Splunk Search

Community Activity

consequence of lookup command with or without OUTPUT parameter What is the difference between with or without using OUTPUT parameter in lookup command. by ankithreddy777 Contributor in Splunk Search 08-01-2017 0 2	0	2
Stats into timechart I'm running a query for a 1 hour window. I need to group events by a unique ID and categorize them based on another ... by wormfishin Engager in Splunk Search 08-01-2017 1 4	1	4
How to seperate status based on response time values ? I need only amber and severe but i am not getting any result base search\|eval responseTime=TransactionEndtime-Trans... by karthi2809 Builder in Splunk Search 08-01-2017 0 2	0	2
how to connect one outpulookup to another outputlookup \| inputlookup kv_adani \| where (tag="CHP.Device1.C1 BELT VW" ) \| eval _time=tagtime \|dedup _time\| stats max(_time) a... by mintucs New Member in Splunk Search 08-01-2017 0 3	0	3
Joining two events by common field I'm trying to sum a count from one event and group all of these summations by another events unique ID. The two event... by jl19 Explorer in Splunk Search 08-01-2017 0 4	0	4
How do I check if a field contains text and return the "source" if it doesn't? My current search (below) returns 3 results that has a field called "import_File" that contains either the text "Acco... by griffinpair Path Finder in Splunk Search 08-01-2017 0 5	0	5
How do I get Timechart to start on a specific day of the week I have a collection of log data in an index and for the purposes of this discussion _time has the value I want. When ... by mumblingsages Path Finder in Splunk Search 08-01-2017 0 8	0	8
I want to obtain IP addresses that is not duplicated. I want to get IP addresses that is not duplicated There is two example search that A and B. A search is index=AV ... by superhm Explorer in Splunk Search 08-01-2017 0 4	0	4
Different distinct count for stats and timechart (same time interval) Hello, For same base query I am getting different distinct count result in timechart and stats for same time range (... by hemendralodhi Contributor in Splunk Search 07-31-2017 0 5	0	5
ports for communication at indexer ,heavy forwarder Hi There, Can i please know the ports to be opened for heavy forwarder , indexer , universal forwarder ? by kteng2024 Path Finder in Splunk Search 07-31-2017 0 3	0	3
serverclass.conf whitelist regex issue: \w{3}SALTSIP\d{1,2} Hello, Does anybody see something wrong with this regex ? \w{3}SALTSIP\d{1,2} When testing against my host lis... by sylbaea Communicator in Splunk Search 07-31-2017 0 2	0	2
Tracking a transaction where the ID changes part way through I'm attempting to track a mule transaction where the correlation ID changes part way through the request, I would nor... by Lgo Explorer in Splunk Search 07-31-2017 0 2	0	2
Need help correlating different events to meet an ultimate condition I have these three different searches: A search to display when users create a new user account A search to display ... by jcorkey Explorer in Splunk Search 07-31-2017 0 2	0	2
How append will act if the first search return nothing? I want to search for a phone number among multiple indexes and I use append to combined the result together but what ... by bagir32 Explorer in Splunk Search 07-31-2017 0 7	0	7
How to Filter on Null Values? Hello, I am trying to filter on null values for the field called Device. None of the following searches below work- c... by katzr Path Finder in Splunk Search 07-31-2017 1 3	1	3
How to predict a 4th value based on 1,2,3 values in splunk machine learning tool kit i have been asked to give the 4th value as well to predict 4th value. In my case I don't have the 4th value. How to predict a 4th value based on 1,2,3 values in splunk machine learning tool kit i have been asked to give the 4t... by nsriram New Member in Splunk Search 07-31-2017 0 1	0	1
How to edit my search that looks over the last 7 days but displays each day? I have been asked by Legal to get login logoff time for colleagues with in certain time frames usually very specific ... by Sarmbrister Path Finder in Splunk Search 07-31-2017 0 4	0	4
Search with input lookup Hi Team, Need Help on run search checking server live or not using lookup boxdata box_env box_live_state box_locat... by harsush Path Finder in Splunk Search 07-31-2017 0 9	0	9
How do you create 2 variables Y axis column chart? Hello, I want create a column chart with 2 y-axis variables (AP and FP). I want AP to be the number of bars on the X ... by nyasharashad59 Explorer in Splunk Search 07-31-2017 0 4	0	4
How do I extract the second from _time? How do I find whether the time stamp of an event covers a specific second within a day? So, we need to identify all t... by ddrillic Ultra Champion in Splunk Search 07-31-2017 0 5	0	5
evaluate values from two different lookups I have a lookup file assignment_schedule containing below sample data assignment_group task_order schedule ... by bic Explorer in Splunk Search 07-31-2017 0 4	0	4
Joining with two unrelated tables I have two tables The first table has a list of Categories. The Second table has a list of Offices. Such as Categ... by aelliott Motivator in Splunk Search 07-31-2017 0 2	0	2
How to compare two field values and return a new field with a percent match between the two? I would like to compare two field values and return a new field with a percent match between the two. Current search... by grannnt New Member in Splunk Search 07-31-2017 0 2	0	2
Date Conversion Hi, How to convert this SQL statement to SPL pls select DateDiff(day, ga.Initial_L1_Decision_Date, Close_date) as [... by raghu0463 Explorer in Splunk Search 07-31-2017 0 4	0	4
How to find a specific user in an Active Directory lookup using ldapsearch command? I have the following ldapsearch \| ldapsearch domain="PROD" search="(&(objectClass=group)(cn=DSMS Operations))" \| ta... by pfabrizi Path Finder in Splunk Search 07-31-2017 0 6	0	6