Splunk Search

Community Activity

How can I write a search that returns _time in 1-second intervals even when _time stamp doesn't match a value? Hello Guys, I have a column _time Ex Values (Suppose the search has 4 events here): 2017-08-11 12:06:51 2017-08-11... by patilsh Explorer in Splunk Search 08-11-2017 0 2	0	2
Can you help me write an eval case function search? I am looking for help with a case statement that looks for a field full load with a value of "running CDC only in fre... by rgarbac1 New Member in Splunk Search 08-11-2017 0 1	0	1
How to extract the fields using regex and props.conf at indexing time? Hello, How to use Regex in props.conf to extract the fields in the below sample event with source type "syslog". 08... by kiran331 Builder in Splunk Search 08-11-2017 0 3	0	3
What time modifiers do I use for earliest and latest for day before yesterday, 2 days before yesterday, 3 days before yesterday, and so on? For yesterday's results we give the earliest and latest as below earliest=-1d@d latest=@d Simillarly, what could b... by pavanae Builder in Splunk Search 08-11-2017 0 3	0	3
How to get the Maximum and Minimum time difference between the events I have events which are in this format, where the time in the event is the _time. 8/11/2017 1:26:17 PM\|Thread Id: 4... by ibob0304 Communicator in Splunk Search 08-11-2017 0 3	0	3
How to split stats results into single line item for each event Greetings, I'm trying to find when a user logs (or tries to log) into six different workstations over the course of ... by SplunkLunk Path Finder in Splunk Search 08-11-2017 0 2	0	2
Is there a way to create a hyperlink in a stats table to an external site? I am currently working on a Splunk query to look at Windows Defender data that has been allowed in the environment. ... by Sarmbrister Path Finder in Splunk Search 08-11-2017 0 4	0	4
How can I put multi-value fields as columns and put checks were they are present ? Hello everyone, I'm just beginning to use Splunk and iIwant to do this : I already tried this : index="****... by Charlotte94 New Member in Splunk Search 08-11-2017 0 3	0	3
Extracting rex field with a newly extracted rex field Below is the current search I have put together to extract a couple fields. The extraction of the ClientID from the s... by griffinpair Path Finder in Splunk Search 08-11-2017 0 5	0	5
How can I change the formatting of a Splunk table? Hi, I have a search - index=ABC sourcetype=XYZ \| stats values(user), dc(user) as usercount by region \| e... by pushpender07 Explorer in Splunk Search 08-11-2017 1 9	1	9
How can I join two huge datasets (millions of records) with different numbers of fields (and no timestamp)? Hi Splunkers, I have tried stats dc(sourcetype) as count by commonfield \| where count > 1. I assume this search is f... by thambisetty SplunkTrust in Splunk Search 08-11-2017 0 9	0	9
Latest Event by _indextime Hi Experts What is the best way to get first and last event by _indextime. I want to group by events based on transac... by vaibhavagg2006 Communicator in Splunk Search 08-11-2017 0 6	0	6
How to use _time in where clause with like I have to use a date filed fields.updated to filter records the I have to filter based on matching Year-Month as belo... by ankurborah Path Finder in Splunk Search 08-11-2017 0 1	0	1
How to find/tie earlier event field value to event that occurs later? Here are the Fields & possible values. pc_id {1234,5678,9012, etc.....}pc_connection {lan, wifi, mo... by bab4684 New Member in Splunk Search 08-11-2017 0 3	0	3
How can I group similar fields and count by field? I was wondering if is possible to group / filter based on a single field. Below is a field called user_agent for brow... by YTKme Engager in Splunk Search 08-11-2017 0 6	0	6
How to fetch data using rex command These are some below mentioned details which is present in splunk in exactly same format:- New Core 12 Month CTE (201... by m7787580 Explorer in Splunk Search 08-11-2017 0 5	0	5
How can I exract these error messages into one field? \|\| vasb05 \| PROD \| Availit \| \| 2017-08-11 08:54:01,420 \| ERROR \| http--10.100.108.48-8080-13 \| com.amerigroup.utilit... by karthi2809 Builder in Splunk Search 08-11-2017 0 2	0	2
Unable to configure Website Monitoring App Hi, I installed the Website Monitoring App. When I open the App, its taking me to the configuration page, I am unabl... by jagansrajan New Member in Splunk Search 08-11-2017 0 2	0	2
Grouping results with blank lines between each item in group Hi, Currently I am going through a logfile, grouping by source and displaying the errors for that source. It basical... by DanielWallace New Member in Splunk Search 08-11-2017 0 4	0	4
Convert YYYYMMDD number to DD.MM.YYYY format Hello, I am trying to convert a field value which contains a number in timeformat YYYYMMDD to DD.MM.YYYY I tried se... by ckunath Communicator in Splunk Search 08-11-2017 0 2	0	2
Extract both single-value and multivalue fields using rex I seem to be unable to comment on the similar questions, but as they haven't answered my question, here I go. With t... by jhuxley Engager in Splunk Search 08-11-2017 0 4	0	4
Eval Case Formula Hi, Struggling to complete an Eval Case syntax. I want to create a situation where I have a new field called provide... by jackreeves Explorer in Splunk Search 08-11-2017 0 5	0	5
LinkList switch using drilldown token from a table Hi, I have a linklist input, based on which some panels are getting enabled/disabled, link-switcher. What I am try... by nishantmishra21 Engager in Splunk Search 08-11-2017 0 1	0	1
How can I know if my heavy forwarder is processing the regex? Bonus: How can I check the memory and CPU consumption? Hi , I installed a heavy forwarder for regex processing a few source types, not for indexing. How can I know whether... by kteng2024 Path Finder in Splunk Search 08-10-2017 0 1	0	1
How to sort alphanumeric values? Hi, How can I sort the below alphanumeric values? From To ROBOT 1 ROBOT 1 ROBOT 10 ROBOT 2 ROBOT 2 RO... by auaave Communicator in Splunk Search 08-10-2017 0 6	0	6