Splunk Search

Community Activity

	How to use a trailing space in a string in a search? Hi all, I want to set a condition "credential.helper= ", notice there is a trailing space after the "=". What I want... by humblelearner Observer in Splunk Search 04-18-2022 0 2	0	2
	How can I remove entries from an existing lookup table? I have a lookup table from which I need to remove a couple of lines. How can I do it? by ddrillic Ultra Champion in Splunk Search 04-18-2022 0 3	0	3
	How to suppress an alert where x=y? Don't show a result where the src_ip is X and dest_ip is Y index=test host=test source=test conn_state=sf \| ev... by Qerro Loves-to-Learn in Splunk Search 04-18-2022 0 2	0	2
	Why is there an error while using linear regression in Splunk? Hi, I need to use Linear Regression to predict network volumes at the moment.The index I am using has a number of cat... by POR160893 Builder in Splunk Search 04-18-2022 0 0	0	0
	Is it possible to convert transaction to stats? We have the following command that works well - \| transaction job_name startswith=STARTING keeporphans=true Is i... by danielbb Motivator in Splunk Search 04-18-2022 0 2	0	2
	How to combine tables with identical fields? Hi Splunk Community, I have 2 tables I am attempting to merge together. Both tables are in csvs that I am trying to p... by jpfrancetic Path Finder in Splunk Search 04-18-2022 0 2	0	2
	How to display custom indexed fields within the sidebar in fast mode? Hello,I have configured a custom indexed field via transforms.conf and props.conf as following:transforms.conf: (/ap... by Hendrik2509 Engager in Splunk Search 04-18-2022 0 1	0	1
	How to remove all non-ascii character from search results? I have a fairly large(3,400 records) search result that randomly contains non-ascii characters in any one of the 20 f... by ccloutralex Observer in Splunk Search 04-18-2022 0 2	0	2
	Why are there missing fields with Splunk Java/C# SDK? Hi Team, Because the data storage time of Splunk is limited, we have a scheduled task to export data from Splunk to A... by wlin Loves-to-Learn Lots in Splunk Search 04-18-2022 0 0	0	0
	What is the best way to use multiple time filters on a dashboard? Hello, I have a dashboard with two different time filters. The first time filter is used to filter the _time filter T... by delly_fofie Engager in Splunk Search 04-17-2022 0 3	0	3
	Why does timechart not work? timechart [stats count\|eval app=$A$\|eval search=case(app=="","span=30m count by B",app!="","span=30m count by C")] ... by Jaylon Loves-to-Learn Lots in Splunk Search 04-17-2022 0 3	0	3
	How to search in UTC and of the format yyyy-mm-ddThh:mm:ss.SSSZ? On searching with the criteria, earliest="07/04/2021:09:48:00" latest="07/04/2021:09:48:59" searches in my local time... by msg4sunil Path Finder in Splunk Search 04-16-2022 0 1	0	1
	How to limit the host name coming in the output as only one entry and not multiple times in props.conf? My sample events are like this event 1 My name is Ethan [host="asw.pbrfinance.sdo.dgr.com"] My address is 46e 91 st ... by ethanthomas Path Finder in Splunk Search 04-16-2022 0 1	0	1
	How to use lookup output to use as another lookup file name? Hi, I've been trying to use the output from a lookup as input to another lookup. In the first lookup i have the name ... by rita_25 Loves-to-Learn in Splunk Search 04-15-2022 0 1	0	1
	How to display search directly into visualization tab HI. When we use table in a search rather than going to events it goes to the statistics tab automatically. I would ... by Pat Path Finder in Splunk Search 04-15-2022 0 1	0	1
	How to display timechart for certain time period without being affected by earliest? Im using a search query to search for data in "all time" but want to display timechart only for last 60 days. If i tr... by ojtoids Explorer in Splunk Search 04-15-2022 0 5	0	5
	How to detect a % difference in how often an event happened in x period vs the previous period? Hi, I'm trying to figure out how to detect if one of our ecommerce integrations has an error and the transactions dr... by nicholmikey Explorer in Splunk Search 04-15-2022 0 3	0	3
	More efficient way to search besides macros? Right now I have a lot of macros to help with reports, dashboards and knowledge items in general. We do not really us... by SMM10 Explorer in Splunk Search 04-15-2022 0 2	0	2
	How to extract Timestamp using strptime? Hello! I can't manage to get Splunk to extract the following timestamp at import. 2015-12-01 00:00:00+00 Could you he... by thefoque Observer in Splunk Search 04-15-2022 0 1	0	1
	How to correct timechart after upgrading timechart [stats count \| eval range="$timeRange$" \| eval search=case(range=="-6h", "span=30m ", range=="-1d", "span=1... by Jaylon Loves-to-Learn Lots in Splunk Search 04-15-2022 0 3	0	3
	How to parse a string with special format into objects or variables? Hi there, I have trying to use spath to try to extract fields inside a string. Currently, the string has this format.... by jvdev New Member in Splunk Search 04-15-2022 0 1	0	1
	Creating a new field depending on wildcard search Hi I know this is probably an easy one but I'm new and need some help.I have the following Field Called "Account Name... by ajdyer2000 Path Finder in Splunk Search 04-15-2022 0 2	0	2
	How to convert splunk api response to dataframe pandas? Hi Everyone, thanks to "kamlesh_vaghela" for helping me with importing the userid into the search query. But I am hav... by bijodev1 Communicator in Splunk Search 04-14-2022 0 3	0	3
	How to combine JSON elements in array? I have created a query similar to the below host=nftHost index=paymeNowsource="\\\\epamjhost\Logs\*" \| rex "(Message ... by jbourne89 Explorer in Splunk Search 04-14-2022 0 8	0	8
	How to calculate failure percentage? I am trying to create a dashboard which shows % availability over a set period of time. I am trying to calculate all ... by Rgru Engager in Splunk Search 04-14-2022 0 4	0	4