Splunk Search

Community Activity

How to use events only from 'active' host? I have 2 different data set:1. host and prevStatus field with IDLE value2. server (same values as host) and server st... by JykkeDaMan Path Finder in Splunk Search 10-29-2020 1 1	1	1
Join by time range Hi all, Possible to join 2 search results like following? Set 1:_time field1field2field3 (common field) Set 2:_time ... by stwong Communicator in Splunk Search 10-29-2020 0 3	0	3
If I use more than 6 times append command in query the Chart command shows incorrect result I ran the below query,index=s sourcetype=S_1 \| search Gene="dow" OR Gene="x" OR Gene="ari" OR Gene="lia" OR Gene="SX"... by nivethainspire_ Explorer in Splunk Search 10-29-2020 0 4	0	4
Regex replace field text Hello everyone,I was wondering if this kind of search is possible. I want to replace the text from my search which lo... by g_paternicola Path Finder in Splunk Search 10-29-2020 0 4	0	4
ML query to detect categorial outlier per field per day comparing with other day statistics Hello All,I am trying to find categorial outlier for all the emails sent from our environment with respect to its cou... by Janani_Krish Path Finder in Splunk Search 10-29-2020 0 0	0	0
Missing calculated field Hi,In the logs being ingested Splunk isn't automatically pulling out the action field, so I'm trying to create one fo... by ebs Communicator in Splunk Search 10-28-2020 1 5	1	5
search strptime function using %Z and tz database time zones Greetings,Quoting fromhttps://docs.splunk.com/Documentation/Splunk/7.2.6/SearchReference/Commontimeformatvariables, ... by kscher Path Finder in Splunk Search 10-28-2020 0 2	0	2
Create new field based off combination of 2 so I have some data that comes in via a TCP input. I want to quickly run a specific search but it requires me to have... by jachockey012 Explorer in Splunk Search 10-28-2020 1 7	1	7
Interesting fields/values , MLTK, etc Hi All,I got a bunch of logs, from which I would like get some business values. Using with or without MLTK. I would l... by inventsekar SplunkTrust in Splunk Search 10-28-2020 0 3	0	3
Add comments to search code inside search field Hello everybody, using Splunk 8.1.0 and relaterd to https://docs.splunk.com/Documentation/Splunk/8.1.0/Search/Parsing... by sergeblr Explorer in Splunk Search 10-28-2020 1 6	1	6
Splunk more than one mvcount or if statement in mvcount Hi Community, I'm trying to optimize an existing query to only return values only if a condition is met. The existing... by Pmeiring Explorer in Splunk Search 10-28-2020 1 2	1	2
How to return first 2 events in a httpSession? Hi team,I have below sample raw data in splunk: Spoiler2020-10-27 06:43:56.351 action=view_page httpSessionID = 11202... by cheriemilk Path Finder in Splunk Search 10-27-2020 0 4	0	4
Response time, error count, transaction per second in one graph I would like to get response time(95 percentile), error count and transaction per second in one graph timechart. This... by jaango123 Engager in Splunk Search 10-27-2020 0 0	0	0
How could I optimize distributed replication of large lookup tables Say I have a distributed environment with 1 search head and 4 indexers. On the search head, I am updating a lookup ta... by Dan Splunk Employee in Splunk Search 10-27-2020 2 5	2	5
Multiple 'Where' conditions Hi I have the below query.But its output is "no results found".I dont know what mistake am I making.Please help index... by sweety1309 Explorer in Splunk Search 10-27-2020 1 7	1	7
Creating a line graph based on two different medians I have a table below in splunk. I'm trying the create a line graph which would graph four lines. The X axis would be ... by wajeeh911 Engager in Splunk Search 10-27-2020 0 1	0	1
How do I show more fields after the stats count by command? I need to add more columns to a search after results are counted. Here's my query index=wineventlog EventCode=4740 h... by jcolon68 Explorer in Splunk Search 10-27-2020 1 10	1	10
Link to Oldest ServiceNow Incident in Splunk Alert Email Hi All!When we choose to send an email as an alert action in Splunk, is there a way for Splunk to take the oldest Ser... by michaelsplunk1 Path Finder in Splunk Search 10-27-2020 0 3	0	3
Splunk ServiceNow Integration "snowincident" Command Hi Everyone!Does the "snowincident" command always create an incident upon being called? I want to use this in an ale... by michaelsplunk1 Path Finder in Splunk Search 10-27-2020 0 0	0	0
match between field with delimited num values and a number field Hello, am trying to run a query like below: basequery \| where match(stringFieldConsistingOfNumsDelimitedBy#, numField... by praveenvvn Explorer in Splunk Search 10-27-2020 1 10	1	10
Unable to get data on statistics using stats Hi , I am trying to run a splunk query and i am able to generate the required filed . however i am facing difficultie... by vplunk Explorer in Splunk Search 10-27-2020 0 0	0	0
Stats with Join I have set of hosts that are installed with different versions of software but logging to the same index, and I need ... by doppiolover Loves-to-Learn Lots in Splunk Search 10-27-2020 0 2	0	2
Multiple field values combined into two different fields Hello SplunkersI have the following field: MessageThe Message fields have the following values: 1,2,3,4,5,6,7,8,9,10... by jason_hotchkiss Communicator in Splunk Search 10-27-2020 0 1	0	1
replacing values with "***" I have a field "users" that spits out the result "*" I want to replace the *** with an IP address its actually ... by hurryupfool123 Explorer in Splunk Search 10-27-2020 0 2	0	2
view default index How can I view the default index of a user?In other words, if user runs a search within splunk search app and does no... by trojan_81 Path Finder in Splunk Search 10-27-2020 0 2	0	2