Splunk Search

Community Activity

Lookups excluding answers if multiple same lines are found I have a lookup that end users can update. However they might make a mistake and put in the same data twice. The issu... by robertlynch2020 Influencer in Splunk Search 11-09-2017 0 2	0	2
Dataset regexed field to uppercase Hello. I have a dataset with a regular expression where i extract the hostname of the computer to a hostname variabl... by christoffertoft Communicator in Splunk Search 11-08-2017 0 4	0	4
Exclusive Right Join option in splunk I am trying to list the events from the subsearch which are not found in the main search. For example the subsearch ... by kiril123 Path Finder in Splunk Search 11-08-2017 0 5	0	5
Help extracting a value from this log? Hi, can someone help me to exact "536 MiliSeconds" from below is log 6>2017-11-02T05:55:12Z d065d14b-3bcd-481c-512a-... by rajgowd1 Communicator in Splunk Search 11-08-2017 0 3	0	3
Problem using set diff together with mvexpand I'm trying to compare multi-value fields from multiple events and display the diff between the two sets. For example... by kenliu Explorer in Splunk Search 11-08-2017 0 2	0	2
How do I delimit multivalue fields? Dear All, We have a scenario, where For each Application_ID, Application_Name is having multi-value and delimited. ... by anil_ec21 Explorer in Splunk Search 11-08-2017 1 4	1	4
How do you compare sets of field values from two searches? I'm basically trying to identify whether some of my hosts are not doing something successfully as it should be in a d... by cinchnetops Explorer in Splunk Search 11-08-2017 0 3	0	3
Single value with trend for duration? I have been searching about this for the last couple of days. I don't think Splunk have this feature but I just want ... by tamduong16 Contributor in Splunk Search 11-08-2017 1 4	1	4
When I search for top public IP addresses results include my LAN subnet Hi mates, I'm figuring out the reason, why I'm looking LAN addresses as source IP if my search is clearly filtering ... by rookie507SL New Member in Splunk Search 11-08-2017 0 3	0	3
Rex command to extract multiple values from base query I have below text and i need to extract "Successfully Sent" FTP Ipaddress and store number. I could extract first po... by k_harini Communicator in Splunk Search 11-08-2017 0 2	0	2
How to split multivalue fields after lookup? Hello after a search like this: index=myindex\|lookup mycsv.csv host_ip I have the following output: I would lik... by skiourus New Member in Splunk Search 11-08-2017 0 4	0	4
Can I join a data model with a lookup using a wildcard character (*)? Hi I have an issues where I am joining a Data-model with a lookup table and its working very well. We are looking to... by robertlynch2020 Influencer in Splunk Search 11-08-2017 0 2	0	2
Search for a pattern in a lookup CSV file which is received from first search from another lookup CSV file I have two lookup csv files. file1.csv and file2.csv 1st query results me with field1 which has a pattern match in ... by surekhasplunk Communicator in Splunk Search 11-08-2017 0 2	0	2
How to combine Fw: and Fwd in email Subjects Let's say I had used a search like: index=mail RecipientUserDomain=user@domain.com \| stats count by Subject \| sort-c... by smurfy_91 New Member in Splunk Search 11-08-2017 0 2	0	2
Can you remove a unit of measurement from a field value? I'm trying to calculate man hours, but my field format is "12 Mins" not simply "12". How can I either calculate this ... by mbond81 Engager in Splunk Search 11-08-2017 0 4	0	4
Option to extract one specific field from different patterns in one go ? For the same sourcetype, I have a lot many different patterns from which I want to extract one specific field. Is the... by pari04home New Member in Splunk Search 11-07-2017 0 3	0	3
Joining 2 sourcetypes ( 2 types of events ) based on time range We have 2 sourcetypes that we would like to somehow do a join based on if sourcetype2 has a ArrivalDateTime that fall... by tragiccode New Member in Splunk Search 11-07-2017 0 8	0	8
How to count the occurrence of a field/string per transaction for events grouped with the transaction command? I have custom log file in which we all logging various activities in a transaction context (correlation ID). In this ... by Aftab_alam Explorer in Splunk Search 11-07-2017 1 4	1	4
Need help with regex to extract "error" from "url :/test.com/error.html" How to capture only word that has white the start and end : - 1) ERROR 2) url :/test.com/error.html 3) this is my e... by jw44250 New Member in Splunk Search 11-07-2017 0 3	0	3
FEATURE REQUEST: Trellis timechart with color by field Ok, I've figured this out for pie charts, but it seems I'm not able to do this for timecharts in trellis? I'd like to... by bandit Motivator in Splunk Search 11-07-2017 1 6	1	6
Custom field extraction and table output Hi Team, I have the below sample log file. I want to filter all the lines starting with "NET," and also want to crea... by senthamilselvan Engager in Splunk Search 11-07-2017 0 6	0	6
Dynamic number of timecharts of field values by another field Sorry if the description isn't clear. Essentially, I'm making a dashboard to display the trends of a project from a l... by j4adam Communicator in Splunk Search 11-07-2017 0 9	0	9
Search query using spath and mvexpand on multi-value nested JSON doesn't scale Hi Splunk Experts, I am sending events to Splunk Enterprise in the following nested JSON format: { compliance:... by sharad06 Explorer in Splunk Search 11-07-2017 0 2	0	2
inner join/append with two Where commands. I want to join two search's for an alert, I want to alert when the "difference " is above 30 AND the "Total_GB_Used "... by sbattista09 Contributor in Splunk Search 11-07-2017 0 2	0	2
Search syntax for comparing events over 30-day timespan The purpose of the query is to identify those events that occurred after 10/14/2017 01:00:00 that had not occurred in... by sbattista09 Contributor in Splunk Search 11-07-2017 0 2	0	2