Splunk Search

Community Activity

Top Command not Returning Results I am using a chart command to get a list of IP's and servers with an error. I am attempting to only get the top 10 re... by SMM10 Explorer in Splunk Search 11-26-2021 0 4	0	4
how to assign new field for sum(fields) for further calculations Hi ,My query is like below, index=s sourcetype=Fire\| fillnull value=""\| eval OS=case(like(OS,"%Windows%"),"Windows",l... by dtccsundar Path Finder in Splunk Search 11-25-2021 0 1	0	1
Help searching dataset with a date field Hi I'm looking to search a dataset to returns entries from yesterday's date based off a date field which has been con... by solaced Explorer in Splunk Search 11-25-2021 0 3	0	3
Help with time conversion needed Hello,We have a chart in the dashboard, where the x-axis is the time. We defined a drilldown, where the $ts$ token sh... by damucka Builder in Splunk Search 11-25-2021 0 17	0	17
Eval error, reason unknown Good afternoon everyone! I'm hoping someone can assist in shedding some light on the following issue.I'm getting the ... by Kenhyper Explorer in Splunk Search 11-25-2021 0 6	0	6
how to get line chart(timechart) for 2 fields Hi,I have to create a trending chart for 30 days using the below search .I am not getting the trending using timechar... by dtccsundar Path Finder in Splunk Search 11-25-2021 0 1	0	1
Is it possible to email alerts with only an attachment, so without "view results" and "alert" links? I know there is an option "advanced search" but I can't find an option there to exclude the links by rrovers Contributor in Splunk Search 11-25-2021 0 2	0	2
Error in 'eval' command: The expression is malformed. Expected AND. Hello,I am trying to execute the following query but keep getting... Error in 'eval' command: The expression is malfo... by woodencraft Loves-to-Learn in Splunk Search 11-25-2021 0 6	0	6
Split merged events Hello Splunk Community, I have a merged event which shows if a service is running or down. Here is an example of the... by zoebanning Path Finder in Splunk Search 11-24-2021 0 2	0	2
Hello Experts, I would like to take report for employees who are completed four different certification courses I would like to take report for employees who are completed four different certification courses from my data. For ex... by Ashwini_5 Explorer in Splunk Search 11-24-2021 0 7	0	7
Added data issues Greetings,I was told by my instructor to use your product for an assignment, however, I am not getting the results th... by malleva New Member in Splunk Search 11-24-2021 0 1	0	1
two search queries with join not working I have two separate search queries which are working separately but when i am trying to get data by joining them its ... by lovelyshrm421 Explorer in Splunk Search 11-24-2021 0 16	0	16
Search comparison not working Hi - I have some data that looks like this, which ingests into splunk with no issues at all 11/24/2021 08:47:21.321... by randy_moore Path Finder in Splunk Search 11-24-2021 1 3	1	3
how to extract extract wildcard key name in nested json Sample JSON { message: { application: hello deploy: { X: { A: { QPY: 14... by crazymonkey Observer in Splunk Search 11-24-2021 0 6	0	6
assign the value to another variable and set an alert hello,I would like to ask a question on how to assign the value to another variable and set an alert.I have a this da... by ycho1 Explorer in Splunk Search 11-24-2021 0 4	0	4
Is it possible to convert a \|stats values() as to create a delimited csv outputlookup? Hi I am trying to speed up a query.When I run >>> index=foo \| stats values(host) as F_host It take less than a minute... by Glasses Builder in Splunk Search 11-24-2021 0 3	0	3
Join between indexes and sum fields Hi all, I have two indexes with the following fields:index=sofwaresw version authorsoftw... by giulio Engager in Splunk Search 11-24-2021 0 3	0	3
Improve Speed of Correlation Search Hello, thank you for taking the time to consider my question. I currently have a working SPL search that retrieves IP... by cfloquet Path Finder in Splunk Search 11-24-2021 0 0	0	0
Is there a way in Splunk to change the timezone or a raw event from UTC to EST or vica versa? I am trying to correlate 2 different logs one is in EST and the is in UTC. The UTC logs, I have tried to specific the... by djreschke Communicator in Splunk Search 11-24-2021 0 10	0	10
Relative time search to find last updated dashboards Hello, Can you tell me please why the below does not work?\| rest splunk_server=local servicesNS/-/-/data/ui/views/\| w... by SplnkUse Path Finder in Splunk Search 11-24-2021 0 1	0	1
What is the best way to get a scheduled saved search creation date? I do not want to run through _audit logs to find when the initial schedule kicked in. Rest call for the list of save... by pradeepkumarg Influencer in Splunk Search 11-24-2021 0 2	0	2
Help with search then loookup Hi,The following is my search:index=pace ERROR OR FATAL OUI=* Number=*\| stats count by OUI Number\| sort -count After ... by luuken New Member in Splunk Search 11-24-2021 0 2	0	2
How can I not index commented lines from my files? How can I avoid having lines that are commented within my files from being indexed by Splunk? Lets say I have a log ... by Rob Splunk Employee in Splunk Search 11-24-2021 1 6	1	6
Error in 'where' command: The operator at '>=2101 and week<=2152' is invalid. Hi I am trying to filter data using week data using 2 dropdowns. Please find info below snippet. the below code throw... by deruvara Explorer in Splunk Search 11-23-2021 0 2	0	2
Missing fields in Splunk that were previously there Hey all,I have the Splunk add on for unix/linux deployed to about ~70 servers. All was working fine (and has been for... by Stefanie Builder in Splunk Search 11-23-2021 0 1	0	1