Splunk Search

Community Activity

	How to efficiently show the difference between two fields from different sources Hey All,Here is my searchindex=main event_simpleName=NeighborListIP4 OR event_simpleName=SensorHeartbeat\| rex field=N... by nathg123 Loves-to-Learn Lots in Splunk Search 07-01-2021 0 3	0	3
	Appendpipe alters field values when not null Hi,I'm inserting an appendpipe into my SPL so that in the event there are no results, a stats table will still be pro... by ebs Communicator in Splunk Search 07-01-2021 0 5	0	5
	How to give Line break in eval and display the same in single value chart Hello,I am trying to display some data in field "result" for me in a single value chart using below query, and color/... by ashutoshwalke Explorer in Splunk Search 07-01-2021 0 5	0	5
	Set Schedule for UF Would it be possible to configure SPLUNK UF to scan (/pick) files/data from the server at particular time of a day/we... by SplunkDash Motivator in Splunk Search 07-01-2021 0 6	0	6
	Can Splunk ES (Enterprise Security) work independent of Splunk Enterprise? Can Splunk ES (Enterprise Security) work independent of Splunk Enterprise? I mean, does one have to have Splunk Enter... by SamHTexas Builder in Splunk Search 07-01-2021 0 1	0	1
	Palo/Splunk Parsing Issue - Field values are Truncating Having a strange issue and not sure what my culprit/problem is. Have a panorama to syslogng to Heavy Forwarder to In... by ghostdog920 Path Finder in Splunk Search 07-01-2021 0 1	0	1
	Use curl to collect data into summary index Is there an API that I could use to trigger a saved search that can collect data from an index into a summary index? by wanderingHeight New Member in Splunk Search 07-01-2021 0 3	0	3
	Conditional lookup call based on string length Hi all,I'm working on a dashboard query that preprocesses data for a \| geostats command. The end goal is to pipe data... by ft_kd02 Path Finder in Splunk Search 07-01-2021 0 7	0	7
	Error in 'lookup' command: Cannot find the source field I have a csv lookup table of IP addresses that I want to execute searches on server logs with, but I'm stopped by an ... by ktell Explorer in Splunk Search 07-01-2021 0 5	0	5
	edit fields I have the below column whereby im pinging the url in the column, but for a nicer view I only want to display the pc ... by sphiwee Contributor in Splunk Search 07-01-2021 0 2	0	2
	Need SPL query Hi All,I have a unique values like below in my splunk dashboard, Email account: Anaoymzersab@gmail.com ... by SabariRajanT Path Finder in Splunk Search 07-01-2021 0 2	0	2
	lookup tool tip hihow can i use lookup without show it in place.e.g. when move mouse over 404 just show tool tip that show "page not ... by indeed_2000 Motivator in Splunk Search 07-01-2021 0 1	0	1
	How to Calculate the total duration? Hi, I'm trying to get the total duration of events for each user from access logs with time gap. sample event:_time ... by knalla Path Finder in Splunk Search 07-01-2021 0 1	0	1
	Updating a value in a lookup Hello,I have a lookup called top sites with the bellow: NameIp addresstest110.10.10.10test210.10.10.11Test310.10.10.1... by joe06031990 Communicator in Splunk Search 06-30-2021 0 3	0	3
	Subtraction of multiple values in same cell So I’m pretty new to splunk and I do feel like this should be a lot simpler than I’m making it.I need two epoch times... by shivaa Explorer in Splunk Search 06-30-2021 0 4	0	4
	How to use top command (or stats with sort) results with another top command or subsearch? Hello all, I'm trying to get the stats commands to work in chain. I have the following data: 08 January 2016 09:1... by selim Path Finder in Splunk Search 06-30-2021 0 5	0	5
	How to fix "Could not load lookup=LOOKUP-app_proto"? Hello Splunkers, I keep getting the error message "Could not load lookup=LOOKUP-app_proto" in multiple apps on multip... by eliasit Path Finder in Splunk Search 06-30-2021 0 8	0	8
	Using mvappend within a cidrmatch macro I already have the following macro `subnet(3)` defined as the following: \| eval subnet = case(cidrmatch("$ip1$/24"... by CarbonCriterium Path Finder in Splunk Search 06-30-2021 0 1	0	1
	Using timewarp to compare average of last 30 days to current 24 hours I have a data set of events with ID numbers (every time an event happens an entry is made in the table and each type... by maingirl New Member in Splunk Search 06-30-2021 0 0	0	0
	How to generate a query to search within specific directories? How would I go about forming a query to search within a specific directory? Suppose I want to search for files by kanra New Member in Splunk Search 06-30-2021 0 1	0	1
	REGEX with variabilities in Data Length/Structure/Type 2019-06-201 09:05:22.945, User: XX, EType: SIGN, Filter: 000000000, EventId: SIGNATURE, Id: 028119296, UserIdType: x... by SplunkDash Motivator in Splunk Search 06-30-2021 0 7	0	7
	How to get 2 values out of a string using rex command I have the following sample data returned that I'd like to extract 2 fields out of it: 1) The value after the "T " a... by rilee Explorer in Splunk Search 06-30-2021 0 3	0	3
	Error in 'eval' command: The expression is malformed. Expected ). <query>"$ps_fn$" \|rex field=message "(?<Http>HttpStatus): (?<status>\\d+)" \| eval status=(status, "4%")... by cmarrott Explorer in Splunk Search 06-30-2021 0 5	0	5
	How to determine which deployment server a forwarder is phoning home to? I have multiple deployment servers.The global deployment server is to distribute basic configurations and also config... by keithyap Path Finder in Splunk Search 06-30-2021 0 5	0	5
	Show all events for individual users during a timeframe Creating a dashboard to track when users badge into and out of different areas.Problem: If I do a basic search for a ... by ervinsmith Explorer in Splunk Search 06-30-2021 0 2	0	2