Splunk Search

Community Activity

How do I reuse multiple eval statements in multiple dashboards without recoding in every one? I have a series of eval statements that I'd like to call from multiple dashboards, but have it coded in only one plac... by pxs0514 Explorer in Splunk Search 06-19-2017 1 3	1	3
Grouping by a substring Hello, I'm having trouble grouping errors in our Splunk logs. The date and time is appended to the error messages, m... by R0ss Engager in Splunk Search 06-19-2017 0 2	0	2
Is there any way to overlay vertical lines for event marking in Splunk timecharts? Tools such as graphite allow for the concept of "infinity" in charts in order to display vertical lines to be overlay... by aramirez_evolut Engager in Splunk Search 06-19-2017 13 6	13	6
Regex to remove optional trailing text from field with transforms/props I have a field called Title, where it may sometimes end with the text Ends 9 P.M. or varying case related variant... by bowesmana SplunkTrust in Splunk Search 06-19-2017 0 8	0	8
how to get the average time for latest event and previous event I am looking for a solution to show for every latest event time and previous event time average duration (and the tim... by remoharish Engager in Splunk Search 06-19-2017 0 1	0	1
i want to remove the date occurrence for all the line The value '20/SEP/13' can removed The hello '28/JUN/14' can be removed The today '23/JUN/14' can be removed by DataOrg Builder in Splunk Search 06-19-2017 0 6	0	6
Adding an second identical column and field to Splunk table In order to coincide with an excel spreadsheet, I was hoping that Splunk table can provide two columns that our ident... by dxw350 Path Finder in Splunk Search 06-18-2017 0 2	0	2
Is there a limit on searchable characters in an event? I am searching on an event with has on an average 25000 - 30000 characters. When I search on the auto extracted field... by t_splunk_d Path Finder in Splunk Search 06-18-2017 0 7	0	7
filter stats on two different "where" clauses Bonus points to the folks who can help me. I'm trying to first filter (stats count) results above a threshold of 100 ... by mbond81 Engager in Splunk Search 06-17-2017 0 8	0	8
How to split my sample events using regular expression Hi, i have a sample data file like this, all columns are tab separated TYPE Category ... by prathapkcsc Explorer in Splunk Search 06-16-2017 0 15	0	15
Why does my rex search with a regex only match a few of the results even with max_match? i have an odd issue that i cant seem to get beyond it might be as simple as a regex change but I can seem to figure i... by roayers Explorer in Splunk Search 06-16-2017 0 16	0	16
How to troubleshoot why our lookup that is updated by "outputlookup append=true" missing data added from the last 2 months? We have small lookup updated in search by outputlookup append=true This is a SMALL size Our users noticed the lookup ... by Chamrong Explorer in Splunk Search 06-16-2017 0 6	0	6
How to remove multiple spaces in a single field containing unique words Hello guys, I'm having a bit of problem removing spaces in between several words in a column. For example, the User_... by timyong80 Explorer in Splunk Search 06-16-2017 0 10	0	10
Tstats with a different field Hello, I recently setup a summary index. I'm searching with "tstats" in that summary index to get a single integer ... by curry59 New Member in Splunk Search 06-16-2017 0 1	0	1
In a CSV lookup, is the first column always the input ? In Vlookup for excel, the input is always the first column on the left. In Splunk, is this required? I am having di... by dxw350 Path Finder in Splunk Search 06-16-2017 0 2	0	2
Count of each field value (I only get total counts) I have: sourcetype=squid_proxy \| stats count, values(url) as url, sum(bytes) as bytes by client_ip Which almost ge... by jkfierro Explorer in Splunk Search 06-16-2017 0 7	0	7
search results Why would these searches return different results? I'm searching over the same time range with both. index=main sour... by jephillips Explorer in Splunk Search 06-16-2017 0 8	0	8
Values with Pipe as String Hi, I have events which look like that: a=test1 b=test2 func=test3\|test4\|test5 and a=test1 b=test2 func=test5 if a ... by andimak New Member in Splunk Search 06-16-2017 0 1	0	1
How to pull one variable with multiple changing values? I have for example something as follows, "Request X\|Y\|Z" where X, Y, and Z all change each time the message is displa... by aohls Contributor in Splunk Search 06-16-2017 0 5	0	5
Unable to mask PII data on JSON at indexer Hello friends, My data is in json format and i have credit card info which i need to mask at indexer level. I tried b... by mehala12 Explorer in Splunk Search 06-15-2017 0 6	0	6
Using eval to set token in drilldown does not work I have a row in a table called DMPrice <set token="dmp">$row.DMPrice$</set> this works, however, if there is no DM... by bowesmana SplunkTrust in Splunk Search 06-15-2017 0 2	0	2
How to use stats command after top command. Hi all I am trying to do the following search. which would result in Top 5 apiname values along with their apitime(a... by rakshithreddy Explorer in Splunk Search 06-15-2017 0 4	0	4
Event sampling with specific event gaps for multiple hosts I have multiple hosts in my result table and there is no specific sampling interval for each. However it is sure that... by AshimaE Explorer in Splunk Search 06-15-2017 0 3	0	3
Correlate received Up down Traps in Splunk Looking for ideas on how to correlate between an updown trap event like the one shown below - would be nice to have t... by Esky73 Builder in Splunk Search 06-15-2017 0 1	0	1
remove URL from search result is not working My Splunk Query index= index1 sourceType=source1 "Error" OR requestURl != "/test/abc" OR requestURI != "/person" ... by jw44250 New Member in Splunk Search 06-15-2017 0 4	0	4