Splunk Search

Community Activity

CPU Utilization Query I am using this query to Fetch CPU Utilization details index=os sourcetype="cpu" \| multikv forceheader=1 \| eval huma... by kuldeepsingh99 New Member in Splunk Search 11-22-2017 0 2	0	2
Prevent Wildcard In User Input Hi everyone, I've developed a dashboard with text input for my user. However, I do not want my users to use wildcard... by JohannLiebert92 Path Finder in Splunk Search 11-22-2017 0 5	0	5
Search to identify missing data between 2 sets of data Looking for an SPL way to identify missing data between 2 sets of data. To simplify the problem, I will present it t... by collumc New Member in Splunk Search 11-22-2017 0 3	0	3
Event breaking not working on Tomcat Catalina data I have some Tomcat Catalina data and I can't for the life of me figure out why it isn't line breaking properly. There... by cpetterborg SplunkTrust in Splunk Search 11-22-2017 0 2	0	2
Is it possible to override the earliest and latest time in subsearch ? Hi, I am using sub search in my dashboard. Sub search use time defiend in main search query, however I want to use ... by AKG1_old1 Builder in Splunk Search 11-22-2017 1 4	1	4
joining ips in splunk index against a csv file with multiple CIDR ranges I have an index=logs that has an ip_address field like 5.34.244.100 I want to look up these all ip_address filed agai... by spark2310 Explorer in Splunk Search 11-22-2017 0 5	0	5
eval with dynamic column names I have a table of data as follows: KPI / Base:(date1) / Test:(date1) / Test:(date2) / Test:(daten) KPI1 / 1.5 / 1.8 /... by mschellhouse Path Finder in Splunk Search 11-22-2017 0 2	0	2
two inputlookup files sum of fields \|inputlookup file1.csv \|search "field1"="RUN" \|eval Aperm = if( 'Perm / Cont' = "Permanent",FTE,0) \|eval Acont=if( 'P... by surekhasplunk Communicator in Splunk Search 11-22-2017 0 6	0	6
match 2 fields with same value I have a search and need to match 2 fields and show the match. I tried eval match(field1, field2) and eval results =... by ecanmaster Explorer in Splunk Search 11-22-2017 0 5	0	5
getting error like "java.sql.SQLException: Missing IN or OUT parameter at index:: 2". Can you please troubleshoot? SELECT A.* FROM "STG_CONTACT"."CRMTRC_CONVERSION_EVENT" A where A.CRMTRC_TIMESTAMP> ? and A.CRMTRC_TIMESTAMP< ?+5 o... by 1240062 New Member in Splunk Search 11-22-2017 0 3	0	3
How to find the size of each of the data model in our environment via Splunk search or REST API? I'm trying to estimate the storage used by all the data models in our environment. Is there a way to find the size of... by rajkumargopagon Explorer in Splunk Search 11-22-2017 0 2	0	2
Writing a search query that validates file format Hi Guys, I have a question regarding file validation. Is it possible in Splunk to validate the structure/format of a... by mahbs Path Finder in Splunk Search 11-22-2017 0 1	0	1
Count number of occurrences in more than one field I have two fields, Inbound and Outbound. Each of these fields can contain a group (sometimes they're null). I need to... by tnkoehn Path Finder in Splunk Search 11-22-2017 0 3	0	3
After eval _time, time chart is not considering updated _time Hi, I am updating the _time in my search query and passing that to Timechart. My requirement is that timechart sh... by AKG1_old1 Builder in Splunk Search 11-22-2017 1 2	1	2
how can I populate a variable in a table with a search to make several different tables? index=infrastructure_some_index resource_type="This could be variable from a search" \| stats values(endpoint) as "... by Hanneke New Member in Splunk Search 11-22-2017 0 6	0	6
How to Use an InputLookup File to provide authorized user list and Report back Users who are not in the inputlookup I have an input lookup file. Say 'ApprovedUsers.csv'. This contains a single field SamAccountName. I want to c... by deastman Path Finder in Splunk Search 11-22-2017 0 7	0	7
How to show the result only if it is latest than the subsearch result? Assume, I have two panels - PanelA, PanelB. I have to show the result in PanelA only if the event for train is more r... by Naren26 Path Finder in Splunk Search 11-22-2017 0 5	0	5
Why doesn't this eval statement work? Hi, I have this query index=wholesale_app buildTarget=comcast analyticType=SessionStart \|rename Properties.platfo... by dbcase Motivator in Splunk Search 11-22-2017 0 2	0	2
display result count in form panel Hi, I have a form has field inputs and a panel to display the search results in a table. Our users are complainting ... by rzhang520 Engager in Splunk Search 11-21-2017 0 6	0	6
Field regex extractions on non-raw fields from web UI I'm attempting to create a field extraction from the web UI (I'm not an admin and don't have access to "*.conf" files... by doweaver Path Finder in Splunk Search 11-21-2017 1 10	1	10
Transaction command with multiple fields I have this start event. I am using the "Phonecall" as the key in the transaction. 1. InteractionEvent on Phonecall-... by bcarnot Path Finder in Splunk Search 11-21-2017 0 4	0	4
Help in creating regex for encryption of data? Hi Splunkers, I am looking for some help in creation of regular expression to Anonymize data with a regular expressi... by nishitdarade Explorer in Splunk Search 11-21-2017 0 9	0	9
How do i search non matching values from two different indexes and display This is what I am doing extract value until the first occurrence of char & using the search string index="prod_c... by saifullakhalid Explorer in Splunk Search 11-21-2017 0 12	0	12
Trying to search a connections log, top 10 hosts sending the most traffic, doesn't seem to be working. Trying to search a connections log, top 10 hosts sending the most traffic, need some help, thanks. by howardsamuels New Member in Splunk Search 11-21-2017 0 3	0	3
How to manipulate the time formats to get the exact results in Status Hi, I have created a query to fetch the status of some jobs in a particular format. There are different scheduled jo... by varunghai Engager in Splunk Search 11-21-2017 0 2	0	2