Splunk Search

Community Activity

	How would a lookup to combine two values to one OUTPUT field? I'm looking at firewall logs which typically have (among other details) a source address and a destination address. I... by robdanl Explorer in Splunk Search 06-05-2017 0 12	0	12
	How to edit my map command search in order to pass a field to subsearch within subsearch? I've concluded that I absolutely need to use mapping, as I need to run the same (large) search query for each Iterati... by snreichel Engager in Splunk Search 06-05-2017 0 3	0	3
	Possible to set token values without displaying them? So, basically I've a query which ends something like this: \| eval uf = if(like(one_reason, "%unknown_failure%"), uf.... by shrutigupta New Member in Splunk Search 06-05-2017 0 2	0	2
	Regex to extract multiple fields from single event Hi, I want to extract particular fields from single event based on fields position. Sample Data: event1: aaa\|bbb\|c... by gvnd Path Finder in Splunk Search 06-05-2017 0 2	0	2
	How to show open incidents by month I am trying to write a query to show number of open and closed incidents in a month. When I try the following in the... by t_splunk_d Path Finder in Splunk Search 06-04-2017 0 34	0	34
	How to write a search for my XML logs? I have xml logs as below where I am trying to write a Splunk search to do a search where entry=01 and result = Done... by amanavohra New Member in Splunk Search 06-04-2017 0 3	0	3
	Lookups exclude non matching results I have a CSV containing wine names, vintages and prices, e.g. Description,Vintage,Price A,2012,100 A,2013, B,2014, B... by bowesmana SplunkTrust in Splunk Search 06-03-2017 0 5	0	5
	Can we convert the _time(which is chicago time) to London time during search time Hi , I have a scenario. where my _time is chicago time(CST/CDT) . But I need to convert it to London time and do stat... by ankithreddy777 Contributor in Splunk Search 06-03-2017 0 3	0	3
	EVAL with field extracted from props.conf Hello Everyone, I'm having an issue where I cannot use EVAL in search or in the props.conf for a field that has been... by johnmvang Path Finder in Splunk Search 06-03-2017 0 12	0	12
	How to lookup? I have a lookup table of IDs like this: (id)uuid - (myid)numeric id (id)uuid - (myid)email (id)email - (myid)numeric ... by rvencu Path Finder in Splunk Search 06-03-2017 0 1	0	1
	I need to compare two values which are generated dynamically in every hour and get the diffrence . Basically my search looks like this index=something \| rex "(?), " \| rex "(?\d+)" \| eval _time=strftime(_time, "%d ... by sandyIscream Communicator in Splunk Search 06-03-2017 0 2	0	2
	How to fetch events based on below condition Hi, We have a requirement where client wants to see only events which satisfied the below condition. Any events whi... by surajgupta New Member in Splunk Search 06-02-2017 0 4	0	4
	runshellscript search command does not return the results file ($8 argument) This docs (https://docs.splunk.com/Documentation/SplunkCloud/6.6.0/SearchReference/Runshellscript) says $8 argument i... by testadrianbelen New Member in Splunk Search 06-02-2017 0 5	0	5
	Why does the search on my dashboard show "No result found" and fails to load the panel, but opening in search is successful? Hello! As the title states, my dashboard fails to load a panel that performs a search. If I click "Open in search... by kylbarne New Member in Splunk Search 06-02-2017 0 16	0	16
	What are these undocumented settings in user-prefs.conf? The documentation on user-prefs.conf is incomplete. I cannot find an explanation for the following settings: appOrde... by matthijsk Explorer in Splunk Search 06-02-2017 0 2	0	2
	Is there a makemv to mvexpand command issue in my search? When running this search (the return value is hard coded, it is coming from an external command). I just pasted the r... by rdownie Communicator in Splunk Search 06-02-2017 0 2	0	2
	stats count(eval) always returns zero I'm having problems with what should be a very simple query. I'm trying to get a count of events in an "unavailable"... by richgalloway SplunkTrust in Splunk Search 06-02-2017 0 5	0	5
	Splunk stops logging windows events after temporarily loosing network connection I'm monitoring Sysmon events from my laptop, but if I temporarily lose network connection Splunk stops logging comple... by stefan1988 Path Finder in Splunk Search 06-02-2017 0 2	0	2
	moving average query Hello - I m collecting some user metrics in below format. customer's trVol ( transactionvolume) 2017-05-29 04:50:01... by vw5qb73 Explorer in Splunk Search 06-01-2017 0 3	0	3
	Eval Ranges combined with specific values Hi, I'm looking to grab numbers of http responses (status) as "Good" or "Bad" and am successful with the following q... by bfong Engager in Splunk Search 06-01-2017 0 1	0	1
	How can I determine if a field is an integer (whole number) I want to use an if statement determine if a number is a integer or decimal. Is that possible? example if(field1/fie... by jedatt01 Builder in Splunk Search 06-01-2017 0 3	0	3
	Complex subsearch comparing time periods Hello I have a rather complex search/subsearch I am trying to figure out. I need to acquire a list of values from a ... by EricLloyd79 Builder in Splunk Search 06-01-2017 0 3	0	3
	How to convert a string to date from my log file? My log file contains data in the below format. I need to sort the date by the latest one first. Please help as I am u... by AyanC New Member in Splunk Search 06-01-2017 0 2	0	2
	Formatting my date Below is my report but my date output is blank, i am searching for powershell events on my network and need to know w... by rickettw New Member in Splunk Search 06-01-2017 0 4	0	4
	Allow colon in field names? I have input data that looks like: time=2017-05-29 calendar:num_1day_active_users=10437 gplus:num_1day_active_users=... by wegscd Contributor in Splunk Search 06-01-2017 0 6	0	6