Splunk Search

Community Activity

'stats' command: limit for values of field 'xxx' reached. Some values may have been truncated or ignored. Hello, I am using the stats command with the list() function. Unfortunately, for some groupings the list size exceed... by jamesvz84 Communicator in Splunk Search 12-27-2017 6 9	6	9
How to filter date based on the future data? Hi - I have a Session_Start_Date field that needed to be filter. The condition is that, for example, the data upload... by mrccasi Explorer in Splunk Search 12-27-2017 0 9	0	9
Look up CPU data from another search Edit: Now thinking about it, I probably could combine the two queries, in wmi.conf, into one. However, let's assume t... by tmontney Builder in Splunk Search 12-27-2017 0 1	0	1
how to add a field like "host, source, sourcetype"? hi,everyone when i use sdk for python,I found that function:submit can only use "host , source, sourcetype". i want t... by facefaces New Member in Splunk Search 12-27-2017 0 1	0	1
Create new field for incoming logs Hi I have some issue with creating field for my logs. I have logs which contain number. I wan extract this number as... by swdowiarz Path Finder in Splunk Search 12-27-2017 0 11	0	11
tstats results different from eventcount Can anyone provide an explanation on why these two searches produce different results? I am trying to set up an alert... by marian_coman Explorer in Splunk Search 12-27-2017 0 2	0	2
How to arrange column sequentially by month? I'm having a trouble arranging my columns per month. I want it to the be arranged like this: \|Sept-15-2017\| \|Sept-3... by patricianaguit Explorer in Splunk Search 12-27-2017 0 6	0	6
I would like to make custom_fields a table column. We have imported Json data with the following custom_fields. {<!-- --> "id": 100, "custom_fields": [{<!-- --> ... by TAmemiya Explorer in Splunk Search 12-27-2017 0 3	0	3
How do I modify my search to get the stats count by a field in lookup? I have a lookup file "hosts.csv" as below with multiple fields category my_hostname .. ... ... A ... by pavanae Builder in Splunk Search 12-26-2017 0 3	0	3
Compare data in different souretypes with no common field I am having below situation I am having 2 different sourcetypes "logs" and "range". logs contains log events which... by kashifqau Explorer in Splunk Search 12-26-2017 0 7	0	7
Why is my _indextime earlier than my event time? I have a number of events, received from bluecoat proxies, in which the _indextime field is earlier than the _time fi... by philcovell New Member in Splunk Search 12-26-2017 0 3	0	3
How can I use regex to match only certain parts of a field string value? I am using a CSV lookup table (MyCSVTable) which contains a list of 10 digit numbers (examples: 2345678900, 213456789... by waeleljarrah Explorer in Splunk Search 12-26-2017 0 6	0	6
run command , while splunk is a container Dear Splunkers, I am beginner in splunk administration, for that I am struggling to run command on commandline , sinc... by imranechafik Explorer in Splunk Search 12-26-2017 0 3	0	3
Is the iplocation command compatible with the commercial version of MAXMIND mmdb? I am evaluating the commercial version of MAXMIND city DB(mmdb) and would like to replace it with the free version th... by lohitkidu Path Finder in Splunk Search 12-25-2017 2 3	2	3
Performance suggestions for indexing cluster and search cluster. We will be deploying a search head cluster to go along with out 10 indexer cluster. As it stands now these indexers ... by Cuyose Builder in Splunk Search 12-24-2017 0 4	0	4
How to use stats range(_time) and pass the results to timechart I have data where every line has a timestamp and a correlationID. I can find the time elapsed for each correlation ID... by mkatta New Member in Splunk Search 12-24-2017 0 2	0	2
Converting an encoded IP address to dotted decimal I've got a log that includes an obfuscated IP address. The source takes dotted decimal, reverses the order of the oc... by wbfoxii Communicator in Splunk Search 12-23-2017 1 5	1	5
How can I combine 2 searches consisting of inputlookup and outputlookups? how can i combine queries to populate a lookup table? I have a lookup table with the following values item 1 2 3 i'm... by pc1234 Explorer in Splunk Search 12-23-2017 0 3	0	3
Why do I get error message "Unknown search command" for my custom search command? Hello All, I am using Splunk Enterprise 6.6.3 on Windows 10 and trying to get a custom search to work. I've followe... by andrewtrobec Motivator in Splunk Search 12-23-2017 0 4	0	4
How to group my search results with respect to response time ranges? here is the situation: I have two fields 1. Response time that needs grouping like this (Low=0-1.2, Medium=1.2-1.5, ... by kmahamkali New Member in Splunk Search 12-22-2017 0 3	0	3
Looking for a search that will provide the duration of time a VPN user was seen online The search should provide the time period in which the user was logged through VPN and possibly when the IP lease is ... by bluemarvel Path Finder in Splunk Search 12-22-2017 0 4	0	4
Merge two search results in one row I have the below events and I want to merge the search results: 20171222.103330 Fr I - 0 Fn=makeRequest Endpoint=htt... by pankajad Explorer in Splunk Search 12-22-2017 0 1	0	1
Need help with field-extractions on these events I have the following value: Events X\|0001\|NAME\|PHONE X\|0002\|NAME\|ADDRESS\|INFO1\|INFO2 Based on the type (0001 or 000... by gabrieldiasrosa New Member in Splunk Search 12-22-2017 0 1	0	1
Using eval to create date in epoch time I need to create a field today that is equal to the epoch timestamp in milliseconds for midnight yesterday. I've bee... by hcannon Path Finder in Splunk Search 12-22-2017 0 3	0	3
How to add delay between two commands in search Hi, How can I add delay between two commands in Splunk. I have a scenario, 1) where I will append the search results... by ankithreddy777 Contributor in Splunk Search 12-22-2017 0 4	0	4