Splunk Search

Community Activity

How to achieve vlookup in Splunk Hi, Kindly help me with the search query for my scenario. I have a lookup table A and a search B with common field u... by karthikklv Engager in Splunk Search 05-03-2017 0 4	0	4
How to edit my search to use transaction command to exclude values? Hi, I have the following search that returns 10,552 events over a given period of time: index=oracle (INSTANCE_NAME=... by ggiovan Engager in Splunk Search 05-03-2017 0 13	0	13
Counting from log based on email add for successful logins / incorrect password The following are sample logs for successful login and incorrect password attempts based on email address: May 2 0... by babidi New Member in Splunk Search 05-03-2017 0 3	0	3
Log filtering based on field value change. I have two kinds of logs sourcetype = abc IP = a.b.c.d status=active sourcetype = abc IP = a.b.c.e status=active so... by rakes568 Explorer in Splunk Search 05-03-2017 0 3	0	3
How to get the latest record of each month for each specific column? Dear guys, I'm very new in Splunk and I got some work task which still have no idea about the solution. Please k... by urapaveerapan Explorer in Splunk Search 05-03-2017 0 1	0	1
Extracting host from host segment doesn't work Hi : I have a monitoring stanza which splunk process is monitoring logs from: /var/log/hosts//Tue/-2017050209 This... by mmohiuddin1512 Explorer in Splunk Search 05-03-2017 0 5	0	5
Pick up the first occurrence of a word I want to pick only the first occurrence of word . index = index1 ERROR Event Result 2017-04-29T18:29:27.246+0000... by jw44250 New Member in Splunk Search 05-02-2017 0 15	0	15
Using field in lookup table to get field in second lookup table Hi All, I'm new to Splunk and I'm trying to mess around with a few lookup tables that I imported. I have two, let's... by billyhigdon New Member in Splunk Search 05-02-2017 0 1	0	1
run new search based on row-value and get the results in a new column I have the following table of results \|trkid \| values \| \|123 \| a \| \|124 \| b \| \|125 \| ... by gpincheiraa Engager in Splunk Search 05-02-2017 0 3	0	3
Generate list of all Fields in a Search? I would like to export a list of the fieldnames in any given search. How could I do this? by muebel SplunkTrust in Splunk Search 05-02-2017 3 13	3	13
how to get count of events for each 30 min Hi, index=_internal \|timechart span=30m count --- Im using this query looking for last 4hr data. 2017-05-02 15:30... by srinivasup Explorer in Splunk Search 05-02-2017 1 2	1	2
How to sort and group data by day and ID? I would like to display the events as the following: where it is grouped and sorted by day, and sorted by ID numer... by Yaichael Communicator in Splunk Search 05-02-2017 0 8	0	8
How to use rex field as subsearch input value My main search will extract a rex field. I want to use this rex field value as a search input in my subsearch so that... by hoyomi Explorer in Splunk Search 05-02-2017 0 5	0	5
Retrieve names of all fields Im trying to write a search where I can search for the names of the fields, so basically the search would return the ... by Dark_Ichigo Builder in Splunk Search 05-02-2017 2 4	2	4
Help using appendcols or join I wonder if someone can help me out with an issue I'm having using the append, appendcols, or join commands. Truth be... by fmfx1001 Explorer in Splunk Search 05-02-2017 0 7	0	7
is cleaner timechart formatting possible for login/logoff time report? (seeking better human readability) I'm attempted to get a report for login and logoff times on Windows workstations. Here is what I have done so far: i... by caseynordell Explorer in Splunk Search 05-02-2017 0 4	0	4
How do I preset two separte time span as form input? I have some research data on a dashabord. The data I want to highlight is in two separate time spans Jan 1 - Jan 30 a... by BinnyK Explorer in Splunk Search 05-02-2017 0 2	0	2
Is there any alternate for JOIN Hi, I'm having problems while joining the queries. I have the logs in same index and application but logging in dif... by greeshmak Explorer in Splunk Search 05-02-2017 0 4	0	4
How to display comma-delimited numbers in a timechart sum I have this search \| tstats count AS myCount WHERE index=* by index, _time \| where _time > relative_time(now(), "-1... by wrangler2x Motivator in Splunk Search 05-02-2017 0 6	0	6
how to extract time from a string time field? I have that field that shows time in a string. the values of the field are something like: Is there a way to extrac... by matansocher Contributor in Splunk Search 05-02-2017 0 3	0	3
How do i query for those results occurred before 9 AM today? I have get some statistics about some thread which has occured as of 9AM today..i dont want it to return any results... by chetanhonnavile Explorer in Splunk Search 05-02-2017 0 3	0	3
How to calculate only specific fields Hello, from my raw data: TIME A B 2017-04-26 13:00:00 10 2017-04-26 13:10:00 10 ... by tomaszwrona Explorer in Splunk Search 05-01-2017 0 4	0	4
Regex for items in single quotes I have a bunch of logs which look like the following. 2017-05-01 18:36:16,885 UTC - DEBUG - testpod_service.segment_... by aramakrishnan New Member in Splunk Search 05-01-2017 0 4	0	4
Conditional logic and assigning values for group I am trying to categorize records that meet certain logic criteria. If logic is met, I want to assign a string value... by mschellhouse Path Finder in Splunk Search 05-01-2017 0 1	0	1
how to display decline rate per specified fields over a period of time Hello, I am struggling to write a query that displays the decline rate per payment_method over a period of 7 days (w... by demkic Explorer in Splunk Search 05-01-2017 0 3	0	3