Splunk Search

Community Activity

Why can't I delete lookup table files? Hello, As an admin, I tried to delete a lookup table file. I had copied all the apps back to the search head cluster... by tkw03 Communicator in Splunk Search 12-13-2021 2 3	2	3
How can I use sha1 in my Splunk search We save hash values from our ids and I want to search for them. I would expected I can do it this way:index=blub id=s... by pk87 Engager in Splunk Search 12-13-2021 0 9	0	9
How can we add a single column from 2nd table to 1st table using search query in Splunk Hi,I have two tables and in first table it contains 13 columns and from second table only one column i need to add to... by Narendra045 Explorer in Splunk Search 12-13-2021 0 3	0	3
How to Optimize Splunk Search to avoid "auto-finalized after disk usage limit of 100MB" When running the following search for a 24hr period it is always being auto-finalized due to disk usage limit of 100M... by nateNpgh Loves-to-Learn Lots in Splunk Search 12-13-2021 0 13	0	13
showing table despite no results TYPEMonthKPI_1KPI_2GLOBALOct'217624LOCALOct'214667 I'm searching the table like \| search TYPE="GLOBAL" \| search Mont... by lostcauz3 Path Finder in Splunk Search 12-12-2021 0 2	0	2
How to Combine two Rex fields and get results in a Table Hi there,I have 2 separate queries that I built using Rex.1. This query captures the logg on and logg off status of t... by GRC Path Finder in Splunk Search 12-11-2021 0 2	0	2
Subsearch in tstats causing issues I am encountering an issue when using a subsearch in a tstats query. Specifically, I am seeing the count of events in... by GindiKhangura Explorer in Splunk Search 12-10-2021 0 3	0	3
If specified field value does not exist in the current time period do this Hi, hoping to get some more insight on my current problem. My problem is the following I am using a where clause to c... by splunk3341 Loves-to-Learn Lots in Splunk Search 12-10-2021 0 2	0	2
Alert when host stops reporting data (IT Essentials Learn) I am attempting to use a search from IT Essentials Learn named "Alert when host stops reporting data - Linux - IT Ess... by jackjack Path Finder in Splunk Search 12-10-2021 0 3	0	3
Calculate the session duration by the same field's with different values from 2 different events. RAWDATA:user_namemachine_nameevent_namelogon_timeuser1machine1logon12/9/2021 7:20user1machine1logout12/9/2021 7:22use... by psmp Explorer in Splunk Search 12-10-2021 0 10	0	10
SubSearch Hi, I would have this need, that is to carry out a search that extracts all users who use iphone with SO = 9. * and t... by giorgioanastasi Explorer in Splunk Search 12-10-2021 0 7	0	7
Fields extract values, display Hi everyone, I'm new here and having a problem filtering of numbers from a message. message: Generated non direct de... by radi09 Engager in Splunk Search 12-10-2021 0 7	0	7
Pie chart using 2 inputlookup files Aloha, We’ve a reporting requirement to create a Pie chart using 2 input files. So far we’ve successfully created Ba... by marceloalejandr Path Finder in Splunk Search 12-10-2021 0 9	0	9
Include source file that ended with date (not bz2) Need to declare in spl Include only those file that has ended with date not .bz2 (I don’t want to use NOT) Here is s... by indeed_2000 Motivator in Splunk Search 12-10-2021 0 3	0	3
Wildcards with "\| lookup" Hi,I'm trying to get wildcard lookups to work using the "lookup" function. I've followed guidance to set up the "Matc... by geomore Explorer in Splunk Search 12-10-2021 0 7	0	7
{} equivalent on right hand side of eval I hate hardcoding dynamic things. Sooner or later those thing break. I have data with fields ... forecast_2020=400, f... by usd0872 Path Finder in Splunk Search 12-10-2021 0 4	0	4
feed query results to raw data in makeresults \| makeresults\| eval _raw = "user_name machine_name event_name logon_timeuser1 machine1 logon 12/9/2021 7:20user1 mach... by psmp Explorer in Splunk Search 12-09-2021 0 3	0	3
How to extract json fields from json inside single quotes? Hey I am having difficulties trying to extract fields from my splint logs. They are in the format of’{“field”: “value... by Alanshiau717 New Member in Splunk Search 12-09-2021 0 1	0	1
SEDCMD vs Transforms to mask data Hi,When we use sedcmd command to mask data it is Indexed time extractions and when we use transforms to mask data it ... by VijaySrrie Builder in Splunk Search 12-09-2021 0 2	0	2
Timezone offset causing blanks during conversion I have a date column that I'm trying to convert to %m/%d/%Y. The date stamp is a little complex but I got it to work ... by rhilderbrand1 Observer in Splunk Search 12-09-2021 0 4	0	4
Event breaking to middle text at index time Hello,I have some text I indexing, In the middle I have csv table, and some information at end, look like thisText te... by Dov1 Observer in Splunk Search 12-09-2021 0 1	0	1
Date Comparison with current date Hi, I am trying to display results in separate panels based on date fields in my dataset. I want to display results ... by rohankin New Member in Splunk Search 12-09-2021 0 4	0	4
Get the chart count by in the form of percentage Hey folks,I am trying to pull a result based on chart count by, I am also not sure if there is any other command whic... by bijodev1 Communicator in Splunk Search 12-09-2021 0 7	0	7
Extracting fields from _raw in Splunk Hi All,I'm trying to extract 2 fields from _raw but seems to be a bit of struggleI want to extract ERRTEXT and MSGXML... by ashraf_sj Explorer in Splunk Search 12-09-2021 0 3	0	3
add multiple spaces for fields hi i want to add multiple space for a fields i tried to use : \| eval fieldname1= fieldname2 . " " . field... by sfatnass Contributor in Splunk Search 12-09-2021 0 11	0	11