Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
siraj198204

i have one field like lastpasswordchangedate , by using this field i want to return value of password expiry date .... 90days.

source="dbmon-tail://idwarehouse/idw_account" application=TFAYD [|inputlookup execSSO.csv |rename sso as owner] |eval...
by siraj198204 Explorer in Splunk Search 10-10-2014
0 32
0
32
kelvin56887

Return "No result" when joining two tables if the subsearch has too many records

The query is as follows: index="inverntory" source="s1" UUID="C64" | join UUID [search index="inverntory" source="s1"...
by kelvin56887 Explorer in Splunk Search 10-10-2014
0 3
0
3
anilchauhanmanu

How to return raw data results from subsearch query?

I can't return _raw data from subsearch as below , but i can find this raw data if i use it in separate main search ....
by anilchauhanmanu Explorer in Splunk Search 10-10-2014
1 4
1
4
devicenul1

PDF Export and Eval

6.1.1 known issues: Events format settings like list, table, max lines, wrapping do not apply to PDF reports and are ...
by devicenul1 Path Finder in Splunk Search 10-10-2014
0 7
0
7
herve1

Why am I getting "Error in 'SearchParser': The definition of macro is expected to be an eval expression that returns a string."

This is an eval-based macro to be used before the first | macro definition: if($Id$=="", " ", " LOGIN_NAME=$Id$ ") I...
by herve1 Engager in Splunk Search 10-10-2014
0 1
0
1
thisissplunk

How to pull a value from a csv lookup in a subsearch to tack onto a table in the main search results?

Hello All, I'm using a lookup table which includes of a bunch of IPs. I use this as a blacklist to search through my...
by thisissplunk Builder in Splunk Search 10-09-2014
2 5
2
5
dhavamanis

how to build a map using zipcode?

we have user registered data with zipcode, can you please tell us, how to build the map chart using the zipcode.
by dhavamanis Builder in Splunk Search 10-09-2014
0 3
0
3
dhavamanis

How to edit my search query to display a Map graph?

We are trying to build the MAP with the query below. I can see some results in the statistics view but nothing is sho...
by dhavamanis Builder in Splunk Search 10-09-2014
0 4
0
4
merethhe

Errors in percentage when using "top" command?

I'm performing a very simple search: type="Workflow model" | top 20 org My problem is, the number of events does no...
by merethhe Engager in Splunk Search 10-09-2014
0 2
0
2
hortonew

How to write a stats search for the daily max and average latency per each of the top 5 URLs?

I have logs that I'm trying to analyze and get the daily average latency per URL. I'll provide a sample log, and wha...
by hortonew Builder in Splunk Search 10-09-2014
0 2
0
2
ben_leung

How do you compare a field value with another field in the following event?

Example data: From: To: 1. www.google.com www.google.com/123 2. www.yahoo.com www.yahoo...
by ben_leung Builder in Splunk Search 10-09-2014
1 1
1
1
vzzbrs

why host_regex is not setting correct hostname

I'm trying to set hostnames extracting them from filenames I'm using host_regex with this regex: host_regex = (myse...
by vzzbrs Explorer in Splunk Search 10-09-2014
1 5
1
5
strive

Search Time Modifiers behave strangely with half-hour timezones. What's going on?

Hi, The Search Time Modifiers do not work properly when half hour time zones are set. (There are very few countries...
by strive Influencer in Splunk Search 10-09-2014
5 1
5
1
bruceclarke

How to filter a dense search prior to a transaction?

All, I'm trying to transact on two searches. The first search returns very quickly (there are only a few events to m...
by bruceclarke Contributor in Splunk Search 10-09-2014
0 3
0
3
DavisXie

Can Sum multiple | eval "@@@" as action1| eval "###" as action2 | eval "%%%" as action3 | stats count by user ?

Hello every one host="abc" user="12345678" | eval '"@@@" as action1| eval "###" as action2 | eval "$$$$" as action...
by DavisXie New Member in Splunk Search 10-08-2014
0 3
0
3
bckq

How to run a saved search in a remote Splunk server and print the result on the terminal using Python SDK?

Hi, I wanted to make some script that will run saved search in remote Splunk Server and print the result on the termi...
by bckq Path Finder in Splunk Search 10-08-2014
0 1
0
1
kris99

Why is my search eval not returning all expected fields?

stats count host. Below search only returning "Server and Count" not the Desktop. index| dedup host | eval "Type"=ca...
by kris99 New Member in Splunk Search 10-08-2014
0 1
0
1
btiggemann

Compare if an event in different sourcetypes has the same values for a combination of fields

Hey Splunkers, We want to track an email communication which is done over multiple servers with multiple log format...
by btiggemann Path Finder in Splunk Search 10-08-2014
1 3
1
3
bkchung

How to extract fields at search-time from a multivalue query string?

Using sourcetype="localapache", extracting fields from the following event only recognizes somevalues but not someval...
by bkchung New Member in Splunk Search 10-08-2014
0 4
0
4
benjaminlin1019

Splunk DB Connect: What is wrong with my SQL syntax to MySQL database that db monitor fails validation?

Is there anyone can tell me what's wrong with my SQL syntax to MySQL database is wrong that db monitor can't be saved...
by benjaminlin1019 Explorer in Splunk Search 10-08-2014
0 1
0
1
Gchouane

Why am I getting different results with filtering and using the append command?

Hello , I would like to generate a customer analysis. I must use order and a customer segmentation. I write a sear...
by Gchouane Engager in Splunk Search 10-08-2014
1 1
1
1
shellnight

How to write a search where the count of an event from the same source exceeds 2 in an hour?

I want to create a search query to search a specific ids event from a source to destination wherever the count of th...
by shellnight Explorer in Splunk Search 10-08-2014
0 2
0
2
davemulligan

How to find all the events since the last instance of a specific event?

I feel like this should be an easy question to find the answer to, but I've spent a good hour or so looking and haven...
by davemulligan Engager in Splunk Search 10-08-2014
0 2
0
2
kearaspoor

How to have a sort command ignore one result/leave it at the bottom of the sort?

I have a search that looks at number of enabled vs disabled users in our AD structure by organizational unit, calcula...
by SplunkTrust SplunkTrust in Splunk Search 10-08-2014
0 2
0
2
jbsplunk

What is the purpose of our Splunk instance phoning home to an external IP over port 443?

We've noticed that our splunk server was phoning home to an external IP over port 443.  What's the purpose of this tr...
by jbsplunk Splunk Employee Splunk Employee in Splunk Search 10-08-2014
2 1
2
1
Top Labels
Get Updates on the Splunk Community!

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

Splunk Developer Day announcements: AI agents, MCP tools, Forecasting, and Custom ...

Splunk Developer Day was packed with product and platform updates for developers building in the AI ...