Splunk Search

Community Activity

SPL search query to combine two tables Hi,I have database table and anomaly table. Both tables have a field database_id. Now I am interested in the status a... by MikeJu25 Path Finder in Splunk Search 07-05-2021 0 2	0	2
Makemv function does not work inside join Do we know the reason why Splunk search has below behaviour: Search-1: \| makeresults \| eval group_by_field="A", other... by VatsalJagani SplunkTrust in Splunk Search 07-05-2021 0 2	0	2
Finding difficulty in getting the result as count Hello all, I am facing an issue below while trying to get the result to add in the dashboard. Here I am trying to get... by srinivas_gowda Path Finder in Splunk Search 07-05-2021 0 3	0	3
Running rex within an eval/if Hello, I Googled and searched the Answers forum, but with no luck. Below, in psuedo code, is what I want to accomplis... by genesiusj Builder in Splunk Search 07-04-2021 0 19	0	19
How to convert epoch time with milliseconds into splunk at indexing time I have a file that I am monitoring has time in epoch format milliseconds .What setting should be placed in the props... by vrmandadi Builder in Splunk Search 07-04-2021 0 7	0	7
EventID - account name from 2 different events in one search Hi all, I'm a Splunk beginner and I'm having a hard time getting this particular search down.My objective is to get t... by icewolf69 Loves-to-Learn Everything in Splunk Search 07-03-2021 0 3	0	3
What is an interesting field? sourcetype=access_combined \| fields clientip host action status All Fields Selected Fields aaction 5 ahost 3 Intere... by vipmakka Engager in Splunk Search 07-03-2021 1 7	1	7
How to think about wildcard/bulk renaming in AS clause when piping to eval? We have three cases of wildcard renaming preceding an eval command that result in errors (searches below):In Case 1 w... by curtismcginity Explorer in Splunk Search 07-02-2021 0 2	0	2
inputlookup help Hello,It is the first time that I am going to use this command and the truth is I am a bit confused even though I hav... by splunkcol Builder in Splunk Search 07-02-2021 0 2	0	2
How to add a new row, and copy some values from other rows, while changing others. Hello all, I currently have the following data set, and a table will look like this:TestIterationResultsTest11400Test... by xaxvier Engager in Splunk Search 07-02-2021 0 0	0	0
How would I return the value of a correlating field by giving the value of another field... I am working with a stats table with 7 fields.\| tstats count as "f" where a=* b=* c=* d=* e=* by a b c d e\| stats ... by jason_hotchkiss Communicator in Splunk Search 07-02-2021 0 3	0	3
NOT Statement based on lookup not working I am trying to remove logs based on a lookup. This is what I am using: index=myindex "string_to_search_for" NOT [... by rogueakula1 Loves-to-Learn Lots in Splunk Search 07-02-2021 0 2	0	2
Stats Command and timestamp Hi ,I am using a stats command with a "by" time field, but i am not getting the result.If i remove the time field i a... by chuck_life09 Path Finder in Splunk Search 07-02-2021 0 3	0	3
How to get Field values as column names/headers in the table output Hi Team,I have a simple requirement but unable to get it. I am using a queryindex=tms sourcetype=kafka type=ssh\| stat... by poddura Observer in Splunk Search 07-02-2021 0 1	0	1
Sort column headers in timechart - customize Hi,I would like to ask you, of there is some possibility order column based on requirement.Case: <search> \|eval lower... by martin86 Engager in Splunk Search 07-02-2021 0 2	0	2
Service now data calculated percentage of P1,P2,P3 but when ever there is no P1 or P2 or P3 tickets need to show as NA Hi All, I need help with the below requirement. I am getting data from the service now. I calculated the percentage d... by 999balaji9 Loves-to-Learn in Splunk Search 07-02-2021 0 3	0	3
How to efficiently show the difference between two fields from different sources Hey All,Here is my searchindex=main event_simpleName=NeighborListIP4 OR event_simpleName=SensorHeartbeat\| rex field=N... by nathg123 Loves-to-Learn Lots in Splunk Search 07-01-2021 0 3	0	3
Appendpipe alters field values when not null Hi,I'm inserting an appendpipe into my SPL so that in the event there are no results, a stats table will still be pro... by ebs Communicator in Splunk Search 07-01-2021 0 5	0	5
How to give Line break in eval and display the same in single value chart Hello,I am trying to display some data in field "result" for me in a single value chart using below query, and color/... by ashutoshwalke Explorer in Splunk Search 07-01-2021 0 5	0	5
Set Schedule for UF Would it be possible to configure SPLUNK UF to scan (/pick) files/data from the server at particular time of a day/we... by SplunkDash Motivator in Splunk Search 07-01-2021 0 6	0	6
Can Splunk ES (Enterprise Security) work independent of Splunk Enterprise? Can Splunk ES (Enterprise Security) work independent of Splunk Enterprise? I mean, does one have to have Splunk Enter... by SamHTexas Builder in Splunk Search 07-01-2021 0 1	0	1
Palo/Splunk Parsing Issue - Field values are Truncating Having a strange issue and not sure what my culprit/problem is. Have a panorama to syslogng to Heavy Forwarder to In... by ghostdog920 Path Finder in Splunk Search 07-01-2021 0 1	0	1
Use curl to collect data into summary index Is there an API that I could use to trigger a saved search that can collect data from an index into a summary index? by wanderingHeight New Member in Splunk Search 07-01-2021 0 3	0	3
Conditional lookup call based on string length Hi all,I'm working on a dashboard query that preprocesses data for a \| geostats command. The end goal is to pipe data... by ft_kd02 Path Finder in Splunk Search 07-01-2021 0 7	0	7
Error in 'lookup' command: Cannot find the source field I have a csv lookup table of IP addresses that I want to execute searches on server logs with, but I'm stopped by an ... by ktell Explorer in Splunk Search 07-01-2021 0 5	0	5