Splunk Search

Community Activity

join two events with a common field I want to join the below two events based on tid. For "Event1", there could be multiple" Event2" Event1: 20171219.11... by pankajad Explorer in Splunk Search 12-21-2017 0 5	0	5
Extracting and concatenating regex captured groups in a single transform / extraction Hi all, I'm trying to get pivots working with a user's data, but I'm having issues getting the fields auto-extracted... by althomas Communicator in Splunk Search 12-21-2017 0 4	0	4
Pls help me with JOIN to have columns i have two columns A and B. i have values in A column for all rows and B column has some values in rows. i want to jo... by DataOrg Builder in Splunk Search 12-21-2017 0 3	0	3
Outuplookup update fields other than primary key I am using \| from datamodel:somedatamodel \| fields username, IPaddress \| outputlookup append=true filename.csv to ap... by karthikmalla Explorer in Splunk Search 12-20-2017 0 1	0	1
How to join two searches with different field name but same value ? Table 1 userid, action, IP Table2 sendername, action, client_IP Query : select Table1.userid, Table1.action, Table1... by damode Motivator in Splunk Search 12-20-2017 0 16	0	16
Set Custom time as _time Hi All, I have requirement like we have custom time field ALERTDATETIME i want to display graph where my custom time... by kpavan Path Finder in Splunk Search 12-20-2017 0 5	0	5
Regex challenge: How can I blacklist all 4662 events unless they are related to group policy or DNS? I'm struggling to find the proper regex to adjust the blacklist for 4662 events. I want to blacklist all 4662 events ... by dw385 Explorer in Splunk Search 12-20-2017 1 3	1	3
How can I extract these fields to have a table output with the field value (AAAAA) rather than name="AAAAA"? Hello, I have _raw data like this: time , name="AAAAAA",first_name="BBBBB" When I look with table I saw this : _t... by isabellechristo New Member in Splunk Search 12-20-2017 0 4	0	4
I want to diff the counts before and after a certain date. I want to diff the counts before and after a certain date. Here is the 'before' query. sourcetype=alpha _time<1501... by claatu Explorer in Splunk Search 12-20-2017 0 2	0	2
Calculate duration between end of search time range and _time of record Hello, I would like to be able to calculate the time difference between the last time parameter of the time range of... by richardAtOmni Path Finder in Splunk Search 12-20-2017 0 1	0	1
searching across multiple indexes with lookups we have two indexes with some overlap in fields. specifically IP addresses. what I would like to is do an initial s... by caseysutherland Engager in Splunk Search 12-20-2017 0 4	0	4
Count of events based on two where conditions Hello All, I have to provide two where conditions in my query and need to count the events by individual counts and ... by bharathkumarnec Contributor in Splunk Search 12-20-2017 0 7	0	7
Left JOIN using two searches I have these two searches below and I want to join the fieldname Path from the first query to the second query using ... by davidcraven02 Communicator in Splunk Search 12-20-2017 0 8	0	8
rex to extract a field How do I extract connection attempt failed from the below log 2017-12-20T07:51:05.847Z I REPL [ReplicationExe... by Mohsin123 Path Finder in Splunk Search 12-20-2017 0 3	0	3
How to format the duration on weekly summary Hi, I have the below Query. I want to have the sum of duration per week / description on time format [h]:mm:ss. On l... by auaave Communicator in Splunk Search 12-20-2017 0 2	0	2
Erex example Hi, I have the below log and values for "days" field are 4, 10 , 15, 30. Could you please extract the "days" fi... by amarish_vlabs New Member in Splunk Search 12-20-2017 0 9	0	9
How to search for values in a lookup table with wildcard My lookup table is a simple list of malicious domains. How can I do a search such that I can search for the maliciou... by DEAD_BEEF Builder in Splunk Search 12-20-2017 0 5	0	5
Transaction : How to exclude Night hour and Week-end period time of duration calculation Hi, For calculate Application unavailable Time on Workhours, I try to find a solution to exclude period time : 7PM ... by romux Engager in Splunk Search 12-20-2017 0 2	0	2
length of string (Urgent Requirment pls) HI All. i want lenght of string with include space ,double quotes everything special charecters. \|eval length=len("E... by harishalipaka Motivator in Splunk Search 12-20-2017 0 5	0	5
How does punct work? NOTE: I figured that a lot of people will search "How does punct work?" and want to know. So if you were wondering: ... by cpeteman Contributor in Splunk Search 12-20-2017 3 5	3	5
How to convert monetary values to a single currency? Is there an app to provide exchange rates for this calculation? We have events containing amounts in different currencies that we would like to normalize into euros (for example). I... by marcusnilssonmr Path Finder in Splunk Search 12-20-2017 1 1	1	1
Inner search for database-fetched data I have fetching data to Splunk from a transaction tracker table. My scenario is as given below. Here is the example ... by biju3705 New Member in Splunk Search 12-19-2017 0 2	0	2
How to convert duration in seconds to [h]:mm:ss? Hi, I have a table with duration in seconds, how can I convert it to [h]:mm:ss? I want it to count the number of hou... by auaave Communicator in Splunk Search 12-19-2017 0 5	0	5
How to get response time from this search? How to get response time from my search? APIName is from my inputlookup \|inputlookup SolutionCenter.csv \| append [s... by karthi2809 Builder in Splunk Search 12-19-2017 0 10	0	10
Rex extraction question I'm pretty new to rex extraction using splunk and I can't figure out why my extraction isn't working. I have a raw e... by brajaram Communicator in Splunk Search 12-19-2017 0 3	0	3