Splunk Search

Community Activity

Field extraction for space Hi Team,We have one field as Customer=ABC DEF where one space in between where if i am giving any as Customer = *DEF... by Susha Engager in Splunk Search 08-10-2021 0 2	0	2
Create Statistic Table Based on Regex Hi experts, I am new to Splunk and came across this requirement at work.Requirement:I want to create a table showing ... by Wendy Explorer in Splunk Search 08-10-2021 0 4	0	4
Table with two headings Hi ALL, I have the below data in a log . Type = success or error . region names( In, CN, EMEA, APAC) Time ... by Rukmani_Splunk Path Finder in Splunk Search 08-10-2021 0 0	0	0
Displaying difference between two search query stats I am using the following query to retrieve events that I then display. I would like to add another column that is th... by jmalachoSPL64 Engager in Splunk Search 08-10-2021 0 2	0	2
why user with same role not able to see data Hi Guys,I have created a simple query with stats command and I'm able to see the required results.If same search is r... by vikramyadav Contributor in Splunk Search 08-10-2021 0 4	0	4
FInd different value from "-" on column HelloI have a query that gives me the data below:_time \| id \| order_i... by _Mauro_Costa_ Explorer in Splunk Search 08-10-2021 0 2	0	2
deploy and configure apps to a cluster with heavy forwarders Can anyone tell me the steps to deploy and configure multiple apps in a cluster with heavy forwarders. by sam1010 Explorer in Splunk Search 08-10-2021 0 5	0	5
JSON field extraction from JSON event with inner JSON This seems to be an odd issue or at least I've been searching for the wrong thing. My event sourcetype is json and t... by phil_tt Engager in Splunk Search 08-09-2021 0 2	0	2
Filtering data prior to timechart - finding values that are outside of filter I'm seeking to make a spunk timechart of values that match a certain filter:source="/var/log/bcore/ws_metric*" event=... by codekiln Explorer in Splunk Search 08-09-2021 0 1	0	1
Limiting lookup options using a token Hi all,I have a lookup and I'd like to filter based on tokenized value. The lookup dropdown also sets a different tok... by ft_kd02 Path Finder in Splunk Search 08-09-2021 0 1	0	1
Too many results returned from SFDC Lead object I've been having a hard time trying to get a Splunk search that will give me a count of all records in my Lead object... by arist0telis Explorer in Splunk Search 08-09-2021 0 0	0	0
Splunk 8.0.1 : How to change show_source CSS about long lines Hello,After upgrading to Splunk 8 from Splunk 6, it seems that the "show_source" view ( used in "Event actions" -> "... by mpasini Engager in Splunk Search 08-09-2021 0 2	0	2
Props Conf File How would I write the props config file for following events, any help will be highly appreciated, thank you! Thu, 0... by SplunkDash Motivator in Splunk Search 08-09-2021 0 10	0	10
How to increment the field based on the previous value based on the condition? Dear Splunkers, I want to increment the fields value based on Some conditions as like below. Limit \| Chang... by Rajkumarkbm2 Explorer in Splunk Search 08-09-2021 1 4	1	4
Extract JSON objects How can i extract this:"properties": {"nextLink": null,"columns": [{"name": "Cost", "type": "Number"},{"name": "Date"... by vishaltaneja070 Motivator in Splunk Search 08-09-2021 0 1	0	1
Setting a queue for dashboards when maximum of concurrent historical searches has been reached I have a dashboard with several different base searches that is transformative searches. However I get the error of m... by N-W Explorer in Splunk Search 08-09-2021 0 1	0	1
My tstats isn't returning results from the other datasets Hi,I have several datasets that have the exact same format with only the source of the data differing. I've duplicate... by ebs Communicator in Splunk Search 08-09-2021 0 1	0	1
Upload json file to Index I have JSON file around 6 GBCan I upload this file to specific Index instead of send it with POST object by object? by jokovitch Explorer in Splunk Search 08-09-2021 0 1	0	1
How to pass a field from subsearch to main search and perform search on another source How to pass a field from subsearch to main search and perform search on another sourcei am trying to use below to s... by Sivakesava574 Explorer in Splunk Search 08-09-2021 0 5	0	5
Pushing to search head When I try to push to search head from deployer using command /opt/splunk/bin/splunk apply shcluster-bundle -targ... by sam1010 Explorer in Splunk Search 08-09-2021 0 1	0	1
how to make transaction to consider the data from the beginning(i.e oldest data) Hi all, i have a query for transaction,source="abc_data1_*" index="testing" sourcetype="_json" \| transaction startswi... by anooshac Communicator in Splunk Search 08-09-2021 0 7	0	7
convert pivot table into stats Hi everyone,I have a very basic search outputting two types of entries into a field called "event". I need to get a c... by jeck11 Path Finder in Splunk Search 08-09-2021 0 4	0	4
How to hide a column in a table if every value in that column is null? How can I hide/not display a column in a table if every value in that column is null? Sometimes the column will have ... by yacht_rock Explorer in Splunk Search 08-08-2021 2 5	2	5
Search that identifies pattern from JSON value and name it { "message": { "correlation": "12345678", "headers": {}, "protocol": "HTTP/1.1", "remote": "111.11.... by Pramodkuber Engager in Splunk Search 08-08-2021 0 4	0	4
Error, Parameters must be in the form '-parameter value' when I type this command in git bash /opt/splunk/bin/splunk apply shcluster-bundle -target to get cluster status I ... by sam1010 Explorer in Splunk Search 08-08-2021 0 1	0	1