Splunk Search

Community Activity

rex field not visible and cannot be used in eval Hi I have this query and trying to do a eval case on the rex field value returned base \| rex "#TAGRESPONSE.*RESPONSE... by maniishpawar Path Finder in Splunk Search 11-17-2017 1 7	1	7
Showing events in a raw web browser window ? literally have a very basic raw events vizualization Hi, I have a strong request from my client that wants to be to be able to view events resulting from a SPL search in... by guilmxm Influencer in Splunk Search 11-17-2017 0 2	0	2
eval case before inputlookup file search I have a dashboard table with fields like below. Area field2 filed3 UK 100 200 US 300 400 In the dri... by surekhasplunk Communicator in Splunk Search 11-17-2017 0 14	0	14
Regex Help: Parse CSV with whatever it has got rather than failing on entire line Hi We have a regex/requirement to extract col1,col2,col3,col4 everytime. But the data may not contain col3 onwards ev... by koshyk Super Champion in Splunk Search 11-17-2017 0 2	0	2
Cannot search for value in extracted field I have a field extraction that gets the message number from the raw message string .{22}\s0-9 The message string is... by jrfrost Explorer in Splunk Search 11-17-2017 1 3	1	3
Is there a way not to restart entire splunk instance after making changes in .conf files? In general after we make changes in .conf files splunk instance should restart. If we deploy splunk in production en... by krishnakanthgup New Member in Splunk Search 11-17-2017 0 3	0	3
how can i add my index to the search app to search by default? hi, I have searched high and low for the instructions but cant seem to find the settings for enabling the search he... by 5plunked Explorer in Splunk Search 11-16-2017 0 2	0	2
Merge two line charts Hi , Very new to splunk. I need to search a index with two strings example: "ABC1" "XVZ2" And create a line graphs... by super_virus New Member in Splunk Search 11-16-2017 0 2	0	2
Problem with using stats for a count, and also to pull additional data So, I am going through windows logs, and have output that works for me with something like: index=windows sourcetype... by stakor Path Finder in Splunk Search 11-16-2017 0 1	0	1
Find difference between time now and last event time I am not sure why I am not getting results with this query, any suggestions? index= ______ \| stats max(_time) as las... by JoshuaJohn Contributor in Splunk Search 11-16-2017 1 1	1	1
Site name from lookup table based on IP address Hi splunk guru's. I'm trying to find a way (using SPL only - i am not an admin) to do the following: My vulnerability... by eransh10 New Member in Splunk Search 11-16-2017 0 2	0	2
Find all greater, after 5 mins subtract different columns Hi I want to calculate/simulate a data to analysis price difference, my data set in picture, left is my data set, r... by abdulvehhaba Path Finder in Splunk Search 11-16-2017 0 6	0	6
Join events and evaluate difference price Hi I have data like this I am joined uuid over market data together like that But there is 4 times date column... by abdulvehhaba Path Finder in Splunk Search 11-16-2017 0 5	0	5
Compare firewall action to track network flow changes Hello guys, I'd like to check changes on the Checkpoint firewall logs but I haven't any result : index=xxx host=yyy... by splunkreal Influencer in Splunk Search 11-16-2017 0 1	0	1
How to properly evaluate integer list from inputlookup subsearch? I'm attempting to use a subsearch to extract a number of integers in order to transpose those integers as columns. He... by oneillryan93 New Member in Splunk Search 11-16-2017 0 1	0	1
How can I add two new fields to my logs? Hello, On my servers I used combined Apache logs, but I added two other fields at the end of the logs : SSL_PROTOCOL... by romgo75 New Member in Splunk Search 11-16-2017 0 2	0	2
Splunk search interface for non-technical users? Hi, This question may be a bit unusual. While I know SPL is already kind of "simple" enough to get a hang of for mos... by yoyu777 Explorer in Splunk Search 11-16-2017 0 4	0	4
How can I use an if or eval statement to run a custom search command Hello Splunkers - Can't figure out for the life of me how to use eval or if statement to call a custom search comma... by splunker1981 Path Finder in Splunk Search 11-16-2017 0 3	0	3
map over makecontinuous not working ... I'm trying to fill in the gaps in a set of data, where there are different gaps for each of the types. I've tried: ... by JeToJedno Explorer in Splunk Search 11-16-2017 0 7	0	7
Purpose of the "AS" statement in SPLUNK Hi, What is the purpose of the AS statement in splunk? I thought, when used, it creates an alias of a column/field... by mahbs Path Finder in Splunk Search 11-16-2017 0 1	0	1
Can we categorize the into fields based on the value of the field? Hello, I have the below field with values Source abc_hd xyz_hd ppp sqr_sd aaa_sd I want to create a new field cal... by vrmandadi Builder in Splunk Search 11-16-2017 0 12	0	12
How and where to start learning AWS to build and Manage the Splunk Platform? Hi All, I'm a Splunk admin who build and manages the on premises Splunk platform, now I have to build a Splunk platf... by yu94 New Member in Splunk Search 11-16-2017 0 3	0	3
Comparing last 2 weeks average against yesterday's events I am trying to get last 2 weeks data and avg over week day's and compare that against event count of yesterday to de... by dpatiladobe Explorer in Splunk Search 11-15-2017 0 6	0	6
Difference between Start and End Time I have a event, where starttime and endtime are coming as string. I am using below query. .... \| transaction startsw... by twh1 Communicator in Splunk Search 11-15-2017 0 3	0	3
Realtime clock of Splunk server time on dashboard? Hi All, A client has requested we give them a realtime clock on a dashboard showing the current server time. I have ... by phoenixdigital Builder in Splunk Search 11-15-2017 0 16	0	16