Splunk Search

Community Activity

logs are missing from specific period in splunk For example , i have a sourcetype=abc and data in splunk started missing for this sourcetype from past week . Can i p... by kteng2024 Path Finder in Splunk Search 07-27-2017 0 1	0	1
How to remove a field from a visualization, but not remove it from search results? I have search results like this: Host---------------Description------------ EventSize 127.0.0.1----------Prod DB----... by ronekarleone Explorer in Splunk Search 07-27-2017 0 10	0	10
Change field to arbitrary value following a regex match using props.conf and transforms.com I have two firewall devices that log their activities in different formats. I'm trying to create CIM compliant logs. ... by mjmayer Explorer in Splunk Search 07-27-2017 0 3	0	3
How can we run searches based on token value? I have two different searches and i want to run those searches based on the token. if any value is set for that toke... by goyals05 Explorer in Splunk Search 07-27-2017 2 3	2	3
How to use regex to extract field? HI How to extract the field with space using regex? name: T11345DDF ERROR T11345SSDF Volume C values: 123455-253355... by kiran331 Builder in Splunk Search 07-27-2017 0 3	0	3
Repetive queries of LARGE indexes We have an environment that indexes approximately 600GB / day. I have been tasked with creating queries that correl... by tlmayes Contributor in Splunk Search 07-27-2017 0 3	0	3
What is historical data? While researching exchanging licenses between servers I came across "Historical Data." What is historical Data? by obiloki New Member in Splunk Search 07-27-2017 0 1	0	1
Can a lookup be used for renaming a field name? Trying to figure out if can rename field names using lookup and CSV file. Something like this: index=main d_name="*"... by simpkins1958 Contributor in Splunk Search 07-27-2017 0 6	0	6
Lookup in the Index Time Hi, I have a file coming from the source ( UF ) in which I am getting two fields ( IP and PORT ) , Now I have a loo... by abhayneilam Contributor in Splunk Search 07-27-2017 0 3	0	3
Two multivalue fields needed Hi - I need to extract two multivalue fields from each event. Let's say the strings are "AAA-" and "BBB-". Each strin... by wkassel New Member in Splunk Search 07-27-2017 0 3	0	3
How to replace values without using a join I am using a join, but is there a better way to replace values? I have the following table. (NICKNAME + Human_Name_N... by robertlynch2020 Influencer in Splunk Search 07-27-2017 0 4	0	4
Searching events within a time range from csv file My search operation consists of two parts Part 1: This job runs every 6 hours and keeps appending to the results obt... by tareddy Explorer in Splunk Search 07-27-2017 0 4	0	4
Why am I getting an eval command error "The arguments to the match function are invalid"? I would like to create a new panel in my Dashboard and I am using the following search string: index=$index$ eventId... by Taner Engager in Splunk Search 07-27-2017 0 5	0	5
Splunk has to segregate the Logs when we imported. Hi I need to segregate the logs which we imported splunk. Ex:- I want to extract the logs by using the word error a... by riyaz551 New Member in Splunk Search 07-26-2017 0 4	0	4
How to automatically remove extraneous characters from field value? Splunk is automatically (and correctly) extracting a user field/value in a particular set of logs, I'm looking for a ... by hcannon Path Finder in Splunk Search 07-26-2017 0 4	0	4
Plot the average of a field across all locations and have it as an overlay on a chart with the count of a field across a specific location I am trying to do a timechart on the number of rows on a particular location as shown below. Pivot Query \| search l... by ahallak2016 Explorer in Splunk Search 07-26-2017 0 4	0	4
How to generate a search to find the number of created accounts? Hi, I'm trying to run a search that alerts me when 40 accounts is created within 1 minute. I'm talking about linux u... by wvalente Explorer in Splunk Search 07-26-2017 0 2	0	2
Two index related inquiries I now have two index needs related inquiries, which indexB the B field is a subset of A field of indexA, how do I cha... by kulo Engager in Splunk Search 07-26-2017 0 13	0	13
Joining Two Sources Hi, i was using data from 2 different sources, and joining with join key word, my question is when i want to display... by raghu0463 Explorer in Splunk Search 07-26-2017 0 2	0	2
How to extract fields from json and apply stats to plot a bar graph? I have JSON formatted data in event as below: { "stats": [ {"name":"Facebook", "count":50}, {"name":"yahoo", "count"... by sohaibomar Explorer in Splunk Search 07-26-2017 0 1	0	1
what is best way to modify data before ingesting to Splunk Hi, I am injesting some data to splunk and in my data there is no unique field to sperate different rows. So I am th... by AKG1_old1 Builder in Splunk Search 07-26-2017 0 5	0	5
using lookups to rename field values I have a lookup file severity_lookup with two columns. One having 1,2,3,4 and other having p1,p2,p3,p4. I need to cha... by architkhanna Path Finder in Splunk Search 07-26-2017 1 3	1	3
Event Breaks with FlexLM Licenses not ingesting consistently I'm individually bringing in FlexLM files into Splunk, but alas, some of them are not parsing correctly. Some are fin... by sirkgm14vg Explorer in Splunk Search 07-26-2017 1 5	1	5
Adding 'host' field to a set diff command My set diff query compares the values of one field from two different hosts and outputs a list of the field values th... by leonienicks Engager in Splunk Search 07-26-2017 0 4	0	4
How do i display only events that aren't "backed out"? I have a table of fields with items that are either a Credit or Debit There can be multiples of the same item. Also... by gregbo Communicator in Splunk Search 07-26-2017 0 4	0	4