Splunk Search

Community Activity

Join and appendcols returns results, but not giving the desired results I have a CSV and a Keystore with data that I would like to join together. I read the documentation:https://docs.splu... by UMDTERPS Communicator in Splunk Search 03-30-2021 0 4	0	4
Create a failed search job Hi, for a testing purpose, i would like to create a failed search job.. i did search for this, but no luck.. any sugg... by inventsekar SplunkTrust in Splunk Search 03-30-2021 0 4	0	4
How to combine two searches in one search? HelloI am trying to get data from two different searches into the same panel, let me explain. Below is a search that... by UMDTERPS Communicator in Splunk Search 03-30-2021 0 1	0	1
last status changed time Hi Guys, I have this query , which will provide me the list of “Name” on which ProtectionStatus is OFF.index=altiris ... by roopeshetty Path Finder in Splunk Search 03-30-2021 0 4	0	4
Retrieving All Events After the Second Instance of an Event Hello! I am having trouble creating a query to retrieve all of the events between now and the second instance of a pa... by Traer001 Path Finder in Splunk Search 03-29-2021 0 1	0	1
How to suppress first DELTA value? I am trying to alert on any processes where their CPU time is gaining 60 sec for every elapsed minute. I am using th... by anmcgill Loves-to-Learn Lots in Splunk Search 03-29-2021 0 1	0	1
WHERE clause not working when comparing fields in events from same sourcetype Hello!I am trying to retrieve two events: the latest event where a user leaves a room and the earliest event where a ... by Traer001 Path Finder in Splunk Search 03-29-2021 0 1	0	1
transaction to retrive value then make eval Dear community,I have the following scenario:User can make many actions, in this case we can have action equals searc... by user93 Communicator in Splunk Search 03-29-2021 0 0	0	0
How do we strip single quotes from the beginning and end of the values? We are an index in which most of the fields have a single quote at the beginning and end of the values. We would like... by danielbb Motivator in Splunk Search 03-29-2021 0 10	0	10
Company retire age is 55; find employee count and list of employee who get retired in next 5 year Hi there!I have a subjected case to find out list of employees who get retire in next 5 years. i tried with lot of qu... by SA2 Explorer in Splunk Search 03-29-2021 0 1	0	1
Top 10 values of a field based top 2 values of another field I want to get top 10 destination IP's for each top 2 source IP's . Where count of is more that 1000 for Source IPRig... by Sangu Explorer in Splunk Search 03-29-2021 0 0	0	0
Not able to Extract Year and Quarter from the input field I have a JSON Input Request like below{"liabilityDetailsVOs":[{"processMasterId":null,"transactionMasterId":null,"tra... by gvssaicharan Engager in Splunk Search 03-29-2021 0 1	0	1
How to create a Table where each row is the result of a query and afterwards make some operations with it? Hello my unafraid nerve of steel fellas! I hope you are having a lot of fun this week...I have been loosing my sleep ... by andres91302 Communicator in Splunk Search 03-29-2021 0 4	0	4
How to expand multiple multivalue fields? My table is a mess. There are 2 single-value fields and 6 multivalue fields. The multivalue fields can have any numbe... by willial Communicator in Splunk Search 03-29-2021 2 13	2	13
Splunk query for Forwarder , Indexer & SH restart Could someone please help me with the Splunk query to configure the alert if Forwarder, Indexer, or search head had r... by alexspunkshell Contributor in Splunk Search 03-29-2021 0 1	0	1
Merge the data on index Hi All,I'm in this situationindex a index bid neme idneme1simone 1simone3francesco 2marco4luca I have a scheduled ... by simo Path Finder in Splunk Search 03-29-2021 0 6	0	6
Trouble indexing special characters in UTF-8 Hi Splunk community!I'm trying to index a CSV file where multiple values contains special characters such as æ, ø, å ... by nc_lks Engager in Splunk Search 03-29-2021 0 2	0	2
How to have resutls from \| stats values(field) shown in individual rows Hello guys I am trying to download a CVS file from a query that comes after a \| stats values(field) command, thus thi... by andres91302 Communicator in Splunk Search 03-28-2021 0 2	0	2
UPS monitoring dashboard Hi Is there any app in Splunk to monitor ups logs or any sample, demo ups monitoring dashboard available which I use... by jaibalaraman Path Finder in Splunk Search 03-28-2021 0 3	0	3
search brackets and special charachters HiHow can search something like this: 40: message.body.v10.timeLocalTransaction: [00*] FYI: seems not support special... by indeed_2000 Motivator in Splunk Search 03-28-2021 0 5	0	5
Download results a CVS file properly with column values instead of rows! hello guys.. I am having a HUGE trouble when downloading my results as a CVS file.this is my query\| search ....\| tabl... by andres91302 Communicator in Splunk Search 03-28-2021 0 4	0	4
How to build a table to where the rows are results from previous field operation about common and uncommon values Hello my dear splunkers I hope you are doing very well.. I would REALLY be so thankful if u can help me put with the ... by andres91302 Communicator in Splunk Search 03-28-2021 0 3	0	3
How to create a table where the rows are results from previous field operation about common and uncommon values Hello my dear splunkers I hope you are doing very well.. I would REALLY be so thankful if u can help me put with the ... by andres91302 Communicator in Splunk Search 03-28-2021 0 2	0	2
Splunk - Sendemail for each output row Hi,I have a tabular results of folks, who are using index=* in their searches.So i have SPL that outputs belowUserapp... by vamsigurram Path Finder in Splunk Search 03-28-2021 0 2	0	2
Eval Case Sequence on Conditions Hi Splunk Community,How does Spunk prioritize conditional case functions? Lets say I have a case function with 2 cond... by Mary666 Communicator in Splunk Search 03-28-2021 0 3	0	3