Splunk Search

Community Activity

	How to check missing fields and not generating 100 percentage index="" sourcetype="" and I have field name with tag and it's generating 80% of events , how can I check why it's ... by sasankganta Path Finder in Splunk Search 01-15-2021 0 5	0	5
	How to display procedures that don't have events as failures? Hello good people of the splunk community. I'm fairly new to splunk so sorry if this is a newb question. I have a sea... by SteveChai427 Engager in Splunk Search 01-15-2021 0 4	0	4
	tstats not match with metrics.log Hi all,Why the count of "Event per day" in the "Indexing audit" dashboard is not match with \|tstats result? Eg.The n... by new2spl_unk Explorer in Splunk Search 01-15-2021 0 5	0	5
	How to alert when difference in count of two query is greater than some value I have a below query where i search two text field and see how many time each occurred and find the difference. ("SSO... by icenitesh Engager in Splunk Search 01-15-2021 0 5	0	5
	XML field extraction with spath eval FunctionalRef=spath(_raw,"n2:EvtMsg.Bd.BOEvt.Evt.DatElGrp{2}.DatEl.Val") -> I am getting two(2) values DHL546625... by 4uramana4u Explorer in Splunk Search 01-15-2021 0 3	0	3
	How to cut the value using REX command I have the field - DATE, for example:DATE: ^9F33006E0F848^00950108080008000^9F37008B1832B33^9F1E0163236353132303337^9... by Luninho Explorer in Splunk Search 01-15-2021 0 3	0	3
	extract string between backward slash and quote {\"reference_id\":\"REF1\",\"sub_reference_id\":\"sub_ref_1\"}required output : table of reference_id, sub_reference_... by pinalshah341 Loves-to-Learn in Splunk Search 01-15-2021 0 5	0	5
	Trying to do a Top command per hourly intervals Hi There,I have a search that shows the top 2 Id's that have the most payments processed in each country. I'm trying ... by Johnnerz Engager in Splunk Search 01-15-2021 0 1	0	1
	dynamically assigned maxspan in transactions HiI am searching for an option to dynamically assign value for MAXSPAN in a transaction. The value should come as a r... by boromir Path Finder in Splunk Search 01-15-2021 0 6	0	6
	SPL querry I have a lookup with server details and OS details(details are in the below table), and the index with CR no., Date, ... by srujana96 Explorer in Splunk Search 01-15-2021 0 1	0	1
	Identify missing events based Lookup list of values Hey TeamI have events which contains a field "job_code". index=default source=jobfeed I have a lookup (jobs.csv) whic... by rangarbus Path Finder in Splunk Search 01-14-2021 0 4	0	4
	Configuration initialization for Path took longer than expected\|warning WARN [Indexer] Configuration initialization for C:\Program Files\Splunk\var\run\searchpeers\Seachheadbundle took long... by jat_ashish Explorer in Splunk Search 01-14-2021 0 6	0	6
	A column from mstats becomes empty after join command Hi,I'm trying to create a dashboard which shows various stats for a list of servers. It will pull it's data from seve... by eddieddieddie Path Finder in Splunk Search 01-14-2021 0 5	0	5
	Set token from dropdown Hi,I have a dropdown with dynamic query<input type="dropdown" token="clientId" searchWhenChanged="true"><label>Integr... by smahuja Explorer in Splunk Search 01-14-2021 0 4	0	4
	Issue adding a symbol after a field value The following previous splunk thread works fine:https://community.splunk.com/t5/Archive/Insert-sign-for-each-result-i... by UMDTERPS Communicator in Splunk Search 01-14-2021 0 2	0	2
	Get multiple name/value from JSON file Hi everyone,I've been trying several day to create a query that can give me the list of name/value inside the JSON f... by abilis Explorer in Splunk Search 01-14-2021 0 4	0	4
	Splitting up data into multiple columns Hello i am using the following search host=XXX sourcetype=ZZZ http_status=500 OR http_status=502 "HighCostAPI"\| stats... by eb1929 Explorer in Splunk Search 01-14-2021 0 4	0	4
	Can I have a subsearch that returns a list of sources for the main search to use? Hello,I'm working on a splunk alert that monitors processes. If a process has been running for a long time I want to ... by schilds427 Explorer in Splunk Search 01-14-2021 0 2	0	2
	Extract values from field conditionally on other field value Hi Splunkers,Below is my issue:Having multiple xml files, I need to monitor all the files and extracted the values fr... by dhirendra761 Contributor in Splunk Search 01-14-2021 0 9	0	9
	Show multiple machines for lockouts Hi all,A past consultant of ours wrote the following correlation search to detect excessive user account lockouts:ind... by Ewong Explorer in Splunk Search 01-14-2021 0 3	0	3
	three queries that produce tables, need to combine the results into one table Need some help with and advance joining of 3 queriesI have three queries that produce tables, I need to combine the ... by okretzer Engager in Splunk Search 01-14-2021 0 2	0	2
	Creating drilldown to new tab for auto search without adding custom search I am trying to make it so if a user clicks on any cell in a Dashboard showing a Statistics table, that will result in... by aalvino Engager in Splunk Search 01-14-2021 0 3	0	3
	There are 2 timestamp formats in a log file <Jan 10, 2021 6:58:06 PM CST> <Info> <WorkManager> <BEA-002942> <CMM memory level becomes 0. Setting standby thread p... by lish123 Loves-to-Learn Lots in Splunk Search 01-14-2021 0 10	0	10
	Functionality of keepevicted not clear I'm trying to understand the functionality of keepevicted. I've read several documentation about it but it's still no... by rrovers Contributor in Splunk Search 01-13-2021 0 4	0	4
	Combining 2 regex searches to a single one breaks the output results \| Shows complete event instead of regex filtered I have an index cloud_stats on which I need to create a daily error count by source report, so that we can work on th... by sysamit Engager in Splunk Search 01-13-2021 0 2	0	2