Splunk Search

Community Activity

List future or historical run times of scheduled searches I'm trying to create a timeline using the Timeline Custom Visualization of future or historical saved searches in ord... by mikaelbje Motivator in Splunk Search 12-18-2017 0 4	0	4
In Splunk Java SDK, is there any way to provide Event Sampling? While making Splunk search using Java SDK, is there any way to provide event sampling value into the query. There ar... by ashiqm Explorer in Splunk Search 12-18-2017 0 1	0	1
reformat the _time Hi, Is it possible to reformat the _time, for example, remove the day so only the month and the year will remain? I... by jvmerilla Path Finder in Splunk Search 12-17-2017 0 11	0	11
How do I get first match from lookup with multiple entries I am trying to match a field A from base query with a kv store lookup to get field B from lookup. Apparently there ar... by rajashekar_s Path Finder in Splunk Search 12-17-2017 0 2	0	2
Implementing condition in search This is the algorithm of my query. Could someone help me in constructing it. If (A happens) { Then ( Exec... by zacksoft Contributor in Splunk Search 12-17-2017 0 14	0	14
How do divide greater than and less than in splunk? I'm trying to divide my query into two parts, D>8000 as X and D<=8000 as Y, so i put it .... my search \| eval count(i... by sagar1905 New Member in Splunk Search 12-17-2017 0 7	0	7
Time Conversion into readble format Can someone help me converting 1513554224 into readable time format. I tried couple of formats but not working. I am... by ntalwar New Member in Splunk Search 12-17-2017 0 4	0	4
Number of days to AD account password expiry I have a lookup table of AD accounts lookup table fields CN, DisplayName, passwordlastset, pwdlasts... by leagawa New Member in Splunk Search 12-17-2017 0 1	0	1
Extract strings preceded by specific characters, find only the first match per event. Sorry, this is more of a regex question but can't figure it out myself. I would like to extract a string preceded by ... by christopheryu Communicator in Splunk Search 12-17-2017 0 4	0	4
Field extraction Hi , For logs such as below please help me in extracting the data enclosed within double quotes. Contact Dealership... by Deepz2612 Explorer in Splunk Search 12-17-2017 0 4	0	4
Natural sort order instead of lexicographical order in search? I've got a date field that I extracted from log messages, and it is pulled from two different sources. One source ze... by splunknoob408 Explorer in Splunk Search 12-16-2017 0 4	0	4
How do I find events that are related to previous events Hi, I have to analyse a call-centre log. Here’s a brief description if the scenario. There’s a telephone line called... by johndoe23 Engager in Splunk Search 12-16-2017 0 3	0	3
i want to remove the first set of number present in the below sentence.i want number to present at last. 000220170822013085255 017 AWS not associated with salary Number ASSD-BUS-0000 1 000220170822013085259 017 AWS not a... by DataOrg Builder in Splunk Search 12-16-2017 0 6	0	6
How to extract a field within quotes and extract its value based on the following second set of quotes? Hi Guys, I am new to Splunk and regex and trying to extract a given field plus its value. So in the example below,... by dernst New Member in Splunk Search 12-16-2017 0 3	0	3
Maxmind GeoIP2 updates in a Clustered Environment I have a multisite indexer cluster with one SH I configured automated GeoIP2-City Maxmind DB (paid subscription) down... by Ovi Path Finder in Splunk Search 12-16-2017 1 1	1	1
Is there a way to group by multiple fields in a timechart? All, I am looking to create a single timechart which displays the count of status by requestcommand by action. So t... by daniel333 Builder in Splunk Search 12-15-2017 0 2	0	2
How to get the volume of events at a specific percentile? Let's say you have 100 events, and each one increases in duration by 1 second. So event 1 is 1 second long and event ... by efavreau Motivator in Splunk Search 12-15-2017 0 1	0	1
"ERROR" Search Factory: Unknown search command '1'. when I ran a script to access Splunk API , and got this error: Search Factory: Unknown search command '1'. could you... by jenniferhao Explorer in Splunk Search 12-15-2017 0 8	0	8
How can i set different timeline for my search? I have the following search: index="monthlycdr" "Call Duration"=* Name=\"***\" \| eval "Call Duration"=replace('Cal... by tamduong16 Contributor in Splunk Search 12-15-2017 0 9	0	9
How to combine a search result and an inputlookup file? etc = removed text for anonymity I have a very complex search query that input the following table: Network , Sou... by gingyish New Member in Splunk Search 12-15-2017 0 2	0	2
Why are subsearches and joins hard-stopped at 50k? I need to compare two CSV lookup files - need to see which records that are in the first CSV are NOT already in the s... by redc Builder in Splunk Search 12-15-2017 0 7	0	7
lookup several fields in one lookup command Currently I use lookups on a new row each for several fields i want to run through the lookup, like so: \|lookup my_l... by christoffertoft Communicator in Splunk Search 12-15-2017 0 10	0	10
How to assign a string value from a subsearch to a eval which should map to all the events? I am trying to extract a value and add it to every events of that sourcetype. source="c:\\splunk monitors\\log(2).tx... by sudeshna_dash New Member in Splunk Search 12-15-2017 0 5	0	5
How to create a new field from existing field values I have a field with values similar to this: TagName=15PI008_15 The _15 portion of this value is the part I need to e... by stevenbutterwor Path Finder in Splunk Search 12-15-2017 0 5	0	5
How to extract a part of a field? Hey, i have got a field extraction called mail. So i get different kind of mails as output. But it appears the fol... by reschal Explorer in Splunk Search 12-15-2017 0 3	0	3