Splunk Search

Community Activity

How can I make this transaction command and table work when parsing a JSON document? I have data that looks like this: {trans_id:"123abc" class:"cdedt" function:"bbb" marker:"A11111" elapsedms:"178" ti... by jasongb Path Finder in Splunk Search 12-18-2017 0 3	0	3
How to create a linechart showing the previous 6 months with each point being the sum of the previous 6 months? Im trying to show a trend using a linechart. It should show the previous 6 months and have a data point once for eac... by glenngermiathen Path Finder in Splunk Search 12-18-2017 0 10	0	10
Need _time on each event for a \|makeresults Hello, I need to spoof some data and am using \|makeresults for 3 hosts and their port status of "UP" (and eventually... by sbowser_splunk Splunk Employee in Splunk Search 12-18-2017 0 4	0	4
How can I do a lookup where a field does not exist? I'm trying to create a search that will do a lookup against a control file, and show me events where the events meet ... by jdoll1 Explorer in Splunk Search 12-18-2017 0 10	0	10
create a chart from a csv I have a csv file that Splunk ingest and use it to create a chart. It works ok, but I'm not sure how to sort this b... by chadman Path Finder in Splunk Search 12-18-2017 0 3	0	3
Need help on the Lookup Table Hi Splunkers, I have a lookup which contains Suspicious UA String/Keyword and type. Please find below screenshot A... by renjujacob88 Path Finder in Splunk Search 12-18-2017 0 5	0	5
How to search a lookup table and return the matching term? All- I am new to Splunk and trying to figure out how to return a matched term from a CSV table with inputlookup. I j... by clv1clv1 Explorer in Splunk Search 12-18-2017 1 15	1	15
Sort the average duration based on time rather than alphabetically I have an average duration field which has months ,days ,hours and minutes.I want it to be sorted descending order -M... by chitreshakumar Communicator in Splunk Search 12-18-2017 0 2	0	2
Excluding rows based on field combination Hello splunkers ! Today I'm building a report, in which I'm tasked to exclude some specific results. These are typic... by jbdumoulin Engager in Splunk Search 12-18-2017 0 2	0	2
Need to shorten data and show it by count Hi All, I am executing query which is giving me the below result and I want to shorten the data and show in table fo... by sunnyparmar Communicator in Splunk Search 12-18-2017 0 3	0	3
Maths problem that i am hoping Splunk has a function for Hi I have a Maths problem that i am hoping Splunk has a function for. It is in relation to calculation the % of tim... by robertlynch2020 Influencer in Splunk Search 12-18-2017 0 6	0	6
List future or historical run times of scheduled searches I'm trying to create a timeline using the Timeline Custom Visualization of future or historical saved searches in ord... by mikaelbje Motivator in Splunk Search 12-18-2017 0 4	0	4
In Splunk Java SDK, is there any way to provide Event Sampling? While making Splunk search using Java SDK, is there any way to provide event sampling value into the query. There ar... by ashiqm Explorer in Splunk Search 12-18-2017 0 1	0	1
reformat the _time Hi, Is it possible to reformat the _time, for example, remove the day so only the month and the year will remain? I... by jvmerilla Path Finder in Splunk Search 12-17-2017 0 11	0	11
How do I get first match from lookup with multiple entries I am trying to match a field A from base query with a kv store lookup to get field B from lookup. Apparently there ar... by rajashekar_s Path Finder in Splunk Search 12-17-2017 0 2	0	2
Implementing condition in search This is the algorithm of my query. Could someone help me in constructing it. If (A happens) { Then ( Exec... by zacksoft Contributor in Splunk Search 12-17-2017 0 14	0	14
How do divide greater than and less than in splunk? I'm trying to divide my query into two parts, D>8000 as X and D<=8000 as Y, so i put it .... my search \| eval count(i... by sagar1905 New Member in Splunk Search 12-17-2017 0 7	0	7
Time Conversion into readble format Can someone help me converting 1513554224 into readable time format. I tried couple of formats but not working. I am... by ntalwar New Member in Splunk Search 12-17-2017 0 4	0	4
Number of days to AD account password expiry I have a lookup table of AD accounts lookup table fields CN, DisplayName, passwordlastset, pwdlasts... by leagawa New Member in Splunk Search 12-17-2017 0 1	0	1
Extract strings preceded by specific characters, find only the first match per event. Sorry, this is more of a regex question but can't figure it out myself. I would like to extract a string preceded by ... by christopheryu Communicator in Splunk Search 12-17-2017 0 4	0	4
Field extraction Hi , For logs such as below please help me in extracting the data enclosed within double quotes. Contact Dealership... by Deepz2612 Explorer in Splunk Search 12-17-2017 0 4	0	4
Natural sort order instead of lexicographical order in search? I've got a date field that I extracted from log messages, and it is pulled from two different sources. One source ze... by splunknoob408 Explorer in Splunk Search 12-16-2017 0 4	0	4
How do I find events that are related to previous events Hi, I have to analyse a call-centre log. Here’s a brief description if the scenario. There’s a telephone line called... by johndoe23 Engager in Splunk Search 12-16-2017 0 3	0	3
i want to remove the first set of number present in the below sentence.i want number to present at last. 000220170822013085255 017 AWS not associated with salary Number ASSD-BUS-0000 1 000220170822013085259 017 AWS not a... by DataOrg Builder in Splunk Search 12-16-2017 0 6	0	6
How to extract a field within quotes and extract its value based on the following second set of quotes? Hi Guys, I am new to Splunk and regex and trying to extract a given field plus its value. So in the example below,... by dernst New Member in Splunk Search 12-16-2017 0 3	0	3