Splunk Search

Community Activity

Route events to different indexes based on calculated field or lookup field Hello, I'm in a distributed/cluster scenario (SH, Indexers, ...) and would like to route events in different indexes... by gdigrego Path Finder in Splunk Search 08-03-2017 0 11	0	11
Grouping fields in a search: How do I apply conditional logic to the results to assign new values? I have a table that has UserID, device, and classification (1,2,3). A UserID can have multiple devices and a device c... by katzr Path Finder in Splunk Search 08-03-2017 0 1	0	1
How do I write a regex command that extracts the username and replaces the appending -*a with @company.com? I have a search query that finds users whose accounts have been locked out and then sends them an email saying so. Th... by sjcoluccio67 Explorer in Splunk Search 08-03-2017 0 1	0	1
Sparkline and a Timechart Table I'm attempting to add a Sparkline to my transposed, timechart statistics table. I read that sparkline only works for ... by jofermin Explorer in Splunk Search 08-03-2017 0 1	0	1
How to modify my search to add a column that sums CostPerDay field for each Feature field? Hello all, First thanks for the participation in this forum, many of your older solutions have helped greatly in my ... by gabarrygowin Path Finder in Splunk Search 08-03-2017 0 12	0	12
how copmare two table values in one visualisation charts? I have 2 tables with energy spent values by month of years, one for 2015 other for 2016. Can I put two table values i... by unsmoker New Member in Splunk Search 08-03-2017 0 1	0	1
Hide Panel Not Working Version 6.5 Hello, Hoping for some help with this. We have a Dashboard that was working, at least that's what I was told, one o... by g038123 Explorer in Splunk Search 08-03-2017 0 11	0	11
How to fetch FY columns based on current year I have a data set with columns FY15, FY16, FY17 and say FY18, now based on time of execution of query i need to fetc... by amitca New Member in Splunk Search 08-03-2017 0 4	0	4
Including inputlookup value in results Looking on advice on how to use a inputlookup table value as a raw search string and still be able to include that va... by mpuckettsc Explorer in Splunk Search 08-03-2017 1 4	1	4
What can I use if I need to check for multiple values of a field in my search I have a simple query like below, where I am looking for tickets created by a group of people and then passing it to ... by ayushdimri New Member in Splunk Search 08-03-2017 0 9	0	9
Speed up search using the following single index. I am working on creation of a dash board that consists of the following search and it does function and return the in... by slgizmo Explorer in Splunk Search 08-03-2017 0 11	0	11
what can be used in SPL for decalre variables in SQL . im trying to write spl for one of the sql quires which has like declare variables and CTE tables im bit confused what... by raghu0463 Explorer in Splunk Search 08-03-2017 0 13	0	13
Why does PREAMBLE_REGEX work on Windows Splunk but not Linux Splunk? Hello, I am currently using the following REGEX for PREAMBLE_REGEX in props.conf which works on Splunk 6.4.x running... by andrewtrobec Motivator in Splunk Search 08-03-2017 0 2	0	2
Set Field=Value when Field not present in some logs Hi all, I am running a search that in some cases has: Field=Values In other cases, Field is completely missing from... by bcarr12 Path Finder in Splunk Search 08-03-2017 0 3	0	3
Filter a Search by Field Value, using Rex Hi, I'm looking for a way to run one summary index search on all files of the same sourcetype, and then identify indi... by ctallarico20 Path Finder in Splunk Search 08-03-2017 1 2	1	2
Problem with my custom drill down source code My problem is that after I add my custom drilldown code and select an item in my results, it takes me to the specifi... by jcorkey Explorer in Splunk Search 08-03-2017 0 3	0	3
Regex help - IIS logs I'm an absolute Regex idiot. I'm sure this is easy if you know what you're doing. I have an IIS log file, which is w... by O2Anthony New Member in Splunk Search 08-03-2017 0 2	0	2
customerID percentage on a particular channelID based on specific event value I am running this query but not getting desired output. index=myapp sourcetype=log_source host="myhost" "Event*" A... by iqbalintouch Path Finder in Splunk Search 08-03-2017 0 10	0	10
show only fields values with alphanumeric value Hi, I have a field suser in my table, in that i have many values like Password Manager, Batcch , s4545 , Wb 5245 lik... by SathyaNarayanan Path Finder in Splunk Search 08-03-2017 0 2	0	2
Query to Display change in values of fields I trying to write a query to check the changes in versions of a software. When using timechart (stacked) I can see mu... by muralianup Communicator in Splunk Search 08-03-2017 0 5	0	5
Single Value - Displays differently when on Search and on Dashboard Hi fellow Splunkers. I have a scenario where my query that I want to show as a Single Value displays differently whe... by arielpconsolaci Path Finder in Splunk Search 08-03-2017 0 4	0	4
Chart field value over time Hi, I am very new to Splunk and I would like to make a graph that shows the average value of response_time over the t... by alebaffajp Engager in Splunk Search 08-03-2017 0 2	0	2
How can I search all the XML nested data? Dear all, I need to search all XML tagged data including nested data but I only get first data by a search command. ... by Mtakahashi Path Finder in Splunk Search 08-02-2017 0 7	0	7
Report on changes to a field over a specified time I would like to display a table of all occurrences of a change to the value of a field over a period of time. i.e. la... by bandit Motivator in Splunk Search 08-02-2017 2 7	2	7
How can we extract transaction id from an event and do a search to display all events having that transaction ID? I am fairly new to Splunk queries. I have below mentioned logs: INFO [HTTP-120]: 2017-08-02T18:00:03,157 - transac... by diliphg New Member in Splunk Search 08-02-2017 0 2	0	2