Splunk Search

Community Activity

Can anyone tell me why Splunk is throwing this error when using the foreach command? \| foreach V* [eval PAC<<MATCHSTR>>=<<FIELD>>-Voice], \| foreach PAC* [eval <<FIELD>>=if(<<FIELD>> < 0, -<<FIELD>>, 0)... by nkankur Path Finder in Splunk Search 11-03-2017 0 2	0	2
I need a way to make a lookup conditional I have two lookup tables. Both contain a set of userid's. The first lookup returns a name and department for 80% of ... by bdh5574 New Member in Splunk Search 11-02-2017 0 2	0	2
How do I return fields that do not have a corresponding value in another field? I am running the following search: index="malwarebytes" sourcetype=malwarebytes NOT threat_name=pu* \| lookup ip_cid... by jwalzerpitt Influencer in Splunk Search 11-02-2017 0 7	0	7
How can I do a sum of count for if statement? When I do a stats count by a specific column. The count for each of them work. Here is the picture: But when I act... by tamduong16 Contributor in Splunk Search 11-02-2017 0 4	0	4
Quest ChangeAuditor Hi, I am wondering if anyone have already user Splunk for Quest ChangeAuditor, I know by searching through google tha... by agonist_inhaler Explorer in Splunk Search 11-02-2017 0 3	0	3
Extract Text from logs Below is my log, CustomItemContainerGenerator.GenerateNextLocalContainer: Node is not the current one. in Xceed.Wpf.... by ppanchal Path Finder in Splunk Search 11-02-2017 0 10	0	10
Adding Python Module to Splunk Hello, I am trying to add the active_directory module to Splunk Python so I can query OU's for specific users to pas... by kholleran Communicator in Splunk Search 11-02-2017 3 6	3	6
How to subtract Field value on the basis of other rows with same ID As per the below screenshot, If User made one request then in that request we have two calls (mentioned below), Every... by Jayanthapoojary New Member in Splunk Search 11-02-2017 0 1	0	1
How to compare all time average of a field value vs average for specified time range Trying to combine in a single table the all time average of a field value (data feed start is 10/19) vs its average f... by christopheryu Communicator in Splunk Search 11-02-2017 0 4	0	4
Replace Function when used in token eval does not behave as in search I simply wish to prove that point since it wasn't quite established in the several topics I have read about this prob... by gdiogo Explorer in Splunk Search 11-02-2017 0 2	0	2
Can a transaction command retrieve results outside the select date/time range I am using a transaction command to correlated web requests and responses which arrive as different events. The sear... by jpcontrerasadit Explorer in Splunk Search 11-02-2017 0 2	0	2
How to get time difference between Oct 19 10:35:54 and 1d 0h:00m:05s or 3h:29m:09s formats? Hello, I am trying to calculate difference between Disconnected_time Duration Oct 19 10:35:54 1d 0h:... by sandeep2679 New Member in Splunk Search 11-02-2017 0 7	0	7
How can I calculate column differences when column names are unknown? My datasource is a json structure which will include the following on each record: { "metrics": [ {"name":"MetricNa... by c_wsleem New Member in Splunk Search 11-02-2017 0 3	0	3
extract string from existed field value and put that string in under new field anme Hi Splunkers, I have pre-existed field know as "source" whose values are 1> /var/tomcat/instance15/logs/catalina.... by kannu Communicator in Splunk Search 11-02-2017 0 4	0	4
How to extract timestamp from XML Hi! Find same issue but Unfortunatelly doesn't work for me. <?xml version="1.0" encoding="utf-8" ?> <DynavisionXML v... by yurykiselev Path Finder in Splunk Search 11-02-2017 0 3	0	3
How to create a custom table? Hello, I want to create a table similar to the picture below, I have tried the table command but I can't seem to mak... by jannsenagustin New Member in Splunk Search 11-02-2017 0 2	0	2
I am trying to subtract one column from another and want to do it for other columns as well by using foreach My data is like this Column1 Column2 Column3 Total I am using the below command \|foreach Column* [ eval Answer <> = ... by nkankur Path Finder in Splunk Search 11-02-2017 0 7	0	7
How to invoke a temporal lookup at a search-time? Hi there, I've got temporal lookup that is defined in transforms.conf as: [lookup_time] filename = lookup_time.csv... by iKate Builder in Splunk Search 11-02-2017 3 1	3	1
Custom Search Command Fails to Return Results Hello, I created a custom search command that queries an external service and returns a set of results using the v2 ... by caseyra Explorer in Splunk Search 11-01-2017 1 21	1	21
Regex help! Want to start after the \ and collect the user name that follows I want to start after the \ and collect the user name but the user name is in delimited format (.) field name = User... by johnward4 Communicator in Splunk Search 11-01-2017 0 8	0	8
HTTP Event Collector: why my fields are not searchable? I'm adding fields in my json format data like, below. The issue is, the search "index=myHEC *" returns data but "inde... by sylim_splunk Splunk Employee in Splunk Search 11-01-2017 1 1	1	1
how to display a list of hosts which satisfies a condition? I have a query as follows \| metadata type=hosts \| search [\| inputlookup ABCD.csv \| eval Device=mvindex(split(Device... by pavanae Builder in Splunk Search 11-01-2017 0 3	0	3
Use of _indextime field in table or stats command Hi All How can I use _indextime field in table or stats command without renaming or converting it. Not working Ex: ... by rakshithreddy Explorer in Splunk Search 11-01-2017 1 9	1	9
Finding Unique Pairs of Data in Interchangeable Fields Hi folks, I'm parsing Cisco Callmanager call detail records in our splunk system and I'd like to see which pairs of t... by lboro_garyp Path Finder in Splunk Search 11-01-2017 0 2	0	2
Eval Case Statement not working Not sure why the below is not working. index=www_kinesis rtData.tag=pageviewTag \| eval marketing_channel=case(rt... by lorellpascual New Member in Splunk Search 11-01-2017 0 1	0	1