my search? I have the following search: index="monthlycdr" "Call Duration"=* Name=\"***\" \| eval "Call Duration"=replace('Cal... by tamduong16 Contributor in Splunk Search 12-15-2017 0 9	0	9
How to combine a search result and an inputlookup file? etc = removed text for anonymity I have a very complex search query that input the following table: Network , Sou... by gingyish New Member in Splunk Search 12-15-2017 0 2	0	2
Why are subsearches and joins hard-stopped at 50k? I need to compare two CSV lookup files - need to see which records that are in the first CSV are NOT already in the s... by redc Builder in Splunk Search 12-15-2017 0 7	0	7
lookup several fields in one lookup command Currently I use lookups on a new row each for several fields i want to run through the lookup, like so: \|lookup my_l... by christoffertoft Communicator in Splunk Search 12-15-2017 0 10	0	10
How to assign a string value from a subsearch to a eval which should map to all the events? I am trying to extract a value and add it to every events of that sourcetype. source="c:\\splunk monitors\\log(2).tx... by sudeshna_dash New Member in Splunk Search 12-15-2017 0 5	0	5
How to create a new field from existing field values I have a field with values similar to this: TagName=15PI008_15 The _15 portion of this value is the part I need to e... by stevenbutterwor Path Finder in Splunk Search 12-15-2017 0 5	0	5
How to extract a part of a field? Hey, i have got a field extraction called mail. So i get different kind of mails as output. But it appears the fol... by reschal Explorer in Splunk Search 12-15-2017 0 3	0	3
How to set a different drilldown for each cell in a table in my Simple XML dashboard? Does anyone know of a way or have a good link on how to set a different drilldown for each cell in a table? I'm usin... by sidekix24 Path Finder in Splunk Search 12-15-2017 2 21	2	21
Field extraction is having issue for a value a by shubhamnyaik Explorer in Splunk Search 12-14-2017 0 2	0	2