Splunk Search

Community Activity

Creating an If statement in Search with max() function inside Here's what I have below. I'm trying to do unit conversion and the unit trails in the string (ex. 127 KiB). Any ideas... by aracer Engager in Splunk Search 07-27-2017 0 9	0	9
Converting time in Time token to limit results till a particular date I need to create a panel in dashboard which gives me list of activities till 23rd July 2017. Now, I don't want the st... by pushpender07 Explorer in Splunk Search 07-27-2017 0 8	0	8
How to comparing 2 date fields and create a third with the difference Event_Reported_Time Comment_Date Diff 7/21/2016 7/22/2016 1 7/24/2016 ... by ajdyer2000 Path Finder in Splunk Search 07-27-2017 0 2	0	2
I need help with my search query I have the follow search query: sourcetype=linux_secure source="/var/log/*" "su: (" \| eval Date=strftime(_time, "%Y... by jcorkey Explorer in Splunk Search 07-27-2017 0 7	0	7
logs are missing from specific period in splunk For example , i have a sourcetype=abc and data in splunk started missing for this sourcetype from past week . Can i p... by kteng2024 Path Finder in Splunk Search 07-27-2017 0 1	0	1
How to remove a field from a visualization, but not remove it from search results? I have search results like this: Host---------------Description------------ EventSize 127.0.0.1----------Prod DB----... by ronekarleone Explorer in Splunk Search 07-27-2017 0 10	0	10
Change field to arbitrary value following a regex match using props.conf and transforms.com I have two firewall devices that log their activities in different formats. I'm trying to create CIM compliant logs. ... by mjmayer Explorer in Splunk Search 07-27-2017 0 3	0	3
How can we run searches based on token value? I have two different searches and i want to run those searches based on the token. if any value is set for that toke... by goyals05 Explorer in Splunk Search 07-27-2017 2 3	2	3
How to use regex to extract field? HI How to extract the field with space using regex? name: T11345DDF ERROR T11345SSDF Volume C values: 123455-253355... by kiran331 Builder in Splunk Search 07-27-2017 0 3	0	3
Repetive queries of LARGE indexes We have an environment that indexes approximately 600GB / day. I have been tasked with creating queries that correl... by tlmayes Contributor in Splunk Search 07-27-2017 0 3	0	3
What is historical data? While researching exchanging licenses between servers I came across "Historical Data." What is historical Data? by obiloki New Member in Splunk Search 07-27-2017 0 1	0	1
Can a lookup be used for renaming a field name? Trying to figure out if can rename field names using lookup and CSV file. Something like this: index=main d_name="*"... by simpkins1958 Contributor in Splunk Search 07-27-2017 0 6	0	6
Lookup in the Index Time Hi, I have a file coming from the source ( UF ) in which I am getting two fields ( IP and PORT ) , Now I have a loo... by abhayneilam Contributor in Splunk Search 07-27-2017 0 3	0	3
Two multivalue fields needed Hi - I need to extract two multivalue fields from each event. Let's say the strings are "AAA-" and "BBB-". Each strin... by wkassel New Member in Splunk Search 07-27-2017 0 3	0	3
How to replace values without using a join I am using a join, but is there a better way to replace values? I have the following table. (NICKNAME + Human_Name_N... by robertlynch2020 Influencer in Splunk Search 07-27-2017 0 4	0	4
Searching events within a time range from csv file My search operation consists of two parts Part 1: This job runs every 6 hours and keeps appending to the results obt... by tareddy Explorer in Splunk Search 07-27-2017 0 4	0	4
Why am I getting an eval command error "The arguments to the match function are invalid"? I would like to create a new panel in my Dashboard and I am using the following search string: index=$index$ eventId... by Taner Engager in Splunk Search 07-27-2017 0 5	0	5
Splunk has to segregate the Logs when we imported. Hi I need to segregate the logs which we imported splunk. Ex:- I want to extract the logs by using the word error a... by riyaz551 New Member in Splunk Search 07-26-2017 0 4	0	4
How to automatically remove extraneous characters from field value? Splunk is automatically (and correctly) extracting a user field/value in a particular set of logs, I'm looking for a ... by hcannon Path Finder in Splunk Search 07-26-2017 0 4	0	4
Plot the average of a field across all locations and have it as an overlay on a chart with the count of a field across a specific location I am trying to do a timechart on the number of rows on a particular location as shown below. Pivot Query \| search l... by ahallak2016 Explorer in Splunk Search 07-26-2017 0 4	0	4
How to generate a search to find the number of created accounts? Hi, I'm trying to run a search that alerts me when 40 accounts is created within 1 minute. I'm talking about linux u... by wvalente Explorer in Splunk Search 07-26-2017 0 2	0	2
Two index related inquiries I now have two index needs related inquiries, which indexB the B field is a subset of A field of indexA, how do I cha... by kulo Engager in Splunk Search 07-26-2017 0 13	0	13
Joining Two Sources Hi, i was using data from 2 different sources, and joining with join key word, my question is when i want to display... by raghu0463 Explorer in Splunk Search 07-26-2017 0 2	0	2
How to extract fields from json and apply stats to plot a bar graph? I have JSON formatted data in event as below: { "stats": [ {"name":"Facebook", "count":50}, {"name":"yahoo", "count"... by sohaibomar Explorer in Splunk Search 07-26-2017 0 1	0	1
what is best way to modify data before ingesting to Splunk Hi, I am injesting some data to splunk and in my data there is no unique field to sperate different rows. So I am th... by AKG1_old1 Builder in Splunk Search 07-26-2017 0 5	0	5