Splunk Search

Community Activity

	How to merge my data? My raw data looks like this: Timestamp Field1 Field2 Field3 2017-01-01 AAA Key1 Key1val 2017-01-... by kbarker302 Communicator in Splunk Search 02-07-2017 0 2	0	2
	My lookup in a macro works in a search, but why does it not work using savedsearch command? We are on Splunk 6.2.1. This is all in Splunk search... I have a macro with lookup which works fine in a simple sea... by rgsage Path Finder in Splunk Search 02-07-2017 0 10	0	10
	How to trim output using eval in a data model to remove spaces? I tried this in eval expression for removing spaces... trim(SWFT_TRN) but it's not working fine.. by ruchigpt527 New Member in Splunk Search 02-07-2017 0 1	0	1
	Indexer not responding.. Replication status is 'Failed' A reboot cured the above issue( In title), which is far from ideal. See the below lines logged in 'Splunkd.log' on t... by nairri New Member in Splunk Search 02-07-2017 0 3	0	3
	How can I convert string of numbers to date format? I have a list of dates like below: 20170201 20171201 20171225 How can I convert this into a time value that i can s... by smcdonald20 Path Finder in Splunk Search 02-07-2017 0 2	0	2
	How to find top events contributing to a total of X% of the events? Hi, I can find the top events but I want to see all those events that are contributing say 80% of the total. e.g. the... by dkikan Engager in Splunk Search 02-07-2017 0 1	0	1
	How to calculate max of transaction from sum of 2 fields? Currently I am trying to find the max of field (which is already a sum of 2 different fields). The problem unfolds as... by sundarrajan Path Finder in Splunk Search 02-07-2017 0 5	0	5
	Lookup based range of latitude and longitude Hi I'm looking for a sample search that calculates count of events which match within 500m radius of lat/long on loo... by Shisa Explorer in Splunk Search 02-07-2017 0 2	0	2
	Are there any plants to output ISO-3166 alpha codes from iplocation command? Any plans to output ISO-3166 alpha codes from the iplocation command @arahut_splunk, or should we implement a maxmind... by doksu Contributor in Splunk Search 02-06-2017 0 1	0	1
	Query to search for huge set of URLs I have close to 2000 URLs I want to search in one source. Is it possible to do it in one query by using lookup and wh... by rbathla New Member in Splunk Search 02-06-2017 0 4	0	4
	How to edit my search so I can compare differences between a list of fields Hello all, At a loss trying to accomplish the following: I would like to compare three fields in the same index (te... by splunker1981 Path Finder in Splunk Search 02-06-2017 0 3	0	3
	if an entry exists in stats, remove the entire line Hi, I have this work in progress query index=betats source="*top.csv" \| dedup PREMISE_FK COMMAND PID \| where COMMAN... by dbcase Motivator in Splunk Search 02-06-2017 0 4	0	4
	How to not let "Span" overwrite earliest time value Lets say it is 2/6/17 at 2:18am and I have the following query... ... earliest=-1d@m \| bin _time span =10m ... I w... by matthewb4 Path Finder in Splunk Search 02-06-2017 0 2	0	2
	Why are some expected events missing when applying a filter in our search? We recently onboarded some applications' logs, and at our client request, we had to put a custom field to have the ap... by mdelwaide Path Finder in Splunk Search 02-06-2017 0 9	0	9
	Why am I not receiving results when a value contains a with period and underscore? I would like to show results group by "SLA Request Key". I am able to view sample Data-2 but not Sample Data-1 Samp... by saikamaldidigam New Member in Splunk Search 02-06-2017 0 5	0	5
	Why is summary index is missing a few indexes in its output? Hi, I am using around 8 indexes to create a summary index. But after creating the summary index, i am seeing the dat... by umsundar2015 Path Finder in Splunk Search 02-06-2017 0 3	0	3
	Extend finite fields into the future in conjunction with the predict command I'm attempting to build out a capacity chart that shows total elements used in a system and predicts the future count... by burras Communicator in Splunk Search 02-06-2017 0 3	0	3
	What is the regular expression to extract "java.net.SocketTimeoutException: Read timed out" from my raw event? please help me with rex i want to retrieve java.net.SocketTimeoutException: Read timed out from below _raw "msgConte... by sravankaripe Communicator in Splunk Search 02-06-2017 0 9	0	9
	How to use tstats to show the last event and event time from 30 hosts (in lookup)? How to use tstats to show the last event and event time from 30 hosts (in lookup)? If I can't use tstats, is there an... by kiran331 Builder in Splunk Search 02-06-2017 0 1	0	1
	What is the regular expression to extract "a1234567" from my event? Please help me with regular expression i want to extract a1234567 "INDV=1234566\|RSPAR\|a1234567\|RSPAR" by sravankaripe Communicator in Splunk Search 02-06-2017 0 3	0	3
	Inconsistent Delimited Values Here's my search: base search \| rex "^(?<field1>[^:]+):\\|:(?<field2>[^:]+):\\|:(?<field3>[^:]+):\\|:" The logs are ... by lloydknight Builder in Splunk Search 02-06-2017 0 3	0	3
	How to create regular expressions for these Exceptions? I want to know how can i create regular expressions for the following exceptions... java.io.IOException java.lang.E... by jw44250 New Member in Splunk Search 02-06-2017 0 6	0	6
	lookup does not show new added lines All, i've got a strange issue regarding lookup tables. ((and seen in two lookup tables now) I have a lookup table "s... by JeroenDenBoer Explorer in Splunk Search 02-06-2017 0 2	0	2
	Splunk strange bug with the command "Fields" and space Hello Community, I have a strange behavior with a command when it is on the search field of a Dashboard. In my comm... by guilpink New Member in Splunk Search 02-06-2017 0 2	0	2
	How can I use timechart to report IIS time_taken by location, using a CIDR inputlookup to compute the location by the client's IP? Hello Splunk peoples! Would someone please help me figure out how to use timechart to find IIS time_taken by locatio... by cyphertek Explorer in Splunk Search 02-05-2017 0 2	0	2