Splunk Search

Community Activity

Only the raw field has data.rest everything and every field is empty I have an issue where the raw data shows up with data but when I query it, all the other fields come up as empty. I ... by vishtrip New Member in Splunk Search 09-09-2020 0 1	0	1
Error in 'eval' command: Typechecking failed. '-' only takes numbers I have tried many ways to get the difference between two numbers. Here is what I have tried. try 1: event=subscript... by raytroy New Member in Splunk Search 09-09-2020 0 3	0	3
Show 0% if no results are found I have the following search: index="automox" sourcetype="automox:devices" server_group="Windows Server Pilot" \| ded... by FraserC1 Path Finder in Splunk Search 09-09-2020 0 10	0	10
Assistance with combining / joining on 2 large data sets I have 2 large data sets Data Set 1 (Assets) contains information about devices. For example the dataset will have t... by willadams Contributor in Splunk Search 09-09-2020 0 5	0	5
Appending Searched parsing output I m using append query multiple times for different searches for same index.Its parsing my job. Please advise solutio... by Manasi25 Explorer in Splunk Search 09-09-2020 0 13	0	13
How to compute the duration based on Time picker Basically, I want to get duration based on the time picker.Example, If i select Year to Date in the time picker, i wa... by Noob_splunker Explorer in Splunk Search 09-09-2020 0 1	0	1
Display only the top 5 values in count column Id like to be able to display only the top Total values, struggling with this by sphiwee Contributor in Splunk Search 09-09-2020 0 4	0	4
get the latest value in an array Hi Guys,I am working on searching data from Servicenow ticket, and tickets normally have some status for example:#Tic... by garumaru Explorer in Splunk Search 09-09-2020 0 2	0	2
_time format Our data input contains two timestamp fields — creation_time and modification_time — both formatted in line with ISO ... by benhooper Communicator in Splunk Search 09-09-2020 0 11	0	11
Splunk Returning different Stats for same time range. I have a scheduled report that runs monthly for the previous month. It runs a cron job 00 08 1 * *. I need to go back... by djreschke Communicator in Splunk Search 09-08-2020 0 10	0	10
Splunk If else and severity search query I am trying to write splunk search where I have 2 conditions and my query returns the results based on that for examp... by puneetkharband1 Path Finder in Splunk Search 09-08-2020 0 3	0	3
Simple Name for Variable Apologies in advance as im new to SplunkIm trying to put a name to each line below. Each src to dst is a business cli... by sy_price Engager in Splunk Search 09-08-2020 0 4	0	4
Calculated field in data model is not available in search I created a calculated field in my datamodel, freight_service_error_list_martin, called loggerPackage that is the ext... by marting456 Explorer in Splunk Search 09-08-2020 0 4	0	4
Calculate average of each column at the bottom Hi ,Can anyone help me- how to get average of the all the columns at the bottom.The output should be like - ctime tot... by sahil237888 Path Finder in Splunk Search 09-08-2020 0 4	0	4
When trying to extract new field, why do I get "Error in 'SearchOperator:loadjob': ... cannot proxy an ad-hoc job in a searchhead cluster." error? While I am trying to extract a new field, I get this error Error in 'SearchOperator:loadjob': The search artifact fo... by buchs Explorer in Splunk Search 09-08-2020 1 10	1	10
Other use cases for fieldsummary? I'm not sure if there is an answer to this question but as of right now, I'm using fieldsummary to get a better under... by cee137 Explorer in Splunk Search 09-08-2020 0 2	0	2
Dynamic variable fields generation Hello Splunk CommunityI would like to know if I can create a new column field from a multivalue fieldMV field = 1, 2,... by victorsalazar Explorer in Splunk Search 09-08-2020 0 3	0	3
How to create a base search that uses values from a multi-value field as indices? I have a lookup table. Let's say the lookup table contains a column called "a". The "a" column contains a list of ind... by jsven7 Communicator in Splunk Search 09-08-2020 0 3	0	3
props deployed on SHCluster but no extractions Hi, A bit of a strange one that I can't workout. I have a deployer server and a search head in one DC and 2 searchh... by cdstealer Contributor in Splunk Search 09-08-2020 0 8	0	8
Search event is not providing output for fields We have created http event with below command: http://localhost:8088/services/collectorBody:{ "sourcetype":"trial... by pallavi_prabhu_ Explorer in Splunk Search 09-08-2020 0 5	0	5
Datamodel use case How do we come to conclusion which Data Model will be applied to specific use case?raw data like id: 8766899, timesta... by mag85032 Engager in Splunk Search 09-08-2020 0 1	0	1
How to capture the date on line 3 of a csv file, while the header fields begin on line 5 Dear Community, I Have a csv file with no timestamp with the data, I only have a timestamp on the beggining of the fi... by marcos_eng1 Explorer in Splunk Search 09-08-2020 0 4	0	4
"Field1" can have one value as either yes or no. Calculate count for yes as count1 and count for no "Field1" can have one value as either 'yes' or 'no'. I want to calculate count for 'yes' as count1 and count for 'no'... by VS0909 Communicator in Splunk Search 09-08-2020 0 4	0	4
Replace Multiple Strings in a field with values Need to replace strings present below in a field with the respective values.Field1 = "This field contains the informa... by deepak_negi02 New Member in Splunk Search 09-08-2020 0 5	0	5
How do I search for a single specific event? How do I search for a single specific event? Is there event id provided using Rest api of create event of HTTP event ... by pallavi_prabhu_ Explorer in Splunk Search 09-08-2020 0 3	0	3