Splunk Search

Community Activity

servicenow incidents in splunk AM not able to see all the incidents which are there in my servicenow instance. I have splunk_TA_Snow app configured... by surekhasplunk Communicator in Splunk Search 11-03-2016 0 1	0	1
Inputlookup subsearch I have a csv file with some stats code, i have added as a lookup . I want to use two fields in stats code with say ... by msachdeva3 Explorer in Splunk Search 11-03-2016 0 2	0	2
How to match search output to a specific list of items using lookup (or other) Hi splunkers. Im running Splunk v6.4.3 and I need to match the output from a normal sourcetype="cisco:syslog" sear... by pjasa New Member in Splunk Search 11-02-2016 0 3	0	3
How to change a input text field to upper case and search for the changed value I have a form, which has a text field for users to enter the orderid. users can enter in lower case or upper case. Th... by vamshi245 New Member in Splunk Search 11-02-2016 0 4	0	4
How to edit my stats search of all HTTP error codes that is not returning any results? I have this search which is not returning any result, I am not sure of the issue. Any help? index=my_index status!=2... by deepak312 Explorer in Splunk Search 11-02-2016 0 2	0	2
Searching a second source type based on a list of results from a first search I would like to find lines in log A based on the results of search B, but havent been able to get what I want using s... by dreeck Path Finder in Splunk Search 11-02-2016 0 2	0	2
How to overlay a percentage value on a chart (not timechart)? I'm having trouble creating a chart overlay. Every example for a chart overlay is for a timechart, leading me to won... by AndySplunks Communicator in Splunk Search 11-02-2016 0 5	0	5
Insert % sign for each result in a specific column Current search results are in a table form such as the following: Search String \| Search Engine \| Visits \| Percent D... by hagjos43 Contributor in Splunk Search 11-02-2016 1 5	1	5
How to add keepevicted=true in the datamodel or the query which uses datamodel (Data model has a transaction)? Hi, I've created a datamodel which has a TRANSACTION. When I try to use the datamodel query for a longer period of ti... by Kukkadapu Path Finder in Splunk Search 11-02-2016 0 2	0	2
How edit my search so that appendcols command appends results correctly? Hi, I'm trying to append the results from two tables. I used appendcols with override option. But results showing di... by cchange Path Finder in Splunk Search 11-02-2016 0 2	0	2
How can we print all fields from a join by stats command? We have the following working query - (index= primary_claim amt > 1000 ) OR (index=secondary_cla... by ddrillic Ultra Champion in Splunk Search 11-02-2016 0 21	0	21
Join 2 tables for matching field values Hi, I would like to join 2 tables with multiple fields based on common field Column 1 where Table:1 will have field... by anshumandas New Member in Splunk Search 11-02-2016 0 7	0	7
Count number of events before Debup Is there any way to save the count of the events before doing the dedup ? This is my query index="webapplication_lo... by vkakani60 Path Finder in Splunk Search 11-02-2016 0 4	0	4
Can metadata command search sourcetypes and host at the same time? Hi I am looking for a way to get the number of events from host=ALL with sourcetype=tps. However it looks like i can... by robertlynch2020 Influencer in Splunk Search 11-02-2016 0 1	0	1
Why is the access count of a datamodel is always zero, even though we use the datamodel in searches and dashboards? Hi, I see that the access count of the datamodel is always zero, even though we are using the datamodel in searches a... by Kukkadapu Path Finder in Splunk Search 11-02-2016 0 2	0	2
Alerting on a threshold Hi all, I currently have a very simple search that looks at the distinct visitors for a website per day. See below, ... by SecureIA Path Finder in Splunk Search 11-02-2016 0 2	0	2
How to generate a search that will combine two events with different fields that contain the same value and calculate response time? I want to combine two events based on different fields (ID and PARENT_ID) that have the same value and then find the ... by arjangoos Path Finder in Splunk Search 11-02-2016 0 1	0	1
Parse duration in format `HH:MM:SS.NNNNNNN` I'm struggling to convert a duration in format HH:MM:SS.NNNNNNN to seconds in a concise manner. For example, 01:03:0... by jberd126 Path Finder in Splunk Search 11-02-2016 0 2	0	2
When running a CLI search with a specific timerange, is there a way to prevent INFO line from appearing? Attempting to build some monitoring whereby we run a Splunk search from the command line interface (CLI) over a given... by burras Communicator in Splunk Search 11-02-2016 0 5	0	5
Prevent splunk from streaming results to a custom search command? I've created a custom command in python that needs to view an entire set of events as a single batch, because it's co... by mute_dammit Engager in Splunk Search 11-02-2016 1 9	1	9
How to write a search that will determine if a lookup file has been updated? How to write a search that will determine if a lookup file has been updated? Thanks. by splunkrocks2014 Communicator in Splunk Search 11-02-2016 0 4	0	4
How do I manually update a saved search at a time other than scheduled through user request? I have an intensive search populating a dashboard that i'd like to schedule once a day, or as requested by the user -... by wcooper003 Communicator in Splunk Search 11-02-2016 0 2	0	2
Row limit for custom commands I've got a custom command that we're running over a large set of data. When I just run the part of the query up to ri... by gpburgett Splunk Employee in Splunk Search 11-02-2016 1 1	1	1
How to find the latest event (message) with a given key (field)? I have components which are sending UDP messages to splunk. The message format is key1=value1\|key2=value2\|.... Fe... by asingla Communicator in Splunk Search 11-02-2016 4 12	4	12
symantec DLP Dear Sirs, in symantec dlp we have different policies consider it as (1,2,3,...etc) and when i user violate any polic... by aliroumani Explorer in Splunk Search 11-02-2016 0 1	0	1