Splunk Search

Community Activity

How do I find the unique elements between two columns? If I have a search that returns a table with multi-values in two different columns, how can I find the unique element... by mbintz Explorer in Splunk Search 10-15-2016 0 5	0	5
Compare Results From Two Searches Hi, I wonder whether someone may be able to help me please. I'm using the following subqueries: The first extracts ... by IRHM73 Motivator in Splunk Search 10-15-2016 0 9	0	9
Restrict Time Range by User Role and index / SourceType We have different indexes with varied retention and volumes. We would like to be able to restrict some roles to searc... by VidhyaR New Member in Splunk Search 10-14-2016 0 3	0	3
How to display values in xyseries format? How to display values in xyseries format? i have log like below tcp 0 0 12b8-splfwd02.nam.nsro:7171 poc-... by rajgowd1 Communicator in Splunk Search 10-14-2016 0 15	0	15
Field Extraction issue HI Experts, i am able to exact 4th and 5th fields from below log but i am able to exact get the value if the 4th or 5... by rajgowd1 Communicator in Splunk Search 10-14-2016 0 8	0	8
Filtering on lookup field values using multiple values on a few field Searching for events which match any of multiple values for the same field times several fields in a lookup using the... by landen99 Motivator in Splunk Search 10-14-2016 0 1	0	1
Count Fraction of Distinct events I woudl like to know, per CountryId, what fraction of FooId equal to BarId In the follwoing log: MyEvent CountryId=... by viggor Path Finder in Splunk Search 10-14-2016 0 1	0	1
How can I pull and alert on a value found from a search? I am trying to pull data from Splunk via a search and send it to Netcool OMNIbus. Right now I am just sending it via ... by larryleeroberts Path Finder in Splunk Search 10-14-2016 0 7	0	7
Rolling Averages I am having alot of trouble setting up rolling averages in Splunk. I would love to be able to overlay a 30, 60, 90 da... by justx001 Explorer in Splunk Search 10-14-2016 1 4	1	4
How to display the 2nd through n-1 values of a field? I have some Windows event log data that shows the ID when a user logs in and logs out. In addition, it shows me the ... by DEAD_BEEF Builder in Splunk Search 10-14-2016 0 4	0	4
Result differences? Fairly new to Splunk and I am trying to understand the reason for the difference in results and search time for the f... by tinylund Explorer in Splunk Search 10-14-2016 0 1	0	1
Unknown search command 'gentimes'.... can anyone help to find if this command has been discontinued in Splunk? When Trying to run below query in Splunk search: \| gentimes start=-1 \| eval YourDate="3:21:34 PM 10/14/2016" \| table... by accragv1 Explorer in Splunk Search 10-14-2016 0 7	0	7
Eval with multiple values I have three event types: eventtype="windows_login_failed" eventtype="duo_login_failed" eventtype="sremote_login_fai... by jwalzerpitt Influencer in Splunk Search 10-14-2016 0 6	0	6
How do I return a search for a field that contains a number? example: If I have a list of user and I want to search and the users who only have a number in that field; John_doe... by jbala1 Engager in Splunk Search 10-14-2016 0 3	0	3
dedup gives different result if a 'table' command is used before it. A bug?? In an running a command which uses the dedup command: index=myindex earliest=-5d@d latest=@d \| bin _time span=1d \| ... by patng323 Explorer in Splunk Search 10-14-2016 0 13	0	13
Subsearch field groupings Hello, I have a search (see below) that Im having a little trouble with. With it it returns the fields correctly, b... by brywilk_umich Path Finder in Splunk Search 10-14-2016 0 4	0	4
how to modify my query to display a detail view with hosts? I have a search as follows field="abc"\| eval b=len(_raw) \| timechart span=1h sum(b) as b \| eval mb=round(b/1024/1024... by pavanae Builder in Splunk Search 10-14-2016 0 4	0	4
CSV Field Extraction with spaces in field name I have a syslog feed coming in to our Splunk system that is essentially a CSV file. It's a conglomeration of the res... by burras Communicator in Splunk Search 10-14-2016 0 9	0	9
Calculating the number of executions using streamstats Hi! I have such table: package executionID type day time A 1 start day1 some_hour A 1 end day1 some_hour B 1 start ... by andreafebbo Communicator in Splunk Search 10-14-2016 1 1	1	1
How to perform a join on a field from source1 to one or another field in source2 based on the source1 field value? I'm trying to join information from a metadata search to a lookup file. It works using a subsearch such as this: \| m... by splunkin11 Path Finder in Splunk Search 10-14-2016 0 5	0	5
How to extract values from multiple events and create a new event with those values? I want to extract a key-value pair from multiple events and create a single event with those extractions. We have e... by skoelpin SplunkTrust in Splunk Search 10-14-2016 0 6	0	6
How to search the count of host Instances, and get the latest occurrence if there are duplicates? In addition, if there is a duplicate host, I'd also like to keep the fields of the latest. Here's an example: Host ... by jturner900 Explorer in Splunk Search 10-14-2016 0 5	0	5
How do I configure Splunk to recognize my custom delimiter for proper field extraction? I currently have a log statement which has a custom delimiter: {\|} Where an example log statement would look like: ... by emamedov Explorer in Splunk Search 10-13-2016 0 5	0	5
How to edit my regular expression to extract these fields from my sample data? Hi, I have the below data 10.210.192.15 - - [12/Oct/2016:19:59:43 -0400] "GET /rest/icontrol/login?expand=sites,ins... by dbcase Motivator in Splunk Search 10-13-2016 0 7	0	7
How to edit my search to prevent getting multiple alerts? Created a search to monitor members added/removed from a group. It's working in search, but in the alert email for de... by sonusngh68 New Member in Splunk Search 10-13-2016 0 10	0	10