Splunk Search

Community Activity

	showing table despite no results TYPEMonthKPI_1KPI_2GLOBALOct'217624LOCALOct'214667 I'm searching the table like \| search TYPE="GLOBAL" \| search Mont... by lostcauz3 Path Finder in Splunk Search 12-12-2021 0 2	0	2
	How to Combine two Rex fields and get results in a Table Hi there,I have 2 separate queries that I built using Rex.1. This query captures the logg on and logg off status of t... by GRC Path Finder in Splunk Search 12-11-2021 0 2	0	2
	Subsearch in tstats causing issues I am encountering an issue when using a subsearch in a tstats query. Specifically, I am seeing the count of events in... by GindiKhangura Explorer in Splunk Search 12-10-2021 0 3	0	3
	If specified field value does not exist in the current time period do this Hi, hoping to get some more insight on my current problem. My problem is the following I am using a where clause to c... by splunk3341 Loves-to-Learn Lots in Splunk Search 12-10-2021 0 2	0	2
	Alert when host stops reporting data (IT Essentials Learn) I am attempting to use a search from IT Essentials Learn named "Alert when host stops reporting data - Linux - IT Ess... by jackjack Path Finder in Splunk Search 12-10-2021 0 3	0	3
	Calculate the session duration by the same field's with different values from 2 different events. RAWDATA:user_namemachine_nameevent_namelogon_timeuser1machine1logon12/9/2021 7:20user1machine1logout12/9/2021 7:22use... by psmp Explorer in Splunk Search 12-10-2021 0 10	0	10
	SubSearch Hi, I would have this need, that is to carry out a search that extracts all users who use iphone with SO = 9. * and t... by giorgioanastasi Explorer in Splunk Search 12-10-2021 0 7	0	7
	Fields extract values, display Hi everyone, I'm new here and having a problem filtering of numbers from a message. message: Generated non direct de... by radi09 Engager in Splunk Search 12-10-2021 0 7	0	7
	Pie chart using 2 inputlookup files Aloha, We’ve a reporting requirement to create a Pie chart using 2 input files. So far we’ve successfully created Ba... by marceloalejandr Path Finder in Splunk Search 12-10-2021 0 9	0	9
	Include source file that ended with date (not bz2) Need to declare in spl Include only those file that has ended with date not .bz2 (I don’t want to use NOT) Here is s... by indeed_2000 Motivator in Splunk Search 12-10-2021 0 3	0	3
	Wildcards with "\| lookup" Hi,I'm trying to get wildcard lookups to work using the "lookup" function. I've followed guidance to set up the "Matc... by geomore Explorer in Splunk Search 12-10-2021 0 7	0	7
	{} equivalent on right hand side of eval I hate hardcoding dynamic things. Sooner or later those thing break. I have data with fields ... forecast_2020=400, f... by usd0872 Path Finder in Splunk Search 12-10-2021 0 4	0	4
	Generating _events_ in search Hello there.I was wondering... is there any way to generate _events_ in search?I mean, I know of the makeresults comm... by PickleRick SplunkTrust in Splunk Search 12-10-2021 0 6	0	6
	feed query results to raw data in makeresults \| makeresults\| eval _raw = "user_name machine_name event_name logon_timeuser1 machine1 logon 12/9/2021 7:20user1 mach... by psmp Explorer in Splunk Search 12-09-2021 0 3	0	3
	How to extract json fields from json inside single quotes? Hey I am having difficulties trying to extract fields from my splint logs. They are in the format of’{“field”: “value... by Alanshiau717 New Member in Splunk Search 12-09-2021 0 1	0	1
	SEDCMD vs Transforms to mask data Hi,When we use sedcmd command to mask data it is Indexed time extractions and when we use transforms to mask data it ... by VijaySrrie Builder in Splunk Search 12-09-2021 0 2	0	2
	Timezone offset causing blanks during conversion I have a date column that I'm trying to convert to %m/%d/%Y. The date stamp is a little complex but I got it to work ... by rhilderbrand1 Observer in Splunk Search 12-09-2021 0 4	0	4
	Event breaking to middle text at index time Hello,I have some text I indexing, In the middle I have csv table, and some information at end, look like thisText te... by Dov1 Observer in Splunk Search 12-09-2021 0 1	0	1
	Date Comparison with current date Hi, I am trying to display results in separate panels based on date fields in my dataset. I want to display results ... by rohankin New Member in Splunk Search 12-09-2021 0 4	0	4
	Get the chart count by in the form of percentage Hey folks,I am trying to pull a result based on chart count by, I am also not sure if there is any other command whic... by bijodev1 Communicator in Splunk Search 12-09-2021 0 7	0	7
	Extracting fields from _raw in Splunk Hi All,I'm trying to extract 2 fields from _raw but seems to be a bit of struggleI want to extract ERRTEXT and MSGXML... by ashraf_sj Explorer in Splunk Search 12-09-2021 0 3	0	3
	add multiple spaces for fields hi i want to add multiple space for a fields i tried to use : \| eval fieldname1= fieldname2 . " " . field... by sfatnass Contributor in Splunk Search 12-09-2021 0 11	0	11
	How to use Streamstats command with conditions added ? my tablular output contains columns/fields like,account_number \| colour \| team_name \| business_unitI am getting the ... by zacksoft_wf Contributor in Splunk Search 12-09-2021 0 3	0	3
	How to de-aggregate the STATS result ? I have this query where I need to use stats to aggregate the results based on account_number. Now, some of the resul... by zacksoft_wf Contributor in Splunk Search 12-09-2021 0 4	0	4
	How splunk search work HiI have 4 huge log file that ingest into the Splunk File1File2File3File4 Now i want to know when i search specific s... by indeed_2000 Motivator in Splunk Search 12-09-2021 0 1	0	1