Splunk Search

Community Activity

How to standardize similar words? Hi all,I have two similar words that giving the same meaning. How can I standardize them into one value to prevent in... by aa0 Path Finder in Splunk Search 01-06-2023 0 3	0	3
How to extract a error message string contains "Tarik"? I am using a query and getting the logs but getting "Setting up error code and description" as the error message ... by Aj01 Path Finder in Splunk Search 01-06-2023 0 4	0	4
How to format results getting from multiple append? Query: index="web_app" (application= "abc-dxn-message-api" AND tracepoint= "START") (facility="d55075aaedc86d65776766... by MrIncredible Explorer in Splunk Search 01-06-2023 0 4	0	4
Is there any search to check the memory usage of windows servers and top 5 process taking high usage? Hi All, Good day, we have installed forwarders in multiple windows servers. any splunk search to know the memory usag... by sekhar463 Path Finder in Splunk Search 01-06-2023 0 2	0	2
How to check if value is not null in a comparison? Hi, I want to check if all the value (from different fields) are < a, it will mark as yes. If one of them > a, it wil... by Julia1231 Communicator in Splunk Search 01-06-2023 0 2	0	2
How to inputlookup match against search field? Hi all, I have a inputlookup file named as leavers.csv which ill be automatically update this file contain the userID... by 7ryota Explorer in Splunk Search 01-05-2023 0 1	0	1
How to use stats list() but separate each value with ";"? Hello,I'm using stats list() to merge all my value into one field, but I want them to seperate with each other by ";"... by phamxuantung Communicator in Splunk Search 01-05-2023 0 1	0	1
Why does tstats not work for some feeds with host="unassigned"? We had some feeds with host="unassigned". the following tstats will not return any result for some feeds, but it work... by vl951f Path Finder in Splunk Search 01-05-2023 0 5	0	5
How do I change the span based on the time picker selection using timechart? HI, I have a simple query i.e \|timechart count by something The span should change dynamically, for EX: if I selec... by james_n Path Finder in Splunk Search 01-05-2023 0 5	0	5
Custom Search Command - How can I maintain state for full scope of SPL across multiple invocations of the command script? I'm trying to optimize execution of a custom command by caching information it processes, but just for the duration o... by kmarx Explorer in Splunk Search 01-05-2023 0 1	0	1
Why is SPL receiving error? Hi I have this SPL query but getting this error? Error in 'rename' command: Usage: rename [old_name AS/TO/-> new_name... by BongoNations Explorer in Splunk Search 01-05-2023 0 1	0	1
How to stop custom search command from calling multiple times? I have made a custom search command which accepts some values, forms a network request and submits it. It works great... by arkadyz1 Builder in Splunk Search 01-05-2023 2 3	2	3
Custom Command Protocol Version 2-What needs to be changed when switching from version 1 to version 2? Hi all, I am currently a little bit stuck ... Commands.conf looks like this:[tc]chunked = truefilename = tc.py [t]ret... by pinVie Path Finder in Splunk Search 01-05-2023 0 7	0	7
How to display the count (not the percentage) in the pie chart? Hi, If I want to show the percentage, then I use <option name="charting.chart.showPercent">true</option> but if I w... by zoe Path Finder in Splunk Search 01-05-2023 0 1	0	1
How to use regex lookahead to capture the information from the 4th stanza of my log? I'm trying to use the following search to capture information regarding an identification code: index=calabrio MSG_... by mikecal Explorer in Splunk Search 01-05-2023 0 3	0	3
How to merge results by column values? Hi guys, I have a search for the host with check_id statuses: index="..." exec_mode="..." host="..." check_id="..." ... by Dzmitry Explorer in Splunk Search 01-05-2023 0 2	0	2
How to extract the first field of a list with space and slash? Hello everyone, I have a problem with a request. I tried with this: index="main" sourcetype="st_easyvista_generic" "I... by anissabnk Path Finder in Splunk Search 01-05-2023 0 5	0	5
How does splunk split field contents in dictionary format? current splunk log:user=a,ip=b,info={'gender':1,'Country':2},p=1,target splunk table: user=a,ip=b,gender=1,Country=2,... by Cathy Engager in Splunk Search 01-05-2023 0 2	0	2
How to populate new index from data file? Hi, I need to create an index called "assets" from a JSON data file that I have. However, wen I try and create such a... by POR160893 Builder in Splunk Search 01-05-2023 0 1	0	1
Map command subsearch results losing initial search value from the output? Here is an example of SPL I am trying to run. \| makeresults \| eval ProxyUser="User1,User2,User3" \| makemv delim="," P... by sureshtskumar Explorer in Splunk Search 01-05-2023 0 12	0	12
What is Splunk search runtime? OK I think I know what it is Splunk Search Runtime, but I have not ever thought what values or insights can this feat... by robertisimos Observer in Splunk Search 01-05-2023 0 0	0	0
Why are incidents are not showing in impact tab in Splunk? Hi all, We are creating episodes and incidents are getting created in SNOW , the incident number is available in Acti... by nivets Engager in Splunk Search 01-05-2023 0 0	0	0
How to compare two results every week and display the differences from one index? Hi team,I want to compare two results every week and display the differences from one index. And I want create Jira t... by btluynk Loves-to-Learn Lots in Splunk Search 01-05-2023 0 3	0	3
When I am using this search, I am not getting accurate results? Search: \|tstats count where index=att_acc_app source=applicationissues.log by PREFIX(client_application_name=) _tim... by Harish2 Path Finder in Splunk Search 01-04-2023 0 5	0	5
Why does Dashboard studio datetime looks strange? HI! My Dashboard studio dateime looks strange T. T [Dashboard Studio View ↓ ] namedatetimecounttom2022-12-01T09:00:0... by minpd0309 Explorer in Splunk Search 01-04-2023 0 0	0	0