Splunk Search

Community Activity

How to use timebased lookup table? I defined a lookup table as timebased config in transforms.conf as below [swipeR.csv] batch_index_query = 0 case_se... by samlinsongguo Communicator in Splunk Search 11-23-2017 0 2	0	2
How to timechart requests count with SLA and latency How to timechart requests count with SLA and latency based on the time mentioned in the logs. I need to know how many... by panandshah New Member in Splunk Search 11-23-2017 0 1	0	1
how to add more than one matching criteria while getting the count Hi @somesoni2 Can you help me with a simple search i have following requirement from a single input lookup file. No... by surekhasplunk Communicator in Splunk Search 11-23-2017 0 11	0	11
Error in multiselect - Could not create search Below is the code for multiselect which gets populated dynamically based on user selection. The Search query seems to... by sangs8788 Communicator in Splunk Search 11-23-2017 0 8	0	8
Can a Splunk search call a Python script to perform data manipulation? Hello, Before I waste too much time trying to get this to work, I'd like to know whether a Splunk search can call a ... by andrewtrobec Motivator in Splunk Search 11-23-2017 1 6	1	6
Why am I getting errors writing a query after installing Splunk DB Connect and connecting to Oracle database? Hello, I have installed splunk db connnect app and connecting to oracle database i am trying to write query select ... by gajananh999 Contributor in Splunk Search 11-23-2017 1 5	1	5
custom span in timechart Hi there, I have a set of events say 8 records. One record of particular date and other 7 records of past 7 days. whe... by dsiob Communicator in Splunk Search 11-23-2017 0 8	0	8
Is there a way of ensuring every event has a specific field? Hi guys, My goal is to use the map command look over all ip addresses and mac addresses that have had the value poli... by Robbie1194 Communicator in Splunk Search 11-23-2017 0 12	0	12
timechart - how do I combine these two charts into one? I have the following query: ... \| timechart avg(Latency) Can I combine this with: ... \| timechart count by respon... by zzztimbo Engager in Splunk Search 11-22-2017 2 4	2	4
CPU Utilization Query I am using this query to Fetch CPU Utilization details index=os sourcetype="cpu" \| multikv forceheader=1 \| eval huma... by kuldeepsingh99 New Member in Splunk Search 11-22-2017 0 2	0	2
Prevent Wildcard In User Input Hi everyone, I've developed a dashboard with text input for my user. However, I do not want my users to use wildcard... by JohannLiebert92 Path Finder in Splunk Search 11-22-2017 0 5	0	5
Search to identify missing data between 2 sets of data Looking for an SPL way to identify missing data between 2 sets of data. To simplify the problem, I will present it t... by collumc New Member in Splunk Search 11-22-2017 0 3	0	3
Event breaking not working on Tomcat Catalina data I have some Tomcat Catalina data and I can't for the life of me figure out why it isn't line breaking properly. There... by cpetterborg SplunkTrust in Splunk Search 11-22-2017 0 2	0	2
Is it possible to override the earliest and latest time in subsearch ? Hi, I am using sub search in my dashboard. Sub search use time defiend in main search query, however I want to use ... by AKG1_old1 Builder in Splunk Search 11-22-2017 1 4	1	4
joining ips in splunk index against a csv file with multiple CIDR ranges I have an index=logs that has an ip_address field like 5.34.244.100 I want to look up these all ip_address filed agai... by spark2310 Explorer in Splunk Search 11-22-2017 0 5	0	5
eval with dynamic column names I have a table of data as follows: KPI / Base:(date1) / Test:(date1) / Test:(date2) / Test:(daten) KPI1 / 1.5 / 1.8 /... by mschellhouse Path Finder in Splunk Search 11-22-2017 0 2	0	2
two inputlookup files sum of fields \|inputlookup file1.csv \|search "field1"="RUN" \|eval Aperm = if( 'Perm / Cont' = "Permanent",FTE,0) \|eval Acont=if( 'P... by surekhasplunk Communicator in Splunk Search 11-22-2017 0 6	0	6
match 2 fields with same value I have a search and need to match 2 fields and show the match. I tried eval match(field1, field2) and eval results =... by ecanmaster Explorer in Splunk Search 11-22-2017 0 5	0	5
getting error like "java.sql.SQLException: Missing IN or OUT parameter at index:: 2". Can you please troubleshoot? SELECT A.* FROM "STG_CONTACT"."CRMTRC_CONVERSION_EVENT" A where A.CRMTRC_TIMESTAMP> ? and A.CRMTRC_TIMESTAMP< ?+5 o... by 1240062 New Member in Splunk Search 11-22-2017 0 3	0	3
How to find the size of each of the data model in our environment via Splunk search or REST API? I'm trying to estimate the storage used by all the data models in our environment. Is there a way to find the size of... by rajkumargopagon Explorer in Splunk Search 11-22-2017 0 2	0	2
Writing a search query that validates file format Hi Guys, I have a question regarding file validation. Is it possible in Splunk to validate the structure/format of a... by mahbs Path Finder in Splunk Search 11-22-2017 0 1	0	1
Count number of occurrences in more than one field I have two fields, Inbound and Outbound. Each of these fields can contain a group (sometimes they're null). I need to... by tnkoehn Path Finder in Splunk Search 11-22-2017 0 3	0	3
After eval _time, time chart is not considering updated _time Hi, I am updating the _time in my search query and passing that to Timechart. My requirement is that timechart sh... by AKG1_old1 Builder in Splunk Search 11-22-2017 1 2	1	2
how can I populate a variable in a table with a search to make several different tables? index=infrastructure_some_index resource_type="This could be variable from a search" \| stats values(endpoint) as "... by Hanneke New Member in Splunk Search 11-22-2017 0 6	0	6
How to Use an InputLookup File to provide authorized user list and Report back Users who are not in the inputlookup I have an input lookup file. Say 'ApprovedUsers.csv'. This contains a single field SamAccountName. I want to c... by deastman Path Finder in Splunk Search 11-22-2017 0 7	0	7