Splunk Search

Community Activity

How to get single row table output with fields from 2 log files using common field to join Hi,I am trying to join to log files under same index & sourcetype having a common field between them. log event where... by poddura Observer in Splunk Search 11-13-2020 0 1	0	1
Weird result when using *\| dedup somthing \| timechart count Hi I am now creating splunk dashboard, but I am facing a weird result that I am really confused:I tried two queries:q... by RadishBu New Member in Splunk Search 11-13-2020 0 1	0	1
Working with lookup tables larger than 10500. I have many lookup tables that I am working with and I am using the REST API to dynamically populate the lookup table... by mike-48735 Engager in Splunk Search 11-12-2020 0 2	0	2
Creating table based on Logs Hi everyone, I need help creating a table based on my logs. My logs are formatted as follows: [2020-11-10 20:27:10,26... by christinaef07 Loves-to-Learn Everything in Splunk Search 11-12-2020 0 3	0	3
Combining searches I'm trying to combine multiple searches to get a count for each day, but it seems everything I do breaks the search i... by moosebas New Member in Splunk Search 11-12-2020 0 2	0	2
Splunk Newbie Hello,I am a Splunk newbie and I am having issues using this software.I have gone through documentation, but I still ... by markbudman Engager in Splunk Search 11-12-2020 0 2	0	2
Extreme rex help I am comfortable with the rex command when straightforward text strings are involved.I've got something that is decid... by ddefer New Member in Splunk Search 11-12-2020 0 1	0	1
Bubble chart without numbers Is it so that you have to have numerical values for all the data in a bubble chart?I've got a table with 4 columns, b... by uthornander_spl Splunk Employee in Splunk Search 11-12-2020 1 0	1	0
how to table the hosts missing in splunk with lookup file for span=1d and for 7 days I've been poking around Splunk Answers for a while today and can't quite match the scenario I've got.I have a 100 hos... by vvemula Path Finder in Splunk Search 11-12-2020 0 1	0	1
How do I display 20% as an integer and still display as 20% If I execute...\| stats avg(mem_free_percent) as mfp by Region\| fieldformat mfp=round(mfp, 1)."%"It will display value... by heamik Engager in Splunk Search 11-12-2020 0 1	0	1
appendcols subsearch skewing timestamps in some circumstances I'm working with a system where each event has its own creation timestamp (always the same) and modification timestam... by benhooper Communicator in Splunk Search 11-12-2020 0 7	0	7
How to retrieve results from search manager ONLY when search is done? I can retrieve results from my search manager by using this type of code: var mydata = mySearchManager.data("resu... by pgoldweic Communicator in Splunk Search 11-12-2020 0 6	0	6
Can I not show the previous predict values in my chart? When using the predict command the time chart shows the calculated time chart value but also has the prediction line ... by aohls Contributor in Splunk Search 11-12-2020 0 3	0	3
why Searches running on only one Indexer ? Hi All , So I have two indexers in a cluster with CM Two SH's in a cluster with a deployer SH cluster is connected t... by ramarcsight Explorer in Splunk Search 11-12-2020 0 2	0	2
How to remove \ (backslash) using from URLs rex sed? I am trying to remove the escaped characters of "\" from the URLs coming in via a Twitter REST feed. Does anyone ha... by ccsfdave Builder in Splunk Search 11-12-2020 0 5	0	5
Splunk search query (not including the last x number of events) Hi,Is it possible to get splunk to search for a query and not include the last X number of events?thanks, by jboustead Explorer in Splunk Search 11-12-2020 0 1	0	1
piechart I want to create two pie chart each based upon the value of index I am choosing. using below two queries 1. index = i... by avneet26 Engager in Splunk Search 11-12-2020 0 5	0	5
Consolidate data from 2 indexes We have 2 index1. Having user name and his machine details and everything about his login 2. User name and his actual... by vikram_m Path Finder in Splunk Search 11-12-2020 0 8	0	8
How to extract Specific field and segregate the bunched eventslogs I have logs coming from AWS,first, I need to get just a message (which is an event) from the log Second, in some logs... by john_snow Engager in Splunk Search 11-12-2020 1 3	1	3
Error and Warning Count by Hour or date or timestamp I have my spark logs in Splunk . I have got 2 Spark streaming jobs running .It will have different logs ( INFO, WARN... by satyajit2007 Explorer in Splunk Search 11-12-2020 0 2	0	2
How To Filter IP Field Using Subnet Value Stored In Variable Hello, I am trying to create a drill down dashboard. Basically I want to pass a subnet value (which is currently repr... by joemarty82 Explorer in Splunk Search 11-11-2020 0 1	0	1
Using index/sourcetype ? How to get the details about the dashboards/alerts/Reports/data models in splunk ? Hi All,We are performing an impact analysis on the application data which are already getting ingested into splunk,... by Hemnaath Motivator in Splunk Search 11-11-2020 0 2	0	2
How do I create a calculated field based on data from a different type of log file? Hello,I am working with historical log data from a train system and I have two different types of log files:log1: eac... by ahmed Explorer in Splunk Search 11-11-2020 0 6	0	6
How to add total and percentage column in timechart Using a simple example: count the number of events for each host name... \| timechart count BY host> ... \| timechart c... by jerrysplunk88 Explorer in Splunk Search 11-11-2020 0 2	0	2
Combined Search - Difference in two lists This always feels exceptionally difficult to me, i'm not sure what i'm missing.I have a list of machines, a simple CS... by splunk219783 Path Finder in Splunk Search 11-11-2020 0 3	0	3