Splunk Search

Community Activity

Error in 'where' command: The 'in' function is unsupported or undefined. Hi I tried to search as below, with where in(VALUELIST) function as described in: http://docs.splunk.com/Documentatio... by leonjxtan Path Finder in Splunk Search 10-04-2017 0 6	0	6
Splunks equivalent to the SQL "IN" () function I'm trying to create a search form that can take a comma separated list. In sql I would use the 'IN' command. If the... by marquiselee Path Finder in Splunk Search 10-04-2017 0 4	0	4
How to find common packages installed on many hosts? I am indexing rpm -qa outputs and want to find all of the packages that are common throughout my infrastructure. Th... by Simeon Splunk Employee in Splunk Search 10-04-2017 1 2	1	2
How do I get my rex search to extract a string between two strings from a sample below and concat it with the fixed string "751." Example1 Input: 352322648-1112 : D_SSPP-HNW_SD-AVI Output i want : "751.1112" Example2 Input: 335587620-43300 ... by Veeruswathi Explorer in Splunk Search 10-04-2017 1 2	1	2
Join with "eventstats" on a non unique field Hello there, I have 2 indexes [customer_id, datetime] and [customer_id, date_of_creation, motive] with a common fiel... by kcollori Explorer in Splunk Search 10-04-2017 0 3	0	3
Use query results from one panel as input to query on another panel on the same Dashboard Hi, Sorry if I am duplicating question here but I could not find an answer in the other posts that matched my scenar... by nmulm Explorer in Splunk Search 10-04-2017 2 2	2	2
Average time between two jobs. Hi, Here is my search query; index=* sourcetype="WMI:WinEventLog:Application" SourceName="Investran RS Word Process... by carlyleadmin Contributor in Splunk Search 10-04-2017 0 19	0	19
Applying Field Extractions across similarly named servers Hey Gang, Here are the basics: We are running Splunk Enterprise 6.5.1. I have a distributed architecture that has ... by mgranger1 Path Finder in Splunk Search 10-04-2017 0 3	0	3
Best Methods to Improve Performance of Dashboard I have a dashboard with ~38 panels with 2 joins per panel. I'm curious what is the most costly for Splunk performance... by katzr Path Finder in Splunk Search 10-04-2017 0 6	0	6
How can I remove colons in a field value Hi there, I wanna remove colons in a field value like a MAC Address. I have a field MAC like mac="E8:11:32:31:33:B... by superhm Explorer in Splunk Search 10-04-2017 1 10	1	10
Can't get tag to work I have a dashboard with several prebuilt panels and several non-prebuilt panels. At the top of the form I have: <in... by madkins23 New Member in Splunk Search 10-04-2017 0 1	0	1
How to search the names of triggered alerts, their trigger time, and the events that triggered them? Hi guys, I have a problem with the triggered alerts and I really need your help! Now, I have some alerts working gr... by LuiesCui Communicator in Splunk Search 10-03-2017 1 9	1	9
Trigger alert for stats query when events are null Hello, scheduling an alert to notify me what my current license usage is and I can't get it to trigger since the eve... by santiagn Path Finder in Splunk Search 10-03-2017 0 10	0	10
how can i get details with both span 10m and 30 m with dedup _time. I have one Search Query . (index=indexname earliest=1499819400 latest=1499848200 \| where Tag="Tagname" \|bin _time sp... by harishalipaka Motivator in Splunk Search 10-03-2017 0 6	0	6
Empty result subsearch in eval/case I am trying to eval a new field based on matching several sub searches. The issue is that these sub searches can pote... by csocha New Member in Splunk Search 10-03-2017 0 3	0	3
Create a new row to the table which is the sum of existing rows How to have an additional row on the top which basically adds up the sum of below rows of the table The consuming_ap... by amargovindan New Member in Splunk Search 10-03-2017 0 2	0	2
Can I use strftime to compare relative times? Hello, I received help in building a search of mine, and I cannot figure out the syntax of comparing the time. I nee... by katzr Path Finder in Splunk Search 10-03-2017 0 2	0	2
Another regex Hi, I have this data 10.210.192.15 - - [02/Oct/2017:19:59:59 -0400] "GET /rest/icontrol/sites/278318/eventsByDay?st... by dbcase Motivator in Splunk Search 10-03-2017 0 3	0	3
How can I extract fields as an array? Dear friends, I have one event in my log file that my user want to extract fields as an array. The event is: Reques... by GersonGarcia Path Finder in Splunk Search 10-03-2017 0 1	0	1
Historic average of last 30 days I have a type of event that happens about 20 times a day. Each event carry a numeric value. Meaning is found in the s... by JeusTheHun New Member in Splunk Search 10-03-2017 0 8	0	8
Need help on predict command usage in graph I have a trend graph that shows some data then its predicting out that data a couple days forward. However, The predi... by kdimaria Communicator in Splunk Search 10-03-2017 0 4	0	4
Comparing results from three separate events Forgive my ignorance if this has been answered elsewhere, I did my best to search for an answer but have not found it... by venomousmoose Engager in Splunk Search 10-03-2017 0 3	0	3
How do I get the outer values in a transaction that has repeated startswith endswith parameters? Hi there, I've been trying to solve an issue I have when using transactions. Here's an example of the logs I am work... by nmulm Explorer in Splunk Search 10-03-2017 0 2	0	2
comparing min, max and avg of a field by host and application Hi All, I have been working on a search query but couldn't able to get desired results. I'm looking for a search ... by guru865 Path Finder in Splunk Search 10-03-2017 0 11	0	11
Can we use same property names (say "[setnull]","[setparsing]") defining the event data filtering criteria , in two different apps (having different filtering criteria) residing on same server ? I have two clustered environments consisting of 3 SH,3 Indexers and 1 HWF each running on Splunk 6.4.1.I need to filt... by jincy_18 Path Finder in Splunk Search 10-03-2017 0 2	0	2