Splunk Search

Community Activity

Extract Text from logs Below is my log, CustomItemContainerGenerator.GenerateNextLocalContainer: Node is not the current one. in Xceed.Wpf.... by ppanchal Path Finder in Splunk Search 11-02-2017 0 10	0	10
Adding Python Module to Splunk Hello, I am trying to add the active_directory module to Splunk Python so I can query OU's for specific users to pas... by kholleran Communicator in Splunk Search 11-02-2017 3 6	3	6
How to subtract Field value on the basis of other rows with same ID As per the below screenshot, If User made one request then in that request we have two calls (mentioned below), Every... by Jayanthapoojary New Member in Splunk Search 11-02-2017 0 1	0	1
How to compare all time average of a field value vs average for specified time range Trying to combine in a single table the all time average of a field value (data feed start is 10/19) vs its average f... by christopheryu Communicator in Splunk Search 11-02-2017 0 4	0	4
Replace Function when used in token eval does not behave as in search I simply wish to prove that point since it wasn't quite established in the several topics I have read about this prob... by gdiogo Explorer in Splunk Search 11-02-2017 0 2	0	2
Can a transaction command retrieve results outside the select date/time range I am using a transaction command to correlated web requests and responses which arrive as different events. The sear... by jpcontrerasadit Explorer in Splunk Search 11-02-2017 0 2	0	2
How to get time difference between Oct 19 10:35:54 and 1d 0h:00m:05s or 3h:29m:09s formats? Hello, I am trying to calculate difference between Disconnected_time Duration Oct 19 10:35:54 1d 0h:... by sandeep2679 New Member in Splunk Search 11-02-2017 0 7	0	7
How can I calculate column differences when column names are unknown? My datasource is a json structure which will include the following on each record: { "metrics": [ {"name":"MetricNa... by c_wsleem New Member in Splunk Search 11-02-2017 0 3	0	3
extract string from existed field value and put that string in under new field anme Hi Splunkers, I have pre-existed field know as "source" whose values are 1> /var/tomcat/instance15/logs/catalina.... by kannu Communicator in Splunk Search 11-02-2017 0 4	0	4
How to extract timestamp from XML Hi! Find same issue but Unfortunatelly doesn't work for me. <?xml version="1.0" encoding="utf-8" ?> <DynavisionXML v... by yurykiselev Path Finder in Splunk Search 11-02-2017 0 3	0	3
How to create a custom table? Hello, I want to create a table similar to the picture below, I have tried the table command but I can't seem to mak... by jannsenagustin New Member in Splunk Search 11-02-2017 0 2	0	2
I am trying to subtract one column from another and want to do it for other columns as well by using foreach My data is like this Column1 Column2 Column3 Total I am using the below command \|foreach Column* [ eval Answer <> = ... by nkankur Path Finder in Splunk Search 11-02-2017 0 7	0	7
How to invoke a temporal lookup at a search-time? Hi there, I've got temporal lookup that is defined in transforms.conf as: [lookup_time] filename = lookup_time.csv... by iKate Builder in Splunk Search 11-02-2017 3 1	3	1
Custom Search Command Fails to Return Results Hello, I created a custom search command that queries an external service and returns a set of results using the v2 ... by caseyra Explorer in Splunk Search 11-01-2017 1 21	1	21
Regex help! Want to start after the \ and collect the user name that follows I want to start after the \ and collect the user name but the user name is in delimited format (.) field name = User... by johnward4 Communicator in Splunk Search 11-01-2017 0 8	0	8
HTTP Event Collector: why my fields are not searchable? I'm adding fields in my json format data like, below. The issue is, the search "index=myHEC *" returns data but "inde... by sylim_splunk Splunk Employee in Splunk Search 11-01-2017 1 1	1	1
how to display a list of hosts which satisfies a condition? I have a query as follows \| metadata type=hosts \| search [\| inputlookup ABCD.csv \| eval Device=mvindex(split(Device... by pavanae Builder in Splunk Search 11-01-2017 0 3	0	3
Use of _indextime field in table or stats command Hi All How can I use _indextime field in table or stats command without renaming or converting it. Not working Ex: ... by rakshithreddy Explorer in Splunk Search 11-01-2017 1 9	1	9
Finding Unique Pairs of Data in Interchangeable Fields Hi folks, I'm parsing Cisco Callmanager call detail records in our splunk system and I'd like to see which pairs of t... by lboro_garyp Path Finder in Splunk Search 11-01-2017 0 2	0	2
Eval Case Statement not working Not sure why the below is not working. index=www_kinesis rtData.tag=pageviewTag \| eval marketing_channel=case(rt... by lorellpascual New Member in Splunk Search 11-01-2017 0 1	0	1
Comparing Two Lookup Files I have two lookup files: 1) vulnerability results and 2) asset information. I want to take the vulnerability results,... by cgalligan Explorer in Splunk Search 11-01-2017 0 1	0	1
Extract year from filename I have some old syslog files to index. I'm trying to extract year from the filename and month, day, time from events ... by C_HIEN Path Finder in Splunk Search 11-01-2017 0 4	0	4
How to convert time stamp? Hi, How to convert the seconds in to days, hours, sec? Any suggestions ? for eg: I have a sec field to convert to... by kiran331 Builder in Splunk Search 11-01-2017 1 4	1	4
How to find the most searched index in splunk? Hello, How to find the most searched index in splunk? This would help us to increase the hot/warm buckets for them.... by sim_tcr Communicator in Splunk Search 11-01-2017 0 4	0	4
Can you limit events to the max numerical value of a given field by the unique value of another field? I am trying to limit my search results to events that contain the highest numerical value of a given field (vulnerabi... by andrewgbennett3 New Member in Splunk Search 11-01-2017 0 3	0	3