Splunk Search

Community Activity

How to know which value from lookup table matched the log I have a lookup table that has a list of values in it similar to:idvalue1test_value12test_value2 I can search for all... by hFHUT2 Engager in Splunk Search 04-11-2021 0 3	0	3
Usage of Wildcard in middle of search string Hi,I read from splunk docs that we should avoid using wildcards `*` in the middle of a string.Now, does this apply to... by splunkuser1948 Engager in Splunk Search 04-10-2021 0 1	0	1
How do I check if my Splunk environment is set for Search Head pooling? How do I check if my Splunk environment is set for Search Head pooling? We have SH clustering all set up and am prepa... by SamHTexas Builder in Splunk Search 04-10-2021 0 1	0	1
Make Paloalto search faster Hi There I am new to splunk and trying to figure out a way to make the below search faster : index=pan_logs sourcetyp... by lubanamanjinder New Member in Splunk Search 04-10-2021 0 1	0	1
How to switch the CMDB lookups in splunk to the KV store ? We currently have lookups and want to move to KV store. What and how can we do that by srampally Path Finder in Splunk Search 04-10-2021 1 4	1	4
Index Time Fields Extraction on Summary Index Hey I’m trying to extract fields in index time on my summary index, in order to use ‘tstats’ command. I used ‘coll... by omerl Path Finder in Splunk Search 04-10-2021 0 5	0	5
Filtering NULL values from multivalue field I have a transaction with mvlist set to true which results in a table where a number of fields display multiple NULL ... by dfraseman Explorer in Splunk Search 04-10-2021 0 4	0	4
Search in transactions help We have several log entries with what boils down to a transaction ID. I want to group these entries and within those ... by cboillot Contributor in Splunk Search 04-09-2021 0 4	0	4
How do I find a list of scheduled, saved searches in ES, specially the ones that run in real time? How do I find a list of scheduled, saved searches in ES, specially the ones that run in real time? Can the Monitoring... by SamHTexas Builder in Splunk Search 04-09-2021 0 3	0	3
Grouping Data based on conditions on datetimes and counts over time! Hello friends! I am faced with a challenge I will be uploading two CSV files to splunk which represents two different... by andres91302 Communicator in Splunk Search 04-09-2021 0 7	0	7
How can make every 2 columns of table as same colour? I have a big table which is not easy to group on visualizations. Can I make each 2 columns as same color group so tha... by jenniferhao Explorer in Splunk Search 04-09-2021 0 5	0	5
Why is it called delete when it doesn't delete, but hide data? I find this very ridiculous considering that the terminology used is not accurate in what it is doing. When doing a s... by sbarnes88 New Member in Splunk Search 04-09-2021 0 0	0	0
help to exclude weekend events in a timechart helloin the search below which displays a timechart, I stats events except the weekend these search displays events o... by jip31 Motivator in Splunk Search 04-09-2021 0 3	0	3
dbx query throwing error Hi,I am trying to run dbxquery command but it keeps throwing the below error. I have configured the database connect... by sravani27 Path Finder in Splunk Search 04-09-2021 0 2	0	2
_time being treated as a string when run with table command Hi, I have the following CSV data that I've uploaded into Splunk iso_code,continent,location,date,total_cases USA,Nor... by termcap Path Finder in Splunk Search 04-09-2021 0 6	0	6
help on a stats command with a filter token helloI use the search below which works fine `fiability` \| fields host Logfile SourceName ProductName SITE DEPARTME... by jip31 Motivator in Splunk Search 04-09-2021 0 5	0	5
Extract JSON Data Need help to find a way to search JSON strings where an attributes is empty.Ex: get all JSON data where 'tags' is em... by mchennam Engager in Splunk Search 04-09-2021 0 3	0	3
How can I use lookup csv from another Index? How can I use lookup csv from another Index? I have access to both index.Thanks. by arusoft Communicator in Splunk Search 04-09-2021 0 8	0	8
Writing records to KVStore - Strange Behavior HelloAm attempting to identify the name of the SQL Server and the SQL Agent process name based on a CMDB lookup and s... by prashantsreeniv Observer in Splunk Search 04-09-2021 0 1	0	1
Need help with a search/subsearch not providing the expected results Hello there! I need help with a search that is not providing the expected results. Let me share the details and backg... by pablobarquin Explorer in Splunk Search 04-09-2021 0 5	0	5
makemv delim carriage return problem... I've got a bit of a weird situation and I don't have the Splunk technical know-how to fix it myself, so I thought I'd... by TorbinIT Path Finder in Splunk Search 04-09-2021 0 1	0	1
returning values that dont exist I have two queries. I have enabled the installed software script in splunk so I can determine where software is not i... by johnrbhancock Engager in Splunk Search 04-09-2021 0 2	0	2
McAfee logs ingested not parsing correctly - lot of junk. Please advise McAfee data ingested into Splunk not parsing correctly. How do I fix it? I am getting a lot of junk. Please advise ho... by SamHTexas Builder in Splunk Search 04-09-2021 0 2	0	2
Sankey being covered up by stats table? Hello all, We are successfully creating a Sankey Visualization of our data, however when we try to expand how many ro... by epsidata New Member in Splunk Search 04-09-2021 0 0	0	0
Exclude results from lookup table in search I have a lookup table with Scheduled Tasks called scheduled_tasks, and Columns Command, Arguments. I need to do a sea... by Dalador Path Finder in Splunk Search 04-09-2021 0 4	0	4