Splunk Search

Community Activity

Lookup a value based on a position in the string field I have a string of status codes per component, something, like this: 0113000000000000000 To determine what this mean... by iaintealecapite Explorer in Splunk Search 08-04-2017 0 1	0	1
Get Day of Week from Created Date Field through extraction I have extracted a field from log files that is called file_Date and it is in the format "8/1/2017". How do get the d... by griffinpair Path Finder in Splunk Search 08-04-2017 0 4	0	4
How to create a sum of counts variable I have a query that ends with: \| eval error_message=mvindex(splited,0) \| stats count as error_count by error_message... by vshakur Path Finder in Splunk Search 08-04-2017 0 6	0	6
Need help editing my search string so it displays correctly on visualization chart Below is my search string: \| multisearch [search index="" host="" sourcetype="" user="" useradd "type=ADD_GROUP... by jcorkey Explorer in Splunk Search 08-04-2017 0 1	0	1
Two fields are not populating, not sure why Hello, For some reason my SEVERITY, and CATEGORY field aren't showing any value.. Can anyone see why? index=nessu... by rkaakaty Path Finder in Splunk Search 08-04-2017 0 11	0	11
Only show transactions that don't contain a certain value This may have been asked before, but I'm having trouble finding it. I have weblogs that I've sliced into transaction... by sfrazer Explorer in Splunk Search 08-04-2017 0 3	0	3
Why and when is Splunk differing between canceling and queuing searches? Hi, I'm wondering why (and when) there is a different handling when a lot of searches are running at the same time ... by HeinzWaescher Motivator in Splunk Search 08-04-2017 1 10	1	10
Lookup in column A, grab value from column B, compare to a field in search result and don't display if values match? Hey guys, I have a search that gives me a login from a country along with the user and the user's "work country". Un... by timm747747 Path Finder in Splunk Search 08-04-2017 0 3	0	3
_time field extraction I found that the _time field in my event was a bit unusual 19756;10;7;mik;security;2017-08-04 10:57:33;test（20170731... by kulo Engager in Splunk Search 08-04-2017 0 2	0	2
Multiple login from same source ip with dynamic source ip I am trying to implement security use case to detect Multiple login from same Source IP. Source IP is dynamic, every ... by gadepoonam Explorer in Splunk Search 08-03-2017 0 4	0	4
Values on the bar chart Can we add the values to the bar chart items that have been plotted? by vishmehra New Member in Splunk Search 08-03-2017 0 7	0	7
Combining search statements For each subject in the search sentence, the count number is displayed. In addition to the information currently bein... by honobe Explorer in Splunk Search 08-03-2017 0 2	0	2
How to make a search sentence For each subject in the search sentence, the count number is displayed. In addition to the information currently bein... by honobe Explorer in Splunk Search 08-03-2017 0 2	0	2
Route events to different indexes based on calculated field or lookup field Hello, I'm in a distributed/cluster scenario (SH, Indexers, ...) and would like to route events in different indexes... by gdigrego Path Finder in Splunk Search 08-03-2017 0 11	0	11
Grouping fields in a search: How do I apply conditional logic to the results to assign new values? I have a table that has UserID, device, and classification (1,2,3). A UserID can have multiple devices and a device c... by katzr Path Finder in Splunk Search 08-03-2017 0 1	0	1
How do I write a regex command that extracts the username and replaces the appending -*a with @company.com? I have a search query that finds users whose accounts have been locked out and then sends them an email saying so. Th... by sjcoluccio67 Explorer in Splunk Search 08-03-2017 0 1	0	1
Sparkline and a Timechart Table I'm attempting to add a Sparkline to my transposed, timechart statistics table. I read that sparkline only works for ... by jofermin Explorer in Splunk Search 08-03-2017 0 1	0	1
How to modify my search to add a column that sums CostPerDay field for each Feature field? Hello all, First thanks for the participation in this forum, many of your older solutions have helped greatly in my ... by gabarrygowin Path Finder in Splunk Search 08-03-2017 0 12	0	12
how copmare two table values in one visualisation charts? I have 2 tables with energy spent values by month of years, one for 2015 other for 2016. Can I put two table values i... by unsmoker New Member in Splunk Search 08-03-2017 0 1	0	1
Hide Panel Not Working Version 6.5 Hello, Hoping for some help with this. We have a Dashboard that was working, at least that's what I was told, one o... by g038123 Explorer in Splunk Search 08-03-2017 0 11	0	11
How to fetch FY columns based on current year I have a data set with columns FY15, FY16, FY17 and say FY18, now based on time of execution of query i need to fetc... by amitca New Member in Splunk Search 08-03-2017 0 4	0	4
Including inputlookup value in results Looking on advice on how to use a inputlookup table value as a raw search string and still be able to include that va... by mpuckettsc Explorer in Splunk Search 08-03-2017 1 4	1	4
What can I use if I need to check for multiple values of a field in my search I have a simple query like below, where I am looking for tickets created by a group of people and then passing it to ... by ayushdimri New Member in Splunk Search 08-03-2017 0 9	0	9
Speed up search using the following single index. I am working on creation of a dash board that consists of the following search and it does function and return the in... by slgizmo Explorer in Splunk Search 08-03-2017 0 11	0	11
what can be used in SPL for decalre variables in SQL . im trying to write spl for one of the sql quires which has like declare variables and CTE tables im bit confused what... by raghu0463 Explorer in Splunk Search 08-03-2017 0 13	0	13