Splunk Search

Community Activity

	find which event belong to which file in compress file HiI have compress file that contain several files. in source just show compress file. e.g compress files name is log.... by indeed_2000 Motivator in Splunk Search 08-15-2021 0 1	0	1
	Subesearch with Inputlookup I want to run a base query where some fields has a value which is present in inputlookup table For example, I have ... by Shimon81 Explorer in Splunk Search 08-15-2021 0 7	0	7
	How to compare 2 columns of a table when we use 'chart' command ? I have used the below query to create one table: index=abc sourcetype=xyz source=*.txt host=host1 OR host=host2 \| rex... by georgear7 Communicator in Splunk Search 08-15-2021 0 6	0	6
	Search 1 dashboard panel - Search 2 dashboard panel = third dashboard panel difference between two searches. Search 1 dashboard panel - Search 2 dashboard panel = third dashboard panel difference between two searches. Here is ... by pir8radio Path Finder in Splunk Search 08-14-2021 0 2	0	2
	subsearch result as source I am trying to craft a search that uses the most recent source as the basis for my search. The source is a file path... by mpartee Engager in Splunk Search 08-14-2021 0 4	0	4
	Search shows events only and not statistics in Splunk 6.2 BElow query shows expected statistics table in Splunk 8.2, but shows only events in Splunk 6.2. YOUR_SEARCH \| fields... by ruhibansal Explorer in Splunk Search 08-14-2021 0 5	0	5
	Compare logs between two different datacenter and match the value. I have two different datacenter . hostA and hostB are like datacenters and 1,2,3.... are hosts. hostA-1, hostA-2, hos... by DougiieDee Explorer in Splunk Search 08-14-2021 0 4	0	4
	How to use a field other than _time in timecharts I have an issue, and I found a posting here that I thought would fix me up, but there is something wrong and I am not... by mmpratt Observer in Splunk Search 08-13-2021 0 2	0	2
	How can i get only one data on column table instead of having multiple due to params? operationNameurlsavg_timemax_timecountMethodUsingGEThttps://www.google.com/api/v1/571114808/CAR.202https://www.google... by DougiieDee Explorer in Splunk Search 08-13-2021 0 5	0	5
	Find changes in query HelloAre there any internal logs in Splunk that show changes made to the query, who made it and what change he made? by havatz Explorer in Splunk Search 08-13-2021 0 1	0	1
	Skipped Searches Hi everyone, I have some questions about skipped searches. With the following search, I have found, that on my SH I h... by g_paternicola Path Finder in Splunk Search 08-13-2021 0 3	0	3
	How to check in date in field is within range Hi, I am trying to check if date that is stored within a field in table is within the last 24h from the moment the se... by kxmorrr Engager in Splunk Search 08-13-2021 0 1	0	1
	Delete events from a query with a command that is 'not distributable streaming' We have a Splunk instance that keeps copies of Jira tickets which have changed over time. Anytime there is a change ... by bhooker_axcient Engager in Splunk Search 08-13-2021 0 1	0	1
	[Forwarder] extract field from flow tcp 514 Hi,I have a data stream on the forwarder, streaming on the 514. the data is correctly indexed. But I would like to ex... by SuperMisterT Loves-to-Learn Everything in Splunk Search 08-13-2021 0 11	0	11
	Field Extractor - extract digit from brackets Hi,I would like to extract particular digit from brackets, index it as follows and based on that create stats hourly.... by darspla Explorer in Splunk Search 08-13-2021 0 7	0	7
	Date Format and Time Format Hello,What would be my TIME_FORMAT for prop configuration file for this events2021-06-08T13:26:53.665000-04:00\|PGM\|mt... by SplunkDash Motivator in Splunk Search 08-13-2021 0 5	0	5
	Splunk Time difference search I have two results of servers list as per last 30 days and last 12 hrs. I want to compare and find out which servers ... by Sirius27 New Member in Splunk Search 08-12-2021 0 3	0	3
	search 2 logfiles from same source, but different fields. I have an index which contains data from many logfiles. I want to search for specific data in log1 and display with ... by dbrooks_CIR New Member in Splunk Search 08-12-2021 0 1	0	1
	Indexed field is not showing up when I use "=" in the search. We use cribl for field extraction. `Action` is a field that is being parsed from cribl and it should be a indexed fie... by paras Explorer in Splunk Search 08-12-2021 0 1	0	1
	TIME_PREFIX for props Hello, how can I write TIME_PREFIX for props conf file for following sample event. Any help will be highly appreciate... by SplunkDash Motivator in Splunk Search 08-12-2021 0 2	0	2
	Return NOT matching events Hi,I am trying to return values that DO NOT MATCH the search between an index and .csv fileEx - this returns the valu... by munisb Explorer in Splunk Search 08-12-2021 0 1	0	1
	PROPS Config...Different Time Formats within Same Source File Hello,I am a source file which has events with 2 different file formats. How would I write TIME_FOMAT for my PROPS ... by SplunkDash Motivator in Splunk Search 08-12-2021 0 1	0	1
	PROF Conf Issues Hello, I was trying to write PROPS configuration file following sample events...2021-06-08T13:26:53.665000-04:00\|PGM\|... by SplunkDash Motivator in Splunk Search 08-12-2021 0 1	0	1
	How to list field and their values? My log is formatted like this:labels: {<!-- --> app: splunk-kubernetes-metrics app.kubernetes.io/managed-by: Helm... by truongvinh2112 New Member in Splunk Search 08-12-2021 0 4	0	4
	How to change the order of fields when chart is used index="www1" sourcetype="access_combined_wcookie" action=* status<=400\| timechart span=1d count(action) by clientip u... by nnonm111 Path Finder in Splunk Search 08-12-2021 0 1	0	1