Splunk Search

Community Activity

HTTP Event Collector: why my fields are not searchable? I'm adding fields in my json format data like, below. The issue is, the search "index=myHEC *" returns data but "inde... by sylim_splunk Splunk Employee in Splunk Search 11-01-2017 1 1	1	1
how to display a list of hosts which satisfies a condition? I have a query as follows \| metadata type=hosts \| search [\| inputlookup ABCD.csv \| eval Device=mvindex(split(Device... by pavanae Builder in Splunk Search 11-01-2017 0 3	0	3
Use of _indextime field in table or stats command Hi All How can I use _indextime field in table or stats command without renaming or converting it. Not working Ex: ... by rakshithreddy Explorer in Splunk Search 11-01-2017 1 9	1	9
Finding Unique Pairs of Data in Interchangeable Fields Hi folks, I'm parsing Cisco Callmanager call detail records in our splunk system and I'd like to see which pairs of t... by lboro_garyp Path Finder in Splunk Search 11-01-2017 0 2	0	2
Eval Case Statement not working Not sure why the below is not working. index=www_kinesis rtData.tag=pageviewTag \| eval marketing_channel=case(rt... by lorellpascual New Member in Splunk Search 11-01-2017 0 1	0	1
Comparing Two Lookup Files I have two lookup files: 1) vulnerability results and 2) asset information. I want to take the vulnerability results,... by cgalligan Explorer in Splunk Search 11-01-2017 0 1	0	1
Extract year from filename I have some old syslog files to index. I'm trying to extract year from the filename and month, day, time from events ... by C_HIEN Path Finder in Splunk Search 11-01-2017 0 4	0	4
How to convert time stamp? Hi, How to convert the seconds in to days, hours, sec? Any suggestions ? for eg: I have a sec field to convert to... by kiran331 Builder in Splunk Search 11-01-2017 1 4	1	4
How to find the most searched index in splunk? Hello, How to find the most searched index in splunk? This would help us to increase the hot/warm buckets for them.... by sim_tcr Communicator in Splunk Search 11-01-2017 0 4	0	4
Can you limit events to the max numerical value of a given field by the unique value of another field? I am trying to limit my search results to events that contain the highest numerical value of a given field (vulnerabi... by andrewgbennett3 New Member in Splunk Search 11-01-2017 0 3	0	3
Compare search field to similar field in lookup1 then compare to field in lookup2 Hi i'm having trouble trying to to do the following: I have a search which pulls the event_id, which i would like to... by becksyboy Contributor in Splunk Search 11-01-2017 0 2	0	2
Is eventstats a "Distributable" command ? Hi All, I am trying to improve my run time for a large search and i need some help to identify whether eventstats is... by KarunK Contributor in Splunk Search 11-01-2017 0 4	0	4
Best way to manage extra field from raw log I imported some custom log for file auditing. each log message is very long, it has 7 type of messages. To normalize ... by samlinsongguo Communicator in Splunk Search 11-01-2017 0 1	0	1
Regex for multiline events How do I configure regex to get only test after each line's : in the following log? I have a log file containing ev... by melonman Motivator in Splunk Search 10-31-2017 2 9	2	9
Bullet chart still supported in Splunk? Hello, I would like to use the "Bullet"-Chart of the jQuery Sparkline plugin from omnipotent.net/jquery.sparkline/#... by splunkbeginner2 Path Finder in Splunk Search 10-31-2017 0 3	0	3
Filtering on multiple fields based on a stats subsearch I have multiple log sources that are appended on a daily basis. All rows in one refresh have same epoch time. I would... by saboobaker New Member in Splunk Search 10-31-2017 0 3	0	3
How to apply regex to a field in lookup file? I have a lookup file query as follows \| inputlookup ABCD.csv which displays the results as follows Host efgh ijkl... by pavanae Builder in Splunk Search 10-31-2017 0 1	0	1
Use subsearch result as filter I have 2 indexes. 1 index has the price with product code Another index has product code and product name the subsea... by kennethyeung New Member in Splunk Search 10-31-2017 0 7	0	7
OR not working properly Hi, I tried to run a report on multiple number from a specific field named "finalCalledPartyNumber" using the OR oper... by lcharpentier New Member in Splunk Search 10-31-2017 0 4	0	4
Why doesn't dbquery as a subsearch produce expected results? I'm having problems with getting a dbquery command to filter the results of a search. When I run this search : \| db... by NigelCooke Explorer in Splunk Search 10-31-2017 0 4	0	4
Count of values per column I have a table like this that is generated by a \| stats values(value1) values(value2) values(value3) values(value4) b... by tawollen Path Finder in Splunk Search 10-31-2017 0 2	0	2
Regex to extract between these two characters, : and " Hi, Can anyone help with a regex to extract the string seen after a : and up to a final ". so for example..... "ev... by jacqu3sy Path Finder in Splunk Search 10-31-2017 0 1	0	1
Real-time inner join I have data that looks like this: I would like to join it in such a way to make it look like this: This must work ... by eroffol Path Finder in Splunk Search 10-31-2017 0 3	0	3
I want to split a field into two different fields for comparison split at whitespace I want to split a field into two different fields for comparission, my data is in the format: address= 5555 xxxxx yyy... by jaleelahmed94 New Member in Splunk Search 10-31-2017 0 3	0	3
Splunk search slowness and crashes We have Splunk version 6.5.2 installed back in March 2017. We are observing a problem related to slowness listing ob... by rbathla New Member in Splunk Search 10-31-2017 0 3	0	3