Splunk Search

Community Activity

	Matching several strings in a field I have a field (FIELD1) that may contain one of several strings. These strings may appear in different locations wit... by gelspas Explorer in Splunk Search 09-17-2021 0 4	0	4
	Splunk for analyzing Logs - looking for Big time gaps graph. Hi!I have a log that looks more or less like this: 'H 16-Sep-2021 10:57:03.084; 0:< Jrn.Directive "WindowSize" _... by Arkowski New Member in Splunk Search 09-17-2021 0 0	0	0
	dynamically subtract from counts I am trying to write a splunk query to show what percentage of traffic is split between my on premise and cloud. My s... by UK_Chris_Doyle New Member in Splunk Search 09-17-2021 0 0	0	0
	Machine Learning Toolkit model time shift after apply Has anybody encountered a strange timeshift when applying a model to data Model generation:Apply: by plapila Explorer in Splunk Search 09-17-2021 0 0	0	0
	Data results not aligning with time Been experimenting with ML toolkit and having some weird issues. I can get nice predictions by teaching the data but ... by plapila Explorer in Splunk Search 09-17-2021 0 3	0	3
	regex works on regex101 but not splunk Im trying to get a regex to work in splunk that works in regex101Im using the below regex\b(a_msg)\b[^"]+"([^"]*)"thi... by samneo Path Finder in Splunk Search 09-17-2021 0 4	0	4
	Copy logs from one index to another with use same host information Hi,I want to copy some logs in one index to another index with the same host information. I use collect command to do... by MesutUgurlu New Member in Splunk Search 09-17-2021 0 3	0	3
	When do I move Lookup files to a KVstore? How big is the limit of the Lookup File before moving it to a KVstore? Please. Also please guide me on how to optimize my Lookups for more efficiency. When does one use Lookups vs KVstores? Thank ... by SamHTexas Builder in Splunk Search 09-17-2021 0 1	0	1
	Highlight a table value alone (not the entire cell) HI Splunkers,I am using Splunk tables inbuilt color coding to highlight a cell based on certain condition. The proble... by nadlurinadluri Communicator in Splunk Search 09-16-2021 0 0	0	0
	Help with query Hello - I am new to splunk and am trying to do a search on data that calls out three different fields for duplicates ... by dmtman New Member in Splunk Search 09-16-2021 0 2	0	2
	How to check if a field value from an event matches the results from an ldapsearch. Hi,I am looking to compare a field value against the results of an ldapsearch to check whether the value is present o... by ezmo1982 Path Finder in Splunk Search 09-16-2021 0 3	0	3
	Regex to extract field value from a response [See below] I have this result response[sample]: "{\"meta\":{\"code\":400}},[Content-Type:\"application/json\", Transfer-Encoding... by vivekmisra Observer in Splunk Search 09-16-2021 0 3	0	3
	Can I do multiple joins with different fields Hello I have 3 sets of data and I want to join them all but they don't have the same common field, the trouble I'm ha... by stavbergen Explorer in Splunk Search 09-16-2021 0 1	0	1
	Join results from two lookups My requirement is something like this:Lookup 1 looks like thisName \| Avg_CountA \| 3B \| 7D ... by shaquibk Explorer in Splunk Search 09-16-2021 0 3	0	3
	Add fields in lookup with request without using index or sourcetype looHi everybody, i hope you can help me with my pb.i want add fields in a lookup with a request that dont use index .... by AlexH Engager in Splunk Search 09-16-2021 0 2	0	2
	How to extract sub-transactions from transactions (or how to "reverse" a transaction)? I am parsing SFTP logs of file downloads and want to count how many bytes a specific user downloaded at what time. Th... by Georgi Engager in Splunk Search 09-16-2021 0 4	0	4
	How to consider data grid view in a cell in dashboards? Hello "Good Day"  How to add the progress bar inside the cell in dashoard.i need the dashboard panel format in the ... by renuka Path Finder in Splunk Search 09-16-2021 0 1	0	1
	Subtract two fields and create a timechart I have two fields skill1 and skill2skill2: skill1: Both these queries are producing results: timechart span=... by priyangshupal Engager in Splunk Search 09-16-2021 0 10	0	10
	how to get 2 fields by taking on field Hello I have table in my dashboard IDJan_TargetJan_Actual1506020N/AIn similar way for all monthsnow i need a f... by renuka Path Finder in Splunk Search 09-15-2021 0 4	0	4
	Lookup with wildcard in data, not in lookup table? Hi. I know a lookup file can contain wildcards and use them with the WILDCARD(<field>) setting, but is it possible to... by etoombs Path Finder in Splunk Search 09-15-2021 0 0	0	0
	Missing Stats Data When mean & avg are both present on a "stats" search, the first one in order will be missing so:\| makeresults count=1... by jkwilling Engager in Splunk Search 09-15-2021 0 3	0	3
	timeline chart Hi I have got this log where it shows how much time it takes to load investor page in millisecond(ms)2021-09-15 13:40... by Rkp_splunk Engager in Splunk Search 09-15-2021 0 1	0	1
	I need help with my props conf to extract fields correctly. When I test the regex in both regex101 and using the rex command in the search bar and they parsed out the fields cor... by djreschke Communicator in Splunk Search 09-15-2021 0 1	0	1
	Epoch Date format in reporting Hi ,i have 2 queries .(index=abc OR index=def) category= * OR NOT blocked =0 AND NOT blocked =2\|rex field=index "(?<L... by Susha Engager in Splunk Search 09-15-2021 0 2	0	2
	Need help in extraction Hello all, I am tryin to extract only the highlighted from the below event, however I am failing to extract.Can you p... by srinivas_gowda Path Finder in Splunk Search 09-15-2021 0 2	0	2