Splunk Search

Community Activity

lookup two csv pattern match query I have a requirement like this from file1.csv lookup file i am getting 2 fields field1 ... by surekhasplunk Communicator in Splunk Search 11-10-2017 0 3	0	3
Why are the legend and stacking order of this bar chart opposites? When creating a stacked bar chart and putting the legend definitions on top, the legend order is reverse of the stack... by Rolthers Engager in Splunk Search 11-10-2017 0 13	0	13
updating a lookup after query result returned I have a lookup table that looks like this _time,action,source <time>,completed,<source> <time>,completed,<source> <... by proylea Contributor in Splunk Search 11-10-2017 0 12	0	12
Use wildcard in source? I have a directory C:\logs in this directory I have multiple files: 1: logging-projectname-0.log (There can be mult... by nishantjiit New Member in Splunk Search 11-10-2017 0 9	0	9
How do you display the # of requests per 24 hours of log access (Between 00:00:00 and 23:59:59)? How to write a query which displays all the requests count for every hour in 24 hours access logs. The log timings ar... by saifullakhalid Explorer in Splunk Search 11-10-2017 0 15	0	15
Incomplete lookup results Hi everyone! We've been randomly facing with rather annoying and critical issue while working with lookups: sometime... by iKate Builder in Splunk Search 11-10-2017 0 7	0	7
How to compare a field from one sourcetype with another sourcetype then return the result in a new field? Hello, Hoping someone can help, I'm new to Splunk. Lets say I have the following source types: "event_alert" - cont... by Zerophage New Member in Splunk Search 11-10-2017 0 1	0	1
inputlookup csv two files get the data Hi, I have two input lookup files. input1.csv and input2.csv Am getting "Maintenance for application" as value for ... by surekhasplunk Communicator in Splunk Search 11-09-2017 0 3	0	3
Timechart in the same table based on column Hi, I have the below 2 searches, which work fine. I need to put the output of both the searches in a single table so... by archananaveen Explorer in Splunk Search 11-09-2017 0 2	0	2
How do I use the latest/newest value to be used as a value? I am trying to use the latest "Value" from the last Added/Updated Registry Key but however it took in the oldest resu... by Kitteh Path Finder in Splunk Search 11-09-2017 0 3	0	3
Join 2 sourcetype on on field if time difference between 2 records is less than 3 seconds So I have 2 different source types which I can join using DEVICE field. But I wan to join records if and only if time... by anujshah Engager in Splunk Search 11-09-2017 1 3	1	3
What do I need to alter in my search to get these fields? Hi , We have two lists of CSV files. Each one has 500 hosts and for each we need to figure out among hosts which are... by splunker969 Communicator in Splunk Search 11-09-2017 1 13	1	13
Dashboard: Replacing default text for empty reports I'm developing a dashboard to display the results of several saved searches and everything's looking nice. I just wa... by AndreasBalster Explorer in Splunk Search 11-09-2017 0 6	0	6
Get last 3 events based on time in 1 index when an error happens in a different index I have the below search where i get an errot and then i want to pull through the last 3 events prior to that error bu... by Sfry1981 Communicator in Splunk Search 11-09-2017 0 3	0	3
How to see all values in a field It says 41 values exist, but it's only showing 10. How do I see the rest, and select from them with checkboxes? This ... by tmontney Builder in Splunk Search 11-09-2017 1 2	1	2
Delta over Multiple SIDs In my raw data I have a lot of values for a field called "sid". For each of those values I want to calculate the del... by markschoonover Explorer in Splunk Search 11-09-2017 0 2	0	2
How can I search for events that match two subsearches? I'm trying to pull back events that have a specific field value, but should only return events that match that field ... by spohara79 Explorer in Splunk Search 11-09-2017 0 5	0	5
How to group uri strings inside a case statement based on a substring portion of a uri I have three types of uris stored in a field called uri. The uris are as follows: First type: /a/b/c/1/d /a/b/c/2/d ... by gokadroid Motivator in Splunk Search 11-09-2017 0 4	0	4
Get last login time based upon a list of accounts in a CSV lookup file I have a list of accounts that I wish to monitor in a csv file, say accounts.csv. The file looks like: userid,name,d... by pfhendr Explorer in Splunk Search 11-09-2017 0 2	0	2
Display rows not older than 1 day based in a date column Thanks in advance. We are trying to display the rows where the column is not older than 1 day and this has to be don... by rsokolova Path Finder in Splunk Search 11-09-2017 0 1	0	1
Splunk Search & Reporting app returns "500 internal server error", only for one user. I'm running Splunk Enterprise v 6.6.1 on Windows 2008 R2 (not by choice). Without making any configuration changes (... by LCM_BRogerson Path Finder in Splunk Search 11-09-2017 1 10	1	10
Avoiding a double-lookup for an efficient search A user is only allowed to log in from one of their AllowedPlatform: userAllowedPlatform.csv \| User \| Allowed... by 98123722 Explorer in Splunk Search 11-09-2017 0 2	0	2
Strange behavior of an eval "call" OR "exception1" OR "exception2" OR "exception3" \| eval calls = if(like(message, "%call%"), 1, 0) \| eva... by rbochen New Member in Splunk Search 11-09-2017 0 2	0	2
Command 'search' can't compare two floating numbers I am writing a saved search to trigger and alert when a difference between values is higher than a threshold. A simp... by thenhaque Explorer in Splunk Search 11-09-2017 0 5	0	5
How can I extract additional fields from this source? eg: source = shuttle(Oct1-3).zip:./shuttle/5720/LOG/shuttle_log.20171002 ,shuttle_3.zip:./shuttle_3/5720/LOG/shuttle_... by vinisha29 New Member in Splunk Search 11-09-2017 0 1	0	1