Splunk Search

Community Activity

Assistance with Lookup / Search Query I am trying to run a query where it compares a search result field against a field in the lookup table. I was able to... by CyberCyberSec Loves-to-Learn in Splunk Search 08-27-2020 0 4	0	4
Running scheduled searches in other timezones Hi all,My team is embarking on the Summary Indexing journey as our environment is getting larger. We have various ten... by kaeleyt Path Finder in Splunk Search 08-27-2020 0 1	0	1
Accumulate values for a multi value field by key Hi,Let's say I can get this table using some Splunk query.idstages1key1,100key2,200key3,300 2key1,50key2,150key3,2503... by unbelievable_ma Explorer in Splunk Search 08-27-2020 0 4	0	4
Use rex to extract a field "https://api.internal.t-mobile.com/customer-credit/v3/pre-screen-credit-offer/personal": Read timed out; nested excep... by irvindominguezs Explorer in Splunk Search 08-27-2020 0 1	0	1
Users loging into workstations with local admin or domain admin privs First off, I am very new to Splunk and that may be my downfall. Our latest Splunk guru has left and this fell to me r... by ldefoor New Member in Splunk Search 08-27-2020 0 5	0	5
metadata command returns duplicate sourcetypes - "WinEventLog" HelloI have this command:\| metadata type=sourcetypes index=wineventlogThe problem is that there are returned multiple... by net1993 Path Finder in Splunk Search 08-27-2020 0 2	0	2
Windows Server - High CPU for process - Splunk Cloud Hello,We need to find the highest CPU consumed Process in the windows machine, not the total highest cpu.Please help ... by dkgs Communicator in Splunk Search 08-27-2020 0 4	0	4
How to add an additional dummy row to a table? I have a search that outputs a table with two columns, one for log source one for total count (using stats count). I'... by tromero3 Path Finder in Splunk Search 08-27-2020 0 2	0	2
Reading error while waiting for peer XXX. Search results might be incomplete! [...] Hi everybody,I've attached an error that occurs recently on the splunk infrastructure based on a SHC of 3 members and... by lauraG85 Engager in Splunk Search 08-27-2020 0 1	0	1
how do I chart with 3 or more fields HiWe have multiple automated tests running with different IDs and jenkins build number. One testid, build can have mu... by uptoNoGood Explorer in Splunk Search 08-27-2020 0 0	0	0
If Statment or Nested If This statement works: \| eval Reason = if (Failure_Code = "0x12", "Account disabled, expired, locked out, logon hours... by hartfoml Motivator in Splunk Search 08-27-2020 4 14	4	14
stats values(*) missing columns / truncated columns (fie I'm trying to get list of all fields in a index and oddly enough there's missing fields through the two methods below... by aa70627 Communicator in Splunk Search 08-27-2020 0 2	0	2
How to add the splunk search results to an existing lookup table? Hello,I would need to add the splunk search results to an existing lookup table. Example.I have a splunk lookup tabl... by gowtham08091 Explorer in Splunk Search 08-27-2020 0 2	0	2
Sort not working when change the time format Hi all, got the problem with sort,When I change the time format from default e.g. 2020-05-08 19:46:20 to this :08/05/... by Pajkow Engager in Splunk Search 08-27-2020 0 1	0	1
Showing table despite no result Hi, I have base search which has appname field which lists all apps I have on splunk instance. I would like to output... by k31453 Explorer in Splunk Search 08-27-2020 0 3	0	3
Consolidating results on to one line Hi,The search I have returns two events.One event has the following field:patches{}.name - This is patches that are t... by FraserC1 Path Finder in Splunk Search 08-27-2020 0 2	0	2
How to convert this SQL query to splunk search 8/24 updateI'm sorry, I didn't describe the problem well.I re-corrected the description.I need to find "parent" in t... by foxychen Engager in Splunk Search 08-27-2020 0 7	0	7
What should be the search string and trigger alert condition for below mentioned alert scheduling scenario. Hi All,I have a search string like below: index=qrp STAGE IN ("*_LDD",TRADE_EVENT,SOPHIS_TRANS,SOPHIS_INSTR,ORDER_EVE... by Snehaan Explorer in Splunk Search 08-27-2020 0 3	0	3
TIME_FORMAT issue with 10:21:00 and 06:10:21 I have a time format issue with Splunk logs . events are not coming correctly against the correct timestamp. in props... by vijayakumarkb Explorer in Splunk Search 08-27-2020 0 14	0	14
Searching in model created with TDIDF, StandardScaler and PCA Hi All,I followed Ian's blog (https://blog.arcusdata.io/splunk-mltk-to-predict-kb-articles) and it is a nice blog.But... by Madere Observer in Splunk Search 08-27-2020 0 0	0	0
Using data in a lookup table as part of a search I'm trying to use a lookup table to find records in my database, but I'm not having much luck. It may just be that I'... by richhart_1963 Engager in Splunk Search 08-27-2020 0 3	0	3
lookup already exist why am I getting "Encountered the following error while trying to save: An object with name=prices_lookup already exi... by alexruiz22 New Member in Splunk Search 08-26-2020 0 0	0	0
Can you use the predict command with multiple fields without having to type them all? Hi, I am looking to use predict command with multiple fields without typing all their names. For example I know it c... by splunkiesplunkh Explorer in Splunk Search 08-26-2020 1 10	1	10
Specify specific time range in query Hello SplunkersI have an IIS log that I am testing against and I have a need to test for a specified rangeThe _time ... by irishmanjb Path Finder in Splunk Search 08-26-2020 0 17	0	17
How do you match ip address with ip's with CIDR notations in the same lookuptable? We have a CSV with a field called application and another called IP. Within the field ip there are ip addresses and ... by UMDTERPS Communicator in Splunk Search 08-26-2020 0 8	0	8