Splunk Search

Community Activity

Use lookup table values as a input for search query and display lookup table values with query manipulated fields Hi I have a lookup table with the field (indexname). I want to use each lookup table field (indexname) values as a i... by mala_splunk_91 Explorer in Splunk Search 09-06-2017 0 6	0	6
How to find previous releases using current release? Lookup file contains release number and its start date. The fields in lookup file are Release and Production (start d... by sangs8788 Communicator in Splunk Search 09-06-2017 0 7	0	7
Column to row conversion Hi friends I am facing an issue where I have to consolidate and convert the data from Column to rows. The sample dat... by gauravmishra15 Path Finder in Splunk Search 09-06-2017 1 2	1	2
How can we eliminate orphaned searches? We have orphaned searches we reassigned to our accounts but still see the messages every saying you have 11 orphaned ... by splunker969 Communicator in Splunk Search 09-05-2017 0 3	0	3
about removal duplication and lookup How to write such an SPL search statement two quetions: 1、on the Splunk Enterpirse ,how to remove duplicate data ... by xsstest Communicator in Splunk Search 09-05-2017 0 6	0	6
How to set column with default value if column key not exist? Hi guys I'm trying to create a statistic table for the data from jira. Each column has different severity for jira i... by hakusama1024 New Member in Splunk Search 09-05-2017 0 4	0	4
Link to a file in search results I have a zip file uploaded into Splunk. This zip file contains a files.csv file and some file attachments stored in f... by srinisub New Member in Splunk Search 09-05-2017 0 1	0	1
How do I use IF / THEN / AND in logic in a search? I'm trying to create some logic within my search, and it requires some IF THEN AND logic, which I know Splunk has the... by tmarlette Motivator in Splunk Search 09-05-2017 0 9	0	9
Need help with streamstats search -- need to display _time on x-axis. I have a requirement to display the count of data received over the last 7 days. I need to show the total with a dat... by lyndac Contributor in Splunk Search 09-05-2017 0 1	0	1
Common field in JSON array, two different hosts Hello, I have recently started using Splunk and I think I have made good progress getting to grips with the basics by... by TheFloorIsJava New Member in Splunk Search 09-05-2017 0 1	0	1
Does Splunk have an equivalent to SQL's IN () construct? I have an analyst who wants to find logs where the value of a field is in a list of values. In SQL we can do this by ... by andrewdotnich Explorer in Splunk Search 09-05-2017 7 5	7	5
I need to combine two results names into one So search command \| stats count by user \| want to rename or combine the two results into same name i.e. User ** ... by streetdoc123 New Member in Splunk Search 09-05-2017 0 7	0	7
Null value for each column data Is there a way I can use the foreach function to create a variables that will give me a 1 value for each null value ?... by jhayIV Engager in Splunk Search 09-05-2017 0 3	0	3
Create One Field Value from two indexes Hello, I have index=A with values from January-April with the field value called EmailA. I have another index with v... by katzr Path Finder in Splunk Search 09-05-2017 0 1	0	1
Show count 0 on tstats with index name for multiple indexes I have a search: \| tstats count WHERE earliest=-2d@-3h latest=now index=* by index, _time \| makecontinuous span=1h ... by mkarimi17 Path Finder in Splunk Search 09-05-2017 0 4	0	4
How do I create a stacked bar chart? by sathiyasun Explorer in Splunk Search 09-05-2017 0 3	0	3
Adding static vertical lines to a scatter plot Hello, right now I have a scatter plot of duration vs. size and i want to make 2 vertical lines at different values o... by rvs935 Engager in Splunk Search 09-05-2017 0 8	0	8
Regex help CCDSRiERRSTAFGRT\|\|FUNC\|\|u505\|\|PA1RA2M\|\|STCK\|Workflow: threat call workplace\|\|ATdT\|\|\|AC1CSED CCDSRiERRSTAFGRT\|\|FUNC\|\|u... by DataOrg Builder in Splunk Search 09-05-2017 0 12	0	12
Coloring a stats table value based on condition Hi ALL, I have this url URL ResponseTime /wcs/resources/store/10151/stor... by shabdadev Engager in Splunk Search 09-05-2017 0 2	0	2
Search help -- Display count if field is present in the output Hi Splunkers , Need help in creating the case statement. We are feeding the palo alto logs to the threat intelligen... by renjujacob88 Path Finder in Splunk Search 09-05-2017 0 1	0	1
What are my options to indicate that Splunk has modified an event in a particular way (for auditing purposes)? We all know about this stuff: https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/Anonymizedata Let's say ... by woodcock Esteemed Legend in Splunk Search 09-04-2017 1 1	1	1
How to show more than 50 events on a page in 6.x? Hi, In the image above, the selections are 10, 20 and 50 events per page. In 5.x, the flashtimeline.xml is editab... by davidpaper Contributor in Splunk Search 09-04-2017 6 16	6	16
Combine two searches using a lookup table index=“client_index” AND Event_Type 6152 \|eval new=substr(audit_filename, 16,14) \|eval ip=mvindex(split(new,”_”),0) \|... by troconn New Member in Splunk Search 09-04-2017 0 7	0	7
How do I write a search with a subsearch? Hey everyone, Trying to write a search to find Firewall allows by Previous Drops I am very new to Splunk (love it s... by jb1982 Path Finder in Splunk Search 09-04-2017 0 5	0	5
Stats cannot generate alerts? I am trying to generate alerts. I have a search query as index=abc-index host="XYZ123*" collection="AppServer:OrderT... by dban2005 New Member in Splunk Search 09-04-2017 0 4	0	4