Splunk Search

Community Activity

Duration between two events with conditions Hi guysIm pretty new to Splunk and do not know how to create the search I need.We are forwarding events from our Faul... by pgraf Observer in Splunk Search 07-06-2021 0 3	0	3
Nutanix Hi All,We configured logs of a nutanix cluster to be pushed to splunk. Inside splunk, I can see logs that shows that ... by splunknewbie81 Engager in Splunk Search 07-06-2021 0 1	0	1
Why is my lookup not working, but inputlookup is working? My lookup is named FutureHires and \| inputlookup FutureHires shows that the lookup is being pulled in correctly. Howe... by katzr Path Finder in Splunk Search 07-06-2021 0 6	0	6
Need help to create alert for a huge number of events Dear Splunkers, Hello. I am new to Splunk and have task to create alert for following scenario:Each minute we receive... by Gene Path Finder in Splunk Search 07-06-2021 0 1	0	1
Splunk Config Files Location Hi everyone, We are currently looking a config file(s) that consist of the details below, instead of running executab... by mnestaz Engager in Splunk Search 07-06-2021 0 2	0	2
Search Results into a table Hi guys, I am new to splunk and would like to create a report based off the number of times a particular windows even... by splunknewbie81 Engager in Splunk Search 07-05-2021 0 2	0	2
Three Join Splunk query Hello; I understand joins are expensive in Splunk. When I have a query that has two joins, which query executes first... by benj851 Explorer in Splunk Search 07-05-2021 0 1	0	1
How does splunk extract search time fields in "interesting fields"? which props.conf setting does splunk use to extract interesting fields from _raw field.I am trying to use collect com... by goelt2000 Explorer in Splunk Search 07-05-2021 0 4	0	4
Transform a field into table view Hi,I have a field called sequence_anomalies which consists of a lot of individual elements. Once I made it into a tab... by MikeJu25 Path Finder in Splunk Search 07-05-2021 0 2	0	2
Combine dynamic fields into a multivalued field in a search Hi All,I'm working on a search, where I currently have the following:..base search..\| table static_name, static_time,... by shivanshu1593 Builder in Splunk Search 07-05-2021 0 16	0	16
SPL search query to combine two tables Hi,I have database table and anomaly table. Both tables have a field database_id. Now I am interested in the status a... by MikeJu25 Path Finder in Splunk Search 07-05-2021 0 2	0	2
Makemv function does not work inside join Do we know the reason why Splunk search has below behaviour: Search-1: \| makeresults \| eval group_by_field="A", other... by VatsalJagani SplunkTrust in Splunk Search 07-05-2021 0 2	0	2
Finding difficulty in getting the result as count Hello all, I am facing an issue below while trying to get the result to add in the dashboard. Here I am trying to get... by srinivas_gowda Path Finder in Splunk Search 07-05-2021 0 3	0	3
Running rex within an eval/if Hello, I Googled and searched the Answers forum, but with no luck. Below, in psuedo code, is what I want to accomplis... by genesiusj Builder in Splunk Search 07-04-2021 0 19	0	19
How to convert epoch time with milliseconds into splunk at indexing time I have a file that I am monitoring has time in epoch format milliseconds .What setting should be placed in the props... by vrmandadi Builder in Splunk Search 07-04-2021 0 7	0	7
EventID - account name from 2 different events in one search Hi all, I'm a Splunk beginner and I'm having a hard time getting this particular search down.My objective is to get t... by icewolf69 Loves-to-Learn Everything in Splunk Search 07-03-2021 0 3	0	3
What is an interesting field? sourcetype=access_combined \| fields clientip host action status All Fields Selected Fields aaction 5 ahost 3 Intere... by vipmakka Engager in Splunk Search 07-03-2021 1 7	1	7
How to think about wildcard/bulk renaming in AS clause when piping to eval? We have three cases of wildcard renaming preceding an eval command that result in errors (searches below):In Case 1 w... by curtismcginity Explorer in Splunk Search 07-02-2021 0 2	0	2
inputlookup help Hello,It is the first time that I am going to use this command and the truth is I am a bit confused even though I hav... by splunkcol Builder in Splunk Search 07-02-2021 0 2	0	2
How to add a new row, and copy some values from other rows, while changing others. Hello all, I currently have the following data set, and a table will look like this:TestIterationResultsTest11400Test... by xaxvier Engager in Splunk Search 07-02-2021 0 0	0	0
How would I return the value of a correlating field by giving the value of another field... I am working with a stats table with 7 fields.\| tstats count as "f" where a=* b=* c=* d=* e=* by a b c d e\| stats ... by jason_hotchkiss Communicator in Splunk Search 07-02-2021 0 3	0	3
NOT Statement based on lookup not working I am trying to remove logs based on a lookup. This is what I am using: index=myindex "string_to_search_for" NOT [... by rogueakula1 Loves-to-Learn Lots in Splunk Search 07-02-2021 0 2	0	2
Stats Command and timestamp Hi ,I am using a stats command with a "by" time field, but i am not getting the result.If i remove the time field i a... by chuck_life09 Path Finder in Splunk Search 07-02-2021 0 3	0	3
How to get Field values as column names/headers in the table output Hi Team,I have a simple requirement but unable to get it. I am using a queryindex=tms sourcetype=kafka type=ssh\| stat... by poddura Observer in Splunk Search 07-02-2021 0 1	0	1
Sort column headers in timechart - customize Hi,I would like to ask you, of there is some possibility order column based on requirement.Case: <search> \|eval lower... by martin86 Engager in Splunk Search 07-02-2021 0 2	0	2