Splunk Search

Community Activity

How to edit my search to make an IF statement filter out IPs? Hey guys! I'm trying to filter out a few IPs from certain Categories and i just can't manage, something like: IF ca... by DrSplunkenstein Engager in Splunk Search 05-11-2017 0 5	0	5
How to remove consecutive repeat events by an unique user? How can I remove events that are repeated consecutively? For example, my logs shows: Timestamp 1 \| Event A \| User 1 ... by tanyongjin Explorer in Splunk Search 05-11-2017 0 2	0	2
Help with transaction ! Hi , I have following query written but it is not giving me correct output. So my logs would look like this subje... by dmenon84 Path Finder in Splunk Search 05-11-2017 0 7	0	7
Query string method not working for HEC on Cloud I have a splunk cloud stack which has HEC enabled on it and I am referring following page to send data via HEC: http:... by naiktej13 Engager in Splunk Search 05-11-2017 0 1	0	1
How to edit the table format in my email alert so that each item starts a new line? Hi Splunkers and Happy Friday I am trying to put together an email that looks something like this: However when I... by omuelle1 Communicator in Splunk Search 05-11-2017 1 3	1	3
How to use predict command? Date ALLOCATED_GB USED_GB Difference 20/08/2016 580.22 566.57 13.65 21/08/2016 580.22 106.6 473.62 2... by m7787579 New Member in Splunk Search 05-11-2017 0 2	0	2
Rex vs field extraction with very large multiline events, latter not working properly? Hi, I'm importing some very large multi-line events into Splunk and trying to extract fields from them. The events l... by Whistler Engager in Splunk Search 05-11-2017 0 1	0	1
I have one server with 24 jvms.I need to write query for jvm down .I tried using inputlookup? I have one server with 24 jvms.I need to write query for jvm down .I tried using inputlookup? \|inputlookup sample.cs... by karthi2809 Builder in Splunk Search 05-10-2017 0 4	0	4
How to change time into seconds? Hi Everyone, Please help me out to convert time format into seconds. My time field has values like :07, 7:45. Exam... by nilaksh92 Path Finder in Splunk Search 05-10-2017 0 5	0	5
How to define splunk workflow actions URI with special characters Hi, How can i define a link configuration with e.g. # in the uri like the following request? hxxps://www.robtex.com/... by neo888 New Member in Splunk Search 05-10-2017 0 1	0	1
How to find missing field values I want to use Splunk to tell me when a process is missing from a list of expected processes. I have tried using eval... by jdonn_splunk Splunk Employee in Splunk Search 05-10-2017 1 1	1	1
How to filter out events before/after a specific event Hi, I want to filter out an event that occurs just before/after all the occurrence of a specific event, 'X". How ca... by tanyongjin Explorer in Splunk Search 05-10-2017 0 2	0	2
Adding indentifier field to stats output I have an index: base_data The index has data added on a weekly basis. I would like to identify the instances of f... by gyphawk New Member in Splunk Search 05-10-2017 0 2	0	2
500 internal server errors with /search/data/transforms/lookups page We are using Splunk 6.2.4 build 271043 on Ubuntu and we are seeing a couple of pages in the Lookups section that are ... by Erpenbeck Path Finder in Splunk Search 05-10-2017 0 5	0	5
Assigning future timestamps fails I am extracting timestamps from event to assign _time to events during index time. But timestamps are future date. Su... by ankithreddy777 Contributor in Splunk Search 05-10-2017 0 1	0	1
How to calculate row sum which each column has different weight? Hi I have a table as below. severity S0 S1 S2 S3 event A 1 0... by hakusama1024 New Member in Splunk Search 05-10-2017 0 2	0	2
Accounting for weekends and holidays I'm trying to come up with a method of accounting for weekends and holidays. Tell me, how should I implement this alg... by AlexeyPy Engager in Splunk Search 05-10-2017 0 1	0	1
Existing Query returning no data Hello everyone, We have a dashboard that contains a few panels that recently stopped returning data. I've tried to f... by kmccowen Path Finder in Splunk Search 05-10-2017 0 5	0	5
Search Chain Hopefully this is an easy one. We have an alert setup that notifies us if a specific error occurs more than 30 times ... by phillipmadm Explorer in Splunk Search 05-10-2017 0 2	0	2
How to format subsearch to give results with OR operator between and dropping field names. I have a scenario where my subsearch should yield results in following format. Index=index1 [search index=inde... by ankithreddy777 Contributor in Splunk Search 05-10-2017 0 2	0	2
How to populate dropdown input with ids from search? Can anyone please help me to populate a Dropdown input with the ids from this this search: index=main sourcetype=main... by vtsguerrero Contributor in Splunk Search 05-10-2017 1 3	1	3
Combine search results from one source in chart I am trying to build a visualization of change data to show over time the number of concurrent changes on going. So t... by mackiae New Member in Splunk Search 05-10-2017 0 6	0	6
some records are missing when I list by table; but when I query that specific event, I can find it. I have a trade message sourcetype in JSON, which I properly set up in props.conf and can query fine. To do a reconci... by leonjxtan Path Finder in Splunk Search 05-10-2017 0 8	0	8
How to compute subtraction? Start Time End time Reason Difference 05/09/2016 18:05 05/12/2016 14:55 ... by m7787579 New Member in Splunk Search 05-09-2017 0 5	0	5
Why is the collect command not working when used with map command? If I do this search index=log NOT "INFO" earliest=-40d@d latest=-39d@d \| cluster t=0.3 field=raw showcount=t la... by TiagoTLD1 Communicator in Splunk Search 05-09-2017 0 3	0	3