Splunk Search

Community Activity

	Error in 'lookup' command: Cannot find the source field I have a csv lookup table of IP addresses that I want to execute searches on server logs with, but I'm stopped by an ... by ktell Explorer in Splunk Search 07-01-2021 0 5	0	5
	edit fields I have the below column whereby im pinging the url in the column, but for a nicer view I only want to display the pc ... by sphiwee Contributor in Splunk Search 07-01-2021 0 2	0	2
	Need SPL query Hi All,I have a unique values like below in my splunk dashboard, Email account: Anaoymzersab@gmail.com ... by SabariRajanT Path Finder in Splunk Search 07-01-2021 0 2	0	2
	lookup tool tip hihow can i use lookup without show it in place.e.g. when move mouse over 404 just show tool tip that show "page not ... by indeed_2000 Motivator in Splunk Search 07-01-2021 0 1	0	1
	How to Calculate the total duration? Hi, I'm trying to get the total duration of events for each user from access logs with time gap. sample event:_time ... by knalla Path Finder in Splunk Search 07-01-2021 0 1	0	1
	Updating a value in a lookup Hello,I have a lookup called top sites with the bellow: NameIp addresstest110.10.10.10test210.10.10.11Test310.10.10.1... by joe06031990 Communicator in Splunk Search 06-30-2021 0 3	0	3
	Subtraction of multiple values in same cell So I’m pretty new to splunk and I do feel like this should be a lot simpler than I’m making it.I need two epoch times... by shivaa Explorer in Splunk Search 06-30-2021 0 4	0	4
	How to use top command (or stats with sort) results with another top command or subsearch? Hello all, I'm trying to get the stats commands to work in chain. I have the following data: 08 January 2016 09:1... by selim Path Finder in Splunk Search 06-30-2021 0 5	0	5
	How to fix "Could not load lookup=LOOKUP-app_proto"? Hello Splunkers, I keep getting the error message "Could not load lookup=LOOKUP-app_proto" in multiple apps on multip... by eliasit Path Finder in Splunk Search 06-30-2021 0 8	0	8
	Using mvappend within a cidrmatch macro I already have the following macro `subnet(3)` defined as the following: \| eval subnet = case(cidrmatch("$ip1$/24"... by CarbonCriterium Path Finder in Splunk Search 06-30-2021 0 1	0	1
	Using timewarp to compare average of last 30 days to current 24 hours I have a data set of events with ID numbers (every time an event happens an entry is made in the table and each type... by maingirl New Member in Splunk Search 06-30-2021 0 0	0	0
	How to generate a query to search within specific directories? How would I go about forming a query to search within a specific directory? Suppose I want to search for files by kanra New Member in Splunk Search 06-30-2021 0 1	0	1
	REGEX with variabilities in Data Length/Structure/Type 2019-06-201 09:05:22.945, User: XX, EType: SIGN, Filter: 000000000, EventId: SIGNATURE, Id: 028119296, UserIdType: x... by SplunkDash Motivator in Splunk Search 06-30-2021 0 7	0	7
	How to get 2 values out of a string using rex command I have the following sample data returned that I'd like to extract 2 fields out of it: 1) The value after the "T " a... by rilee Explorer in Splunk Search 06-30-2021 0 3	0	3
	Error in 'eval' command: The expression is malformed. Expected ). <query>"$ps_fn$" \|rex field=message "(?<Http>HttpStatus): (?<status>\\d+)" \| eval status=(status, "4%")... by cmarrott Explorer in Splunk Search 06-30-2021 0 5	0	5
	How to determine which deployment server a forwarder is phoning home to? I have multiple deployment servers.The global deployment server is to distribute basic configurations and also config... by keithyap Path Finder in Splunk Search 06-30-2021 0 5	0	5
	Show all events for individual users during a timeframe Creating a dashboard to track when users badge into and out of different areas.Problem: If I do a basic search for a ... by ervinsmith Explorer in Splunk Search 06-30-2021 0 2	0	2
	what is the reason for getting events with source=unknown As I am indexing the data, I notice that apart from the 'sources' that are appearing correctly (/var/log/filename.gz ... by hemantbhatta Explorer in Splunk Search 06-30-2021 0 5	0	5
	I am getting the Error in 'eval' command: Type checking failed. '-' only takes numbers, while calculating difference Hi ,My wish to get the difference between yesterday and todays Pass % and fail % for different sourcetypes .I have tr... by dtccsundar Path Finder in Splunk Search 06-30-2021 0 4	0	4
	Find results that appears in a % of the cases and list the outliers Hi there,First of all, thank you for any comment.I am looking for a way to identify if I have any index missing acros... by felipesodre Path Finder in Splunk Search 06-30-2021 0 1	0	1
	index=_metrics is not a floating point value Hi Team,We noticed that every time a Indexer is restarted, the search head and the Indexer itself pops up with a mess... by neeravmathur Path Finder in Splunk Search 06-30-2021 0 0	0	0
	How to use the sendemail command to send an email to different recipients from a lookup per event? Hi. I have a lookup object named user_email which contains a notified email list. If there is at least an event foun... by splunkrocks2014 Communicator in Splunk Search 06-30-2021 0 5	0	5
	How to send individual emails that appear in the search results Hi team, I have search results with CUID is the email(I will append my company domain to CUID, so that mail will go... by pavaninpdl New Member in Splunk Search 06-30-2021 0 4	0	4
	sending emails to users that appear in search results Hi, The question was asked before but I couldn't find a good answer anywhere. Here goes... I have a search result wi... by AssafLowenstein Explorer in Splunk Search 06-30-2021 0 5	0	5
	How to use the sendemail command to send results to different emails created with eval? Hi splunkers !!! Need help. I used eval to create a field with the email address for some users: search myquery....... by kalianov Path Finder in Splunk Search 06-30-2021 0 6	0	6