Splunk Search

Community Activity

Is it possible to use a column from a .csv lookup file as a column in the results? So, I tried https://answers.splunk.com/answers/480296/how-to-add-an-additional-column-in-my-results-from.html?utm_sou... by chambern New Member in Splunk Search 09-27-2017 0 2	0	2
How do we find the first non-zero packet loss event? example dated newest to oldest : { "ip_address": "255.255.255.255","loss_pct": 0, "device_id": "ABC"} { "ip_address"... by mk197m New Member in Splunk Search 09-27-2017 0 2	0	2
Are function names case-sensitive? The following query did not return any results: ... \| stats count(EVAL(error_code=2000)) ... I had to use lower-ca... by pm771 Communicator in Splunk Search 09-27-2017 1 5	1	5
Merge two tables from two different sources i have a requirement to merge two tables table 1 appname \| source app1 \| src1 app2 \| ... by krrish0930 New Member in Splunk Search 09-27-2017 0 6	0	6
Custom Trigger Condition for alert if not specific destination IP I am attempting to create a custom trigger condition for the alert below that will only trigger if the dest_ip does n... by jrosecbt New Member in Splunk Search 09-27-2017 0 3	0	3
List of users accessing activesync index=exchange sourcetype=uag trunk="activesync2010" user="" returns a list of active sync users in the las... by jennjoe1 Explorer in Splunk Search 09-27-2017 0 2	0	2
Common Field in Two Different Indexes I have two indexes that I can successfully join via stats. However, both indexes have a common field named "STATUS".... by ryanprayacn Explorer in Splunk Search 09-27-2017 0 2	0	2
Can I use regex to remove a pipe character from a string? Hi All, I am having a problem with my search output. One of the results contains a pipe ( \| ) - E.g. bad_domain\|www... by MikeElliott Communicator in Splunk Search 09-27-2017 0 2	0	2
How can I reverse the x and y axes? current I have this search: ......\|\|addcoltotals \| table *_August_R \| reverse \| head 1 1_Ausgust_R,2_Ausgust_R,3_A... by kennethyeung New Member in Splunk Search 09-26-2017 0 2	0	2
How to calculate with multiple values in a table? I have few results which look like below in a table: ID Ask Bid 1 \| 4 \| 3 2 \| 5 ... by dailv1808 Path Finder in Splunk Search 09-26-2017 0 24	0	24
How do I edit my rex field=UEI mode=sed syntax to 'district' my sample URIs? As of now I am using: rex field=URI mode=sed "s/=[^?]+/=xxx/g" But its not working /v1/mb/members/15d628b4-0d113-0... by karthi2809 Builder in Splunk Search 09-26-2017 0 3	0	3
How can I run a search if a field contains the "\|" character? Hello, I need to count the event log line contains AAA\|Y\|42 but "\|" is the pipeline command so that I got error as... by hsu88888 Explorer in Splunk Search 09-26-2017 0 6	0	6
Why is my stats by command so slow and how can I speed it up for longer time intervals? I'm working on some statistics related queries. I'm trying to get the security id, date and count of hosts connected ... by timbCFCA Path Finder in Splunk Search 09-26-2017 1 6	1	6
Contingency Total Rows Hi I wonder whether someone may be able to help me please. Using an adapted solution from @woodcock I'm using the qu... by IRHM73 Motivator in Splunk Search 09-26-2017 0 6	0	6
How can I index the subjects of posts on a forum that is updated constantly without indexing duplicates? Hello! Here is what I'm trying to do: Index a particular section of a web page. This particular section is a foru... by agoktas Communicator in Splunk Search 09-26-2017 0 1	0	1
Can you help me clean up my search syntax so my results populate faster? The below query is used to return the Error distribution in 3 layers - Application, Dataservice & Queue for a time ra... by sangs8788 Communicator in Splunk Search 09-26-2017 0 1	0	1
Mask SSN on forwarder/Indexer? Tried this on both the Forwarder & indexer without success, what am i missing ? Log output SignUpState='3.30' SSN='... by Giggs New Member in Splunk Search 09-26-2017 0 5	0	5
Does Splunk have end of life support dates for Splunk 5.x and 6.x? Does Splunk have end of life support dates for Splunk 5.x and 6.x? Thank you, by rdowd Path Finder in Splunk Search 09-26-2017 1 2	1	2
How can I see the difference in a count for two different types of events by day? Hi, I would like to see the difference in a count for two different type of events per day. Currently I have it in t... by Esperteyu Explorer in Splunk Search 09-26-2017 0 1	0	1
Display percentage on pie charts in Splunk 6? how can I by default display % and label values on a pie chart in splunk 6? The only that I can get displayed are t... by jaj Path Finder in Splunk Search 09-26-2017 1 13	1	13
Search to compare deposits versus withdrawals in a specific time period I am trying to create a query that calculates the amount of money a person deposits within an hour and then compares ... by joeldavideng Path Finder in Splunk Search 09-26-2017 0 4	0	4
Is there a timechart legend limit? I have the following in a search \| timechart span=1h max(CPU%) AS "CPU", max(Memory%) as "MEM" by host If the numbe... by RVDowning Contributor in Splunk Search 09-26-2017 1 4	1	4
How can I put results of Windows updates results per host on a map by location? I have a query for Windows updates per host. But I NEED to put those on a map. Is it via ''geostats''???? index=* ho... by AROJ New Member in Splunk Search 09-26-2017 0 2	0	2
Why isn't my where clause working in this similar search? I want to run a search but can't figure out what's the difference when I make changes to it using the 'where' clause ... by pranaynanda Path Finder in Splunk Search 09-26-2017 0 2	0	2
timechart - show every week, even if there is no value Hi, I am creating a timechart and in some of my weeks I have no value for a field ("Number Of Lines"). I need the ti... by matansocher Contributor in Splunk Search 09-26-2017 0 2	0	2