Splunk Search

Community Activity

compare data list Assume i have two stores which must have the same items but one is missing. My search returns for example STORE=LON... by mkrauss1 Explorer in Splunk Search 12-02-2017 0 8	0	8
Test Splunk Queries I am building a Splunk app for school and one of my requirements is to test that the queries sent to splunk work and ... by reesmanp New Member in Splunk Search 12-02-2017 0 4	0	4
Injecting fields into other events? I have a set of events with the pattern that there's a single event A that pairs with many event Bs (based on a field... by doweaver Path Finder in Splunk Search 12-02-2017 0 8	0	8
How to restrict search access to certain hosts or fields on a per-user basis? Hello. I'm new to Splunk. This may become obvious with my next question: I would like to restrict access to certain h... by jhillenburg Path Finder in Splunk Search 12-01-2017 1 4	1	4
How to sum the values of a multivalue field.? Hi my query is: index=_internal earliest=-60m@m latest=now\|transaction method \| table root method status bytes \| nomv... by gvnd Path Finder in Splunk Search 12-01-2017 0 6	0	6
Why are the field names different when using \|from datamodel instead of \|datamodel in a search? When I do a search with \|from datamodel, the search results are the same as when I do a search with \|datamodel, but t... by smoir_splunk Splunk Employee in Splunk Search 12-01-2017 0 3	0	3
How can I write a search with a multifield value for job type and organization? Hi there, Below is the query for which i need the multi field value for job type and organization. index=abc sourc... by kteng2024 Path Finder in Splunk Search 12-01-2017 0 3	0	3
display cumulative total and specific group summations on chart I have anti-virus data and I want to plot the the types of alerts on a chart over time. I want to plot the data such... by DEAD_BEEF Builder in Splunk Search 12-01-2017 0 5	0	5
Use regex on a known date field First, new to regex, so don't really know where to start. I've done some Google searching and up and down Splunk Ans... by jamescasey2 New Member in Splunk Search 12-01-2017 0 3	0	3
How to compare a field name with different field values? I am new to splunk, I have two field names: status and ip_address, status has different field values, status=200, 3... by chandanaberi Explorer in Splunk Search 12-01-2017 0 13	0	13
Limit on size of event/data passed to 'collect' command? We have a number of scheduled searches that run every few minutes to search for events recently indexed that match ce... by elliotproebstel Champion in Splunk Search 12-01-2017 1 9	1	9
How to calculate the average of a field value for n number of days? I have the below query index=abc sourcetype=xy.. \|timechart span=1d count as events by host \| addtotals time ... by vrmandadi Builder in Splunk Search 12-01-2017 0 21	0	21
Search with several joins taking too long I am trying to create a dashboard of CPU and Memory usage from some log files. Because of the way the data is inputte... by minura Engager in Splunk Search 12-01-2017 0 7	0	7
Can you help fix the output of appencols and stats list in this search? Hi, I'm trying to list data per field. I've used stats list which works partially, it lists all the data for both fi... by mahbs Path Finder in Splunk Search 12-01-2017 0 11	0	11
Help to modify existing regex to mask senstive PII? Hi Splunkers, I am looking for some help in modifying current regex to meet our updated project criteria. Link: htt... by smakwana Explorer in Splunk Search 12-01-2017 1 5	1	5
Help in creating regex for encryption/masking of data at index time? Hi Splunkers, I am looking for some help in creation of regular expression to Anonymize data with a regular expressi... by dreschke Explorer in Splunk Search 11-30-2017 0 5	0	5
Chart Top Seller Between Three Regions Per Year Hello I'm new to Splunk and I'm stuck trying to create what should be a simple table. Basically, I have a database o... by rfernandez2010 New Member in Splunk Search 11-30-2017 0 1	0	1
Restrict access so users can only view specific lookups Hello, I have a new set of users who I want to only be able to access 2 specific lookups. However, those lookups nee... by katzr Path Finder in Splunk Search 11-30-2017 0 6	0	6
Trying to slip SNMP data on index or through rex All, I have the following Data: (192 of these) and trying to split the data into a multi-lined event, to extract th... by srobinsonxtl Path Finder in Splunk Search 11-30-2017 0 9	0	9
Can I loop through all my fields* using the foreach command, or in some way reduce the number of eval case statements in my search? Hello Splunk experts, I'm trying to figure out a better way to handle the large number of case statements that I wou... by splunker1981 Path Finder in Splunk Search 11-30-2017 0 1	0	1
How to retrieve the values of the existing column based on eval result dynamically? i have a data like below.... ID \| Name \| 2017-12 \|2018-01\|2018-02\|2018-03 X123 \|aaa \| 90 \| ... by 9738078959 Engager in Splunk Search 11-30-2017 0 9	0	9
Are counts form the cofilter command "symmetric"? Hi all, As I understand it, the cofilter command counts how many times pairs of items occur. If the same user views... by JacobPN Path Finder in Splunk Search 11-30-2017 0 1	0	1
show/where the result from count when result is odd or even number Is it possible to search results from a count when they are odd or even? So the results only show the lines/events wh... by Mike6960 Path Finder in Splunk Search 11-30-2017 0 6	0	6
Query to check if log has not been updated in last 24 hours We have a requirement wherein we want to check if logs have not been updated in last 24 hours. There are around 20 in... by AnmolKohli Explorer in Splunk Search 11-30-2017 0 1	0	1
Doing calculations using eval command with fields generated by timechart command. Hi, I'm doing some search query where I used timechart command that creates fields. Now, what I want to do is to som... by jvmerilla Path Finder in Splunk Search 11-30-2017 0 3	0	3