Splunk Search

Community Activity

How to search a lookup table and return the matching term? All- I am new to Splunk and trying to figure out how to return a matched term from a CSV table with inputlookup. I j... by clv1clv1 Explorer in Splunk Search 12-18-2017 1 15	1	15
Sort the average duration based on time rather than alphabetically I have an average duration field which has months ,days ,hours and minutes.I want it to be sorted descending order -M... by chitreshakumar Communicator in Splunk Search 12-18-2017 0 2	0	2
Excluding rows based on field combination Hello splunkers ! Today I'm building a report, in which I'm tasked to exclude some specific results. These are typic... by jbdumoulin Engager in Splunk Search 12-18-2017 0 2	0	2
Need to shorten data and show it by count Hi All, I am executing query which is giving me the below result and I want to shorten the data and show in table fo... by sunnyparmar Communicator in Splunk Search 12-18-2017 0 3	0	3
Maths problem that i am hoping Splunk has a function for Hi I have a Maths problem that i am hoping Splunk has a function for. It is in relation to calculation the % of tim... by robertlynch2020 Influencer in Splunk Search 12-18-2017 0 6	0	6
List future or historical run times of scheduled searches I'm trying to create a timeline using the Timeline Custom Visualization of future or historical saved searches in ord... by mikaelbje Motivator in Splunk Search 12-18-2017 0 4	0	4
In Splunk Java SDK, is there any way to provide Event Sampling? While making Splunk search using Java SDK, is there any way to provide event sampling value into the query. There ar... by ashiqm Explorer in Splunk Search 12-18-2017 0 1	0	1
reformat the _time Hi, Is it possible to reformat the _time, for example, remove the day so only the month and the year will remain? I... by jvmerilla Path Finder in Splunk Search 12-17-2017 0 11	0	11
How do I get first match from lookup with multiple entries I am trying to match a field A from base query with a kv store lookup to get field B from lookup. Apparently there ar... by rajashekar_s Path Finder in Splunk Search 12-17-2017 0 2	0	2
Implementing condition in search This is the algorithm of my query. Could someone help me in constructing it. If (A happens) { Then ( Exec... by zacksoft Contributor in Splunk Search 12-17-2017 0 14	0	14
How do divide greater than and less than in splunk? I'm trying to divide my query into two parts, D>8000 as X and D<=8000 as Y, so i put it .... my search \| eval count(i... by sagar1905 New Member in Splunk Search 12-17-2017 0 7	0	7
Time Conversion into readble format Can someone help me converting 1513554224 into readable time format. I tried couple of formats but not working. I am... by ntalwar New Member in Splunk Search 12-17-2017 0 4	0	4
Number of days to AD account password expiry I have a lookup table of AD accounts lookup table fields CN, DisplayName, passwordlastset, pwdlasts... by leagawa New Member in Splunk Search 12-17-2017 0 1	0	1
Extract strings preceded by specific characters, find only the first match per event. Sorry, this is more of a regex question but can't figure it out myself. I would like to extract a string preceded by ... by christopheryu Communicator in Splunk Search 12-17-2017 0 4	0	4
Field extraction Hi , For logs such as below please help me in extracting the data enclosed within double quotes. Contact Dealership... by Deepz2612 Explorer in Splunk Search 12-17-2017 0 4	0	4
Natural sort order instead of lexicographical order in search? I've got a date field that I extracted from log messages, and it is pulled from two different sources. One source ze... by splunknoob408 Explorer in Splunk Search 12-16-2017 0 4	0	4
How do I find events that are related to previous events Hi, I have to analyse a call-centre log. Here’s a brief description if the scenario. There’s a telephone line called... by johndoe23 Engager in Splunk Search 12-16-2017 0 3	0	3
i want to remove the first set of number present in the below sentence.i want number to present at last. 000220170822013085255 017 AWS not associated with salary Number ASSD-BUS-0000 1 000220170822013085259 017 AWS not a... by DataOrg Builder in Splunk Search 12-16-2017 0 6	0	6
How to extract a field within quotes and extract its value based on the following second set of quotes? Hi Guys, I am new to Splunk and regex and trying to extract a given field plus its value. So in the example below,... by dernst New Member in Splunk Search 12-16-2017 0 3	0	3
Maxmind GeoIP2 updates in a Clustered Environment I have a multisite indexer cluster with one SH I configured automated GeoIP2-City Maxmind DB (paid subscription) down... by Ovi Path Finder in Splunk Search 12-16-2017 1 1	1	1
Is there a way to group by multiple fields in a timechart? All, I am looking to create a single timechart which displays the count of status by requestcommand by action. So t... by daniel333 Builder in Splunk Search 12-15-2017 0 2	0	2
How to get the volume of events at a specific percentile? Let's say you have 100 events, and each one increases in duration by 1 second. So event 1 is 1 second long and event ... by efavreau Motivator in Splunk Search 12-15-2017 0 1	0	1
"ERROR" Search Factory: Unknown search command '1'. when I ran a script to access Splunk API , and got this error: Search Factory: Unknown search command '1'. could you... by jenniferhao Explorer in Splunk Search 12-15-2017 0 8	0	8
How can i set different timeline for my search? I have the following search: index="monthlycdr" "Call Duration"=* Name=\"***\" \| eval "Call Duration"=replace('Cal... by tamduong16 Contributor in Splunk Search 12-15-2017 0 9	0	9
How to combine a search result and an inputlookup file? etc = removed text for anonymity I have a very complex search query that input the following table: Network , Sou... by gingyish New Member in Splunk Search 12-15-2017 0 2	0	2