Splunk Search

Community Activity

Don't execute rest of commands if there is no events from base search? HiOur client have the next (kind of query) runs as a schedule. It can found events or not, based on current situation... by isoutamo SplunkTrust in Splunk Search 04-12-2021 0 3	0	3
Jump multiple links at the same time Hello everyone,I am now editing the pie chart section of the dashboard, I want to add a list of URLs to let click imp... by yaoyed Engager in Splunk Search 04-12-2021 0 0	0	0
SPL for Wrong Written Searches Hi,I have a problem about wrong written searches. In our system, there are so many users. Every user will be able to ... by onur Explorer in Splunk Search 04-12-2021 0 1	0	1
AND OR Boolean Operators Hello, I have a small dilema around AND OR boolean operators. I dont want null time logs for event=timeOut, but at th... by MeMilo09 Path Finder in Splunk Search 04-12-2021 0 2	0	2
Replace String Values Hello,I need to remove the values found (string) from another field.Ex. FIELD1 - abcmailingxyzLIST - mailing, ...Usin... by genesiusj Builder in Splunk Search 04-12-2021 0 7	0	7
Heavy Forwarder Selective forwarding Hey all. I need help to selective forward (on a HF) from a log file that is being monitored by a UF. I only need to f... by Adevill Loves-to-Learn Lots in Splunk Search 04-12-2021 0 13	0	13
What is the best method to search for different time ranges for 4 different sourcetypes using earliest? I'm creating a query using 4 sourcetypes and want to search across different timerange for them. For example:\| multis... by Avantika07 Observer in Splunk Search 04-12-2021 0 4	0	4
eval used with stats command returns 1/0 instead of true/false According to the splunk doc , eval can be used within aggregate functions with stats command like: index=main sourcet... by splunkuser1948 Engager in Splunk Search 04-12-2021 0 2	0	2
not able to merge 2 queries to get the desired result I have 2 queries1st is \| rest /services/data/indexes\| fields title\| dedup title\| table titlethis query is giving me a... by vinitpathri Path Finder in Splunk Search 04-12-2021 0 4	0	4
Find stats from 2 events We have 2 eventsOTP generated through SMS with UUID=123123OTP generated through EMAIL with UUID=432432OTP Verified f... by dyapasrikanth Path Finder in Splunk Search 04-11-2021 0 3	0	3
Notable event index is empty. Hello everyone.I am trying to deploy ESS, but I having some trouble with the notable events.I can not see results at ... by gl_splunkuser Path Finder in Splunk Search 04-11-2021 0 2	0	2
Return the Count of events divided by 2 I'm pretty new at this so I apologize if the question seems stupid.I have a printer that sends syslogs to Splunk, and... by ibanez450 Explorer in Splunk Search 04-11-2021 0 3	0	3
on Simple XML with colorPalette to select the color by comparing 2 fields numbers Is there a way to get field's background color by compare with 2 fields numbers? for example:If "POST IPTV CALLS"'s v... by jenniferhao Explorer in Splunk Search 04-11-2021 0 12	0	12
How to know which value from lookup table matched the log I have a lookup table that has a list of values in it similar to:idvalue1test_value12test_value2 I can search for all... by hFHUT2 Engager in Splunk Search 04-11-2021 0 3	0	3
Usage of Wildcard in middle of search string Hi,I read from splunk docs that we should avoid using wildcards `*` in the middle of a string.Now, does this apply to... by splunkuser1948 Engager in Splunk Search 04-10-2021 0 1	0	1
How do I check if my Splunk environment is set for Search Head pooling? How do I check if my Splunk environment is set for Search Head pooling? We have SH clustering all set up and am prepa... by SamHTexas Builder in Splunk Search 04-10-2021 0 1	0	1
Make Paloalto search faster Hi There I am new to splunk and trying to figure out a way to make the below search faster : index=pan_logs sourcetyp... by lubanamanjinder New Member in Splunk Search 04-10-2021 0 1	0	1
How to switch the CMDB lookups in splunk to the KV store ? We currently have lookups and want to move to KV store. What and how can we do that by srampally Path Finder in Splunk Search 04-10-2021 1 4	1	4
Index Time Fields Extraction on Summary Index Hey I’m trying to extract fields in index time on my summary index, in order to use ‘tstats’ command. I used ‘coll... by omerl Path Finder in Splunk Search 04-10-2021 0 5	0	5
Filtering NULL values from multivalue field I have a transaction with mvlist set to true which results in a table where a number of fields display multiple NULL ... by dfraseman Explorer in Splunk Search 04-10-2021 0 4	0	4
Search in transactions help We have several log entries with what boils down to a transaction ID. I want to group these entries and within those ... by cboillot Contributor in Splunk Search 04-09-2021 0 4	0	4
How do I find a list of scheduled, saved searches in ES, specially the ones that run in real time? How do I find a list of scheduled, saved searches in ES, specially the ones that run in real time? Can the Monitoring... by SamHTexas Builder in Splunk Search 04-09-2021 0 3	0	3
Grouping Data based on conditions on datetimes and counts over time! Hello friends! I am faced with a challenge I will be uploading two CSV files to splunk which represents two different... by andres91302 Communicator in Splunk Search 04-09-2021 0 7	0	7
How can make every 2 columns of table as same colour? I have a big table which is not easy to group on visualizations. Can I make each 2 columns as same color group so tha... by jenniferhao Explorer in Splunk Search 04-09-2021 0 5	0	5
Why is it called delete when it doesn't delete, but hide data? I find this very ridiculous considering that the terminology used is not accurate in what it is doing. When doing a s... by sbarnes88 New Member in Splunk Search 04-09-2021 0 0	0	0