Splunk Search

Community Activity

savedsearch vs outputlookup- Which one is more efficient to use and should be used as default? I run large searches at the start of each month. Generally I use the saved search commands to retrieve the results on... by MaxJ New Member in Splunk Search 11-08-2022 0 2	0	2
Create a new field based on existing filelds Hello,My requirement is if the field "fields.summary" contains events that contain ".DT", then I want to create a new... by sidtalup27 Explorer in Splunk Search 11-08-2022 0 1	0	1
Log messages counts are getting overlapped in splunk dashboard? Index=dev log-severity=INFO app name=abcd \| rex “tv counts for indicator S = (?<Count>\d+)” \| stats count by _t... by Aryc090908 Explorer in Splunk Search 11-08-2022 0 4	0	4
Can you change the base search depending on a drop down value? I have a dashboard that uses a dbxquery in the base search. I would like to make the dashboard "bilingual".Is it pos... by replicant Engager in Splunk Search 11-08-2022 0 3	0	3
How can I join csv file with id only? i have 2 csv file first one has name and idsecond one has the id only i can extract the common id but i couldn’t find... by mananzeh New Member in Splunk Search 11-08-2022 0 1	0	1
What is the correct time format for "raw" messages? Good afternoon! I'm noticing that my time format in the messages I send to /services/collector/raw isn't being parsed... by metylkinandrey Communicator in Splunk Search 11-08-2022 0 8	0	8
How to extract string between two character @ and >? Hi, I'm trying to extract string "domain.com" from <mail@domain.com> How can i extract string between "@" and ">" ? T... by DavideASR Engager in Splunk Search 11-08-2022 0 1	0	1
Is there a way I could combine the results from the above query with the first query to refine the search command? Hi Community, I have the below search query index=_internal [ `set_local_host`] source=license_usage.log... by _pravin Contributor in Splunk Search 11-08-2022 0 4	0	4
Can we convert to tstats? Hello,Is there a way to convert this query to run with tstats? It is _slow_ when running it for two weeks of data...i... by danielbb Motivator in Splunk Search 11-08-2022 0 2	0	2
How to perform the below condition in Splunk search? I have 3 date columns.I have already calculated the difference between current day and the diff is in days are the va... by dtccsundar Path Finder in Splunk Search 11-08-2022 0 4	0	4
Can I have a dedicated search head that only runs scheduled reports? I have a search head cluster and I will have scheduled reports that send data to a summary index. I don't want other ... by klim Path Finder in Splunk Search 11-07-2022 0 2	0	2
How to change index based on MetaData:Source. Hello, can anyone tell me why this configuration isn’t working?I would like to change index name from main to hue, I’... by mskrzynski Explorer in Splunk Search 11-07-2022 0 10	0	10
How to get multiple distinct counts for subset of logs in single query? Hello, I am currently using the \|append method for some queries, but was curious if there is a better way for me to b... by Damek Engager in Splunk Search 11-07-2022 0 2	0	2
How can I overlay the 7 day, 30 day or 90 day average line over the timechart? Dumb question I cannot find a simple answer to. 藍 If I run a simple timechart search for 7 days, 30 days or 90 days -... by dmbrcx Explorer in Splunk Search 11-07-2022 0 3	0	3
What's the difference between nomv and mvcombine? Could someone please show the difference between nomv and mvcombine with some examples? What I have seen is that both... by nabeel652 Builder in Splunk Search 11-07-2022 0 2	0	2
Help with Eval from Multivalue field? I have a dataset with a multiline field called Logs. The field typically has values like the below, "mId": "Nul... by ff170a Explorer in Splunk Search 11-07-2022 0 3	0	3
How to display a table based on a clicked value of another table? I have a table with 1 column and 6 rows which I'll be changing to 1 row and 6 columns using transpose and eventually ... by sh254087 Communicator in Splunk Search 11-07-2022 0 6	0	6
tstats with where condition \| StatsFileWriterLz4 file open failed file=C:\Splunk\var\run\splunk\srtemp\910252184_17768_a I have a SPL, when first running the result is appearing but once the query is finished the error have shown below: \|... by iamtheclient20 Explorer in Splunk Search 11-07-2022 1 8	1	8
Getting Rex sub pattern error when using counts Index=dev log-severity=INFO app name=abcd \| rex “tv counts for indicator S = (?<Count>\d+)” \| stats count by _... by Aryc090908 Explorer in Splunk Search 11-07-2022 0 3	0	3
Lookup for a value in two lookup table columns? Hi, I have generated a search which return list of hosts and the count of events for these host. sometime the host va... by Hisham Engager in Splunk Search 11-07-2022 0 1	0	1
Annotation based on Existing Value (to avoid duplicate search) On an existing dashboard I have a rather complex query that generates a timechart on which I am looking to use annota... by lennys26 Communicator in Splunk Search 11-07-2022 0 2	0	2
Why is my rex command extracting other text strings I am using the following rex command to extract an id number, which is in the following format: 1e4gd5g7-4fy6-fg567-3... by jhilton90 Path Finder in Splunk Search 11-07-2022 0 7	0	7
Is there a way to be notified(alerted) if any saved searches are modified? I am looking for an alert when any search in (rest /services/saved/searches splunk_server=local) is being modified. by nihvk Explorer in Splunk Search 11-07-2022 0 1	0	1
How to best approach timeseries graph based on multiple fields? Hi, I am looking to create timeseries graph based on multiple fields.we could have multiple hosts and each host have ... by AKG11 Path Finder in Splunk Search 11-07-2022 0 5	0	5
How to visualize ongoing actions based on start/stop time? Hi,I have events which are received when action is finished on my system. Event contains start and stop time for acti... by karjsim Loves-to-Learn Lots in Splunk Search 11-07-2022 0 9	0	9