Splunk Search

Community Activity

How would I write the following if statements in Splunk? How would I write the following statements in Splunk?Variables are start_access and last_accessStatementIf 20 days ha... by troy44112 Explorer in Splunk Search 05-25-2022 0 1	0	1
How to search Data correlation solution Hi Community, I have this problem about data correlation, here's the detail. The source file is a test result summary... by cecilia_cheng1 Explorer in Splunk Search 05-25-2022 0 10	0	10
Why do we have the --not exporting configurations globally to system-- message? We have this message popping out - -- Search peer SH name has the following message: Health Check: One or more apps... by danielbb Motivator in Splunk Search 05-25-2022 0 7	0	7
How to Fill Null for fail or exception Hi here is my spl, that show different status: index="myindex" \| rex "status\[(?<status>\w+)"\| stats count(status) by... by indeed_2000 Motivator in Splunk Search 05-25-2022 0 4	0	4
Help comparing outputcsv to inputcsv Hi Team.I have a big ol search that tables a bunch of resource usage data. Now i smack and outputcsv on that badboy, ... by michaelnorup Communicator in Splunk Search 05-24-2022 0 4	0	4
How to create a search to check single user having multiple transaction? Hello Team @SPL, Was working on some of the development activity, got stuck at some level. We have a scenario where I... by splkjk Explorer in Splunk Search 05-24-2022 0 3	0	3
Indexing data rather than the log file containing the data? Is it possible to ship only specific statements from a log file, to be indexed on Splunk rather than indexing the ent... by asamurphy Engager in Splunk Search 05-24-2022 0 2	0	2
How to add Dynamic Json path addition in splunk query Hi Team, I have below JSON structure data.searchByUserName.customerDetails.... data.searchByLastName.customerDetail... by mayurkale471757 Explorer in Splunk Search 05-24-2022 0 1	0	1
Why are eval fields not in table? Hi, Iam trying a simple query where i want to see the percentage of calls with a particular response time in splunk a... by Span Engager in Splunk Search 05-24-2022 0 1	0	1
Is there Documentation on Sumo logic data migration to Splunk? Hello, we are trying to find a way to import sumo logic data into Splunk, existing sumo logic is getting replace by ... by deveshbais New Member in Splunk Search 05-24-2022 0 1	0	1
Lookup Editor: Can I open a specific lookup file from a link in my dashboard? Hello All,I am wanting to create a user-defined "dictionary" for a dashboard and would desire for the user to click o... by actionabledata Path Finder in Splunk Search 05-24-2022 0 1	0	1
How can I index logs to a specific splunk cloud? Hi there, If I have several splunk clouds and a heavy forwarder on-premise, how can I configure the heavy forwarder t... by zcx01067 Explorer in Splunk Search 05-24-2022 0 1	0	1
Multivalued field mapping issue from an nested XML source Hello Splunkers!I have an issue in grouping multivalued field after extracting fields from nested xml. The sample is ... by sundarrajan Path Finder in Splunk Search 05-24-2022 0 2	0	2
Why do daily outputlookup searches have zero results and leave an empty lookup file? We often create daily lookups from our search results, which are then used for several other key searches. On occasio... by pj Contributor in Splunk Search 05-24-2022 5 8	5	8
Can I press enter in a splunk search and not do a search it just moves the text to a new line. Can I press enter in a splunk search and not do a search it just moves the text to a new line. In excel it is to pr... by HattrickNZ Motivator in Splunk Search 05-24-2022 0 4	0	4
Help with Transforming an ingest of timestamped data into a weekly backlog graph Hi forum! I have a couple of tricky questions on working with same indata and same type of graphs... I am currently w... by Tomten72 Loves-to-Learn in Splunk Search 05-24-2022 0 0	0	0
How to compare splunk ingestion volume? Hi Team, I'm looking for a query to compare Splunk ingestion volume between the current date and a week ago i.e compa... by kranthimutyala Path Finder in Splunk Search 05-24-2022 0 4	0	4
How to Multiple Source Type Search? Hello, I need some help. I am new to Splunk and have run into an issue. I want to have table that will display Comp... by coldwolf2000 Explorer in Splunk Search 05-24-2022 0 5	0	5
Why does search only return partial columns? Hello folks, Been busting my head here.. trying to pull data from multiple sourcetypes which I thought would run lik... by JohnF Engager in Splunk Search 05-24-2022 0 3	0	3
Why is the strptime() eval not returning anything? I am using imported CSV data to search throughout Splunk and the CSV file defines the column TIME and only includes t... by loganjwb Engager in Splunk Search 05-24-2022 0 5	0	5
How to append string to timechart data labels? Hi, I have a column timechart with numerical values, and I would like to add strings, or characters, after these valu... by dzyfer Path Finder in Splunk Search 05-24-2022 0 4	0	4
How to create a search check on a single day which a user had done transactions for more than 3 different vendors? Hello Splunkers, @SPL , Was working on some of the development activity, got stuck at some level. We have a scenario ... by splkjk Explorer in Splunk Search 05-23-2022 0 3	0	3
How to get result for field value difference? Working with this query, I'm hoping to get only results where field values are greater than the other. index="ind... by EvansB Path Finder in Splunk Search 05-23-2022 0 4	0	4
Identify computers not being used I believe that we have computers on our domain that are not actively being used by users and I would like to highligh... by tonygpe New Member in Splunk Search 05-23-2022 0 3	0	3
Why do I have an error in my search? It says that my eval is malformed, any suggestions? \| inputlookup US.csv \| eval current_date=strftime(time(),"%Y-%m... by Italy1358 Path Finder in Splunk Search 05-23-2022 0 10	0	10