Splunk Search

Community Activity

How to use Streamstats command with conditions added ? my tablular output contains columns/fields like,account_number \| colour \| team_name \| business_unitI am getting the ... by zacksoft_wf Contributor in Splunk Search 12-09-2021 0 3	0	3
How to de-aggregate the STATS result ? I have this query where I need to use stats to aggregate the results based on account_number. Now, some of the resul... by zacksoft_wf Contributor in Splunk Search 12-09-2021 0 4	0	4
How splunk search work HiI have 4 huge log file that ingest into the Splunk File1File2File3File4 Now i want to know when i search specific s... by indeed_2000 Motivator in Splunk Search 12-09-2021 0 1	0	1
Cluster Map doesnt show correct events Hello guys, I have a problem with the "Cluster Map" so I have add a log 2 weeks ago and when I do a search about the... by michel_wolf Path Finder in Splunk Search 12-08-2021 1 3	1	3
Setting sourcetype with a complex regex - transforms.conf I am using transforms.conf to pull the sourcetype from the source via a complex regex. It doesn't seem to be working,... by Jason Motivator in Splunk Search 12-08-2021 2 8	2	8
Enable/Disable indexing a debug log file on demand? Is there any easy way to enable/disable indexing of a debug log file so that it can be indexed only when needed? We h... by mwhitake78 Explorer in Splunk Search 12-08-2021 0 6	0	6
Passing a time restriction while using join Hello,I would like to ask, if it is possible to pass a time restriction to a subsearch of an join ? Unfortunately I d... by blablabla Path Finder in Splunk Search 12-08-2021 0 10	0	10
Distsearch.conf Hi,What are the 4 important attributes to be considered under distsearch.conf by VijaySrrie Builder in Splunk Search 12-08-2021 0 2	0	2
Data in source shows Y/N for fields investor, borrower, guarantor, benefic for each customer. How can I show pie chart? I have data in source which shows Y/N for fields investor, borrower, guarantor, benefic for each customer. Need to sh... by cadrija Path Finder in Splunk Search 12-08-2021 0 2	0	2
The search you ran returned a number of fields that exceeded the current indexed field extraction limit='200' The search you ran returned a number of fields that exceeded the current indexed field extraction limit='200'To ensur... by jbanAtSplunk Communicator in Splunk Search 12-08-2021 0 0	0	0
How to count for each host Hi every one I have some difficulty to count my consumedHostUnits I have this commande : index="dynatrace_hp" \| searc... by incoghnito_1 Engager in Splunk Search 12-08-2021 0 2	0	2
need to update values of a lookup search by count Splunk Queryindex="abc" source=def[\| inputlookup ABC.csv \| table text_strings count \| rename text_strings as search]P... by pkharbanda1021 Engager in Splunk Search 12-07-2021 0 16	0	16
How to add a new column in table results Hi,I am providing sample data below:[2021-12-07 03:50:14,666] {<!-- -->{taskinstance.py:1532}} INFO - Marking task as FAILED.... by kapoorsumit2020 Loves-to-Learn Everything in Splunk Search 12-07-2021 0 2	0	2
Matching field values to text I have a base search:index=oswin EventCode=19 SourceName="Microsoft-Windows-WindowsUpdateClient" earliest=-10d Comput... by dsb6 Loves-to-Learn Lots in Splunk Search 12-07-2021 0 6	0	6
does OCI loggin addon work? Hi everyone, Recently, I have tried to install the OCI addon in a test enviroment but it does not work. According to ... by saraque Observer in Splunk Search 12-07-2021 0 0	0	0
Filtering substring content I have a search which looks at rare events in Windows Event Logs and provides output shown below.source="winevtlog:se... by RedHonda03 Explorer in Splunk Search 12-07-2021 0 1	0	1
how to display stats results by values(field) I am using the following query and trying to display the results using stats but count by field valuessearch query \| ... by pkharbanda1021 Engager in Splunk Search 12-07-2021 0 7	0	7
inner join i have a query likeindex = xyz\| eval assignment= upper(assignment)\| eval SO = upper(SO)\| eval Ser = upper(Ser)\| join ... by lostcauz3 Path Finder in Splunk Search 12-07-2021 0 7	0	7
RFE: Do not strip out formatting when using the Expand your search feature When using the Expand your search feature, the Expanded Search String output is stripped of any custom formatting, pa... by SCMsplConfig Engager in Splunk Search 12-07-2021 1 2	1	2
using regex for field extraction I am trying to extract the action=* from this field, in this event its add. I've trying extracting through how you wo... by dylanhess Engager in Splunk Search 12-07-2021 0 2	0	2
Extract browser type and device from User agent Hi, I've been reading number of posts about how to extract the OS and browser details but I don't think there is a be... by shashank_24 Path Finder in Splunk Search 12-07-2021 0 5	0	5
chart visualization HelloI have a table with user gcid and user score and i want to show it as a bar chart so the Xis will be the gcid nu... by sarit_s Communicator in Splunk Search 12-07-2021 0 2	0	2
Timechart , how to display value of the field using tmechart command , I want to display values of 7 filds.. i don't want to use avg, sum functions.. just i want t... by jshanaiah Explorer in Splunk Search 12-07-2021 0 3	0	3
I am using geostats, I want to show multiple fields in the tooltip. Please help. My current querysource="VLS_OUTSTANDING_GEO.csv" host="dev-bnk-loaniq-" sourcetype="csv" \| geostats latfield=AREA_LAT... by cadrija Path Finder in Splunk Search 12-07-2021 0 0	0	0
Help with Stats / Tstats and exclude devices based on OS version Hello All, We currently use the following search to list all the Windows hosts in our environment. \| tstats dc(hos... by neerajs_81 Builder in Splunk Search 12-07-2021 0 4	0	4