Splunk Search

Community Activity

Eval Case Statement not working Not sure why the below is not working. index=www_kinesis rtData.tag=pageviewTag \| eval marketing_channel=case(rt... by lorellpascual New Member in Splunk Search 11-01-2017 0 1	0	1
Comparing Two Lookup Files I have two lookup files: 1) vulnerability results and 2) asset information. I want to take the vulnerability results,... by cgalligan Explorer in Splunk Search 11-01-2017 0 1	0	1
Extract year from filename I have some old syslog files to index. I'm trying to extract year from the filename and month, day, time from events ... by C_HIEN Path Finder in Splunk Search 11-01-2017 0 4	0	4
How to convert time stamp? Hi, How to convert the seconds in to days, hours, sec? Any suggestions ? for eg: I have a sec field to convert to... by kiran331 Builder in Splunk Search 11-01-2017 1 4	1	4
How to find the most searched index in splunk? Hello, How to find the most searched index in splunk? This would help us to increase the hot/warm buckets for them.... by sim_tcr Communicator in Splunk Search 11-01-2017 0 4	0	4
Can you limit events to the max numerical value of a given field by the unique value of another field? I am trying to limit my search results to events that contain the highest numerical value of a given field (vulnerabi... by andrewgbennett3 New Member in Splunk Search 11-01-2017 0 3	0	3
Compare search field to similar field in lookup1 then compare to field in lookup2 Hi i'm having trouble trying to to do the following: I have a search which pulls the event_id, which i would like to... by becksyboy Contributor in Splunk Search 11-01-2017 0 2	0	2
Is eventstats a "Distributable" command ? Hi All, I am trying to improve my run time for a large search and i need some help to identify whether eventstats is... by KarunK Contributor in Splunk Search 11-01-2017 0 4	0	4
Best way to manage extra field from raw log I imported some custom log for file auditing. each log message is very long, it has 7 type of messages. To normalize ... by samlinsongguo Communicator in Splunk Search 11-01-2017 0 1	0	1
Regex for multiline events How do I configure regex to get only test after each line's : in the following log? I have a log file containing ev... by melonman Motivator in Splunk Search 10-31-2017 2 9	2	9
Bullet chart still supported in Splunk? Hello, I would like to use the "Bullet"-Chart of the jQuery Sparkline plugin from omnipotent.net/jquery.sparkline/#... by splunkbeginner2 Path Finder in Splunk Search 10-31-2017 0 3	0	3
Filtering on multiple fields based on a stats subsearch I have multiple log sources that are appended on a daily basis. All rows in one refresh have same epoch time. I would... by saboobaker New Member in Splunk Search 10-31-2017 0 3	0	3
How to apply regex to a field in lookup file? I have a lookup file query as follows \| inputlookup ABCD.csv which displays the results as follows Host efgh ijkl... by pavanae Builder in Splunk Search 10-31-2017 0 1	0	1
Use subsearch result as filter I have 2 indexes. 1 index has the price with product code Another index has product code and product name the subsea... by kennethyeung New Member in Splunk Search 10-31-2017 0 7	0	7
OR not working properly Hi, I tried to run a report on multiple number from a specific field named "finalCalledPartyNumber" using the OR oper... by lcharpentier New Member in Splunk Search 10-31-2017 0 4	0	4
Why doesn't dbquery as a subsearch produce expected results? I'm having problems with getting a dbquery command to filter the results of a search. When I run this search : \| db... by NigelCooke Explorer in Splunk Search 10-31-2017 0 4	0	4
Count of values per column I have a table like this that is generated by a \| stats values(value1) values(value2) values(value3) values(value4) b... by tawollen Path Finder in Splunk Search 10-31-2017 0 2	0	2
Regex to extract between these two characters, : and " Hi, Can anyone help with a regex to extract the string seen after a : and up to a final ". so for example..... "ev... by jacqu3sy Path Finder in Splunk Search 10-31-2017 0 1	0	1
Real-time inner join I have data that looks like this: I would like to join it in such a way to make it look like this: This must work ... by eroffol Path Finder in Splunk Search 10-31-2017 0 3	0	3
I want to split a field into two different fields for comparison split at whitespace I want to split a field into two different fields for comparission, my data is in the format: address= 5555 xxxxx yyy... by jaleelahmed94 New Member in Splunk Search 10-31-2017 0 3	0	3
Splunk search slowness and crashes We have Splunk version 6.5.2 installed back in March 2017. We are observing a problem related to slowness listing ob... by rbathla New Member in Splunk Search 10-31-2017 0 3	0	3
Is there a way to determine what are my most expensive field extractions? All, How can I determine which search time field extractions are my most costly? by daniel333 Builder in Splunk Search 10-31-2017 1 1	1	1
急に全てのサーチが遅くなりました 6.5.2を使っていますが、昨日まで速く実行できたサーチでも、今日になって急に遅くなりました。事象の特定としては、 1. サーチは、どのユーザから実行しても遅くなっている。 2. ブラウザのキャッシュを削除してからでも、サーチは遅い... by cwl Contributor in Splunk Search 10-31-2017 0 1	0	1
What's the best way to compare data in two different environments with outputlookup? Hallo splunk users, What is the best way to compare the same data in two different environments (producktion and la... by AydinCan Loves-to-Learn Lots in Splunk Search 10-31-2017 0 4	0	4
how to migrate my saved searches/dashboard/apps from non-cluster to a cluster? I have single Splunk instance and would like to migrate to a new search head cluster and the index cluster. I have... by danielwan Explorer in Splunk Search 10-31-2017 0 1	0	1