Splunk Search

Community Activity

ML - best practice fillnull value to use for avg response time when count=0 Hi, I'm relatively new to Splunk. I'm building searches for mcollect to parse and store metrics into a metric sindex.... by nathanwray New Member in Splunk Search 11-02-2020 0 0	0	0
Send Search Data to Custom Command? Hey All,I am wondering how you can make a search in Splunk, and then send the data it returns to a custom python comm... by srnixon New Member in Splunk Search 11-02-2020 0 2	0	2
identify server host names as developemnt or test by name Good afternoonI have a question about identifying the type of environment the servers are in by their hostnames being... by Hudond Path Finder in Splunk Search 11-02-2020 0 1	0	1
Duplicate entries in splunk search Hi Splunk expertsI need one help, the splunk search is giving me duplicate entries when I do a search. I have made su... by krishna_11 Explorer in Splunk Search 11-02-2020 1 6	1	6
Remove the first line of CSV to index in splunk I have a CSV file which first row contains the hear fields and remaining rows contains values as below. name,applicat... by Mayanakhan Explorer in Splunk Search 11-02-2020 0 1	0	1
Adding Field Values Generated by a \|stats latest(fieldvalue) command Hello - I have the following search:<base search>\| fields host registrations\| stats latest(registrations) by hostThis... by jason_hotchkiss Communicator in Splunk Search 11-02-2020 0 2	0	2
Disabling "Click Selection" on search results Under "Format", there's a setting for "Click Selection". I remember that in Splunk 6, I could set that to "None" (or ... by asf_stripe Explorer in Splunk Search 11-02-2020 0 2	0	2
How to group by two months. My query"mwt-service" my query \|stats count by channel service date_monthyields result likechannelservicemonthcountP... by tabishritz Observer in Splunk Search 11-02-2020 0 1	0	1
help on appendcols subsearch HelloI use the search below in order to calculate a volume percentage \| inputlookup host.csv \| lookup lookup_patch ... by jip31 Motivator in Splunk Search 11-02-2020 0 3	0	3
subsearches Spoilerhellohello by phoenix09 Loves-to-Learn in Splunk Search 11-02-2020 0 6	0	6
drilldown based on time Hi,the following pic shows the chart in the left hand side, i want a drilldown based on time when i click on the gra... by sanjeev Explorer in Splunk Search 11-02-2020 0 3	0	3
How to feed a dropdown list from the search linked to this fropdown list HiAs you can see in my XML I use a dropdown list which is feeded from a csv fileI would like to be able to feed this ... by jip31 Motivator in Splunk Search 11-02-2020 0 5	0	5
event field extraction We are unable to get more fields from search head. How we can to get more fields(all parsing fields) from event.Than... by c73235 Loves-to-Learn in Splunk Search 11-02-2020 0 2	0	2
Search - joining results in table Hello all,How would I join bellow results by common field -> host? Same index is used.I was able to create advanced a... by janitka Explorer in Splunk Search 11-02-2020 0 4	0	4
JSON I have a JSON file with .json extension which has a complete one line unstructured json. any events gets added to the... by divman Observer in Splunk Search 11-02-2020 0 0	0	0
Count distinct SPL help Hi, Looking forward to learn from you guys. I am stucked at this calculation: Total of product in contract.I made a s... by thuhuongle Explorer in Splunk Search 11-02-2020 0 2	0	2
Need to split string at last character before numeric value. So i have a possibly unique requirement, i'm trying to split up so log data but i have a string in one field that con... by JayWest New Member in Splunk Search 11-01-2020 0 3	0	3
Correlating two logs help, newbie Hi, Ok at this point I can barely spell SPLUNK but I have gone through a bootcamp course and I'm trying to pull off ... by curtgran Explorer in Splunk Search 11-01-2020 0 5	0	5
How to extract only latest events from particular field. Hi Folks,I need your help in fetching latest event from a particular field.Sharing you a sample event and query when... by prateeksawhney Explorer in Splunk Search 11-01-2020 0 15	0	15
Positive lookahead in rex to extract ABC, BCD, & CDE from ABCDE Hi, folks.I am stumped on this matter. My goal is extracting ABC, BCE, & CDE from ABCDE into a multivalue field.So fa... by Amusthofa Explorer in Splunk Search 11-01-2020 1 3	1	3
Show SSL certs due to expire across windows servers I have a CIM compliant log that includes an ssl_end_time which I am having trouble getting splunk to show me only cer... by stuconz Explorer in Splunk Search 11-01-2020 1 4	1	4
Splunk webhook for teams I want to create a splunk webhook that sends alerts to teams. With this search I dont want to receive emails in that ... by Dabraham23 New Member in Splunk Search 11-01-2020 0 0	0	0
How to extract the field value which has space Below is the sample field value from the event, sourceServiceName=Endpoint Web analyzedBy=Policy Engine Status=New S... by Anush Engager in Splunk Search 11-01-2020 0 2	0	2
2 index join not working Hi All,I need some advice or help,so I have 2 index I'd like to join but it seems not working as I expected :index an... by Laxman24 Explorer in Splunk Search 11-01-2020 0 1	0	1
searching in 3 specific time periods HelloI have a sourcetype that have a lot thousands of event each minute so it is very big.i have a use case that i ne... by avishni01 Explorer in Splunk Search 11-01-2020 1 3	1	3