Splunk Search

Community Activity

How to split stats results into single line item for each event Greetings, I'm trying to find when a user logs (or tries to log) into six different workstations over the course of ... by SplunkLunk Path Finder in Splunk Search 08-11-2017 0 2	0	2
Is there a way to create a hyperlink in a stats table to an external site? I am currently working on a Splunk query to look at Windows Defender data that has been allowed in the environment. ... by Sarmbrister Path Finder in Splunk Search 08-11-2017 0 4	0	4
How can I put multi-value fields as columns and put checks were they are present ? Hello everyone, I'm just beginning to use Splunk and iIwant to do this : I already tried this : index="****... by Charlotte94 New Member in Splunk Search 08-11-2017 0 3	0	3
Extracting rex field with a newly extracted rex field Below is the current search I have put together to extract a couple fields. The extraction of the ClientID from the s... by griffinpair Path Finder in Splunk Search 08-11-2017 0 5	0	5
How can I change the formatting of a Splunk table? Hi, I have a search - index=ABC sourcetype=XYZ \| stats values(user), dc(user) as usercount by region \| e... by pushpender07 Explorer in Splunk Search 08-11-2017 1 9	1	9
How can I join two huge datasets (millions of records) with different numbers of fields (and no timestamp)? Hi Splunkers, I have tried stats dc(sourcetype) as count by commonfield \| where count > 1. I assume this search is f... by thambisetty SplunkTrust in Splunk Search 08-11-2017 0 9	0	9
Latest Event by _indextime Hi Experts What is the best way to get first and last event by _indextime. I want to group by events based on transac... by vaibhavagg2006 Communicator in Splunk Search 08-11-2017 0 6	0	6
How to use _time in where clause with like I have to use a date filed fields.updated to filter records the I have to filter based on matching Year-Month as belo... by ankurborah Path Finder in Splunk Search 08-11-2017 0 1	0	1
How to find/tie earlier event field value to event that occurs later? Here are the Fields & possible values. pc_id {1234,5678,9012, etc.....}pc_connection {lan, wifi, mo... by bab4684 New Member in Splunk Search 08-11-2017 0 3	0	3
How can I group similar fields and count by field? I was wondering if is possible to group / filter based on a single field. Below is a field called user_agent for brow... by YTKme Engager in Splunk Search 08-11-2017 0 6	0	6
How to fetch data using rex command These are some below mentioned details which is present in splunk in exactly same format:- New Core 12 Month CTE (201... by m7787580 Explorer in Splunk Search 08-11-2017 0 5	0	5
How can I exract these error messages into one field? \|\| vasb05 \| PROD \| Availit \| \| 2017-08-11 08:54:01,420 \| ERROR \| http--10.100.108.48-8080-13 \| com.amerigroup.utilit... by karthi2809 Builder in Splunk Search 08-11-2017 0 2	0	2
Unable to configure Website Monitoring App Hi, I installed the Website Monitoring App. When I open the App, its taking me to the configuration page, I am unabl... by jagansrajan New Member in Splunk Search 08-11-2017 0 2	0	2
Grouping results with blank lines between each item in group Hi, Currently I am going through a logfile, grouping by source and displaying the errors for that source. It basical... by DanielWallace New Member in Splunk Search 08-11-2017 0 4	0	4
Convert YYYYMMDD number to DD.MM.YYYY format Hello, I am trying to convert a field value which contains a number in timeformat YYYYMMDD to DD.MM.YYYY I tried se... by ckunath Communicator in Splunk Search 08-11-2017 0 2	0	2
Extract both single-value and multivalue fields using rex I seem to be unable to comment on the similar questions, but as they haven't answered my question, here I go. With t... by jhuxley Engager in Splunk Search 08-11-2017 0 4	0	4
Eval Case Formula Hi, Struggling to complete an Eval Case syntax. I want to create a situation where I have a new field called provide... by jackreeves Explorer in Splunk Search 08-11-2017 0 5	0	5
LinkList switch using drilldown token from a table Hi, I have a linklist input, based on which some panels are getting enabled/disabled, link-switcher. What I am try... by nishantmishra21 Engager in Splunk Search 08-11-2017 0 1	0	1
How can I know if my heavy forwarder is processing the regex? Bonus: How can I check the memory and CPU consumption? Hi , I installed a heavy forwarder for regex processing a few source types, not for indexing. How can I know whether... by kteng2024 Path Finder in Splunk Search 08-10-2017 0 1	0	1
How to sort alphanumeric values? Hi, How can I sort the below alphanumeric values? From To ROBOT 1 ROBOT 1 ROBOT 10 ROBOT 2 ROBOT 2 RO... by auaave Communicator in Splunk Search 08-10-2017 0 6	0	6
Regex to return text over multiple lines Hello, I am trying to extract several lines of text using regex and whilst I can extract up to the first carriage re... by ahogbin Communicator in Splunk Search 08-10-2017 1 9	1	9
How do I use a value in an existing field to create a new field and assign output values? I'm trying to create a new field called TYPE, which is dependent on the word "summary" or "detail" appearing in the T... by ejohn Path Finder in Splunk Search 08-10-2017 0 15	0	15
Show hourly count as zero if no data found for all indexes I have a search: \| tstats count WHERE earliest=-2d@d latest=now index=* by index, _time \| makecontinuous span=1h _ti... by mkarimi17 Path Finder in Splunk Search 08-10-2017 0 2	0	2
Unable to get results for Splunk search after adding a field from the "interesting fields" list--why? I am unable to get any values for my search when I add a field from the interesting fields list. It is happening only... by rangineniarunku Explorer in Splunk Search 08-10-2017 0 2	0	2
How can I change the header so it displays the current date? Hi, I have a table output like below, OS Range1 Range2 Range3 Range4 AIX 10 ... by sbbadri Motivator in Splunk Search 08-10-2017 0 5	0	5