Splunk Search

Community Activity

	Storing queried data so that it can be accessed across search head clusters attached to the same idexer I have begun to accumulate some reference information about my company's AWS environment based on a bunch of queries.... by MonkeyK Builder in Splunk Search 08-20-2020 0 2	0	2
	Move or add Y axis to the right of multi-series line chart I've made the following multi-series line chart (details) where it makes much more sense to have the Y axis on the ri... by benhooper Communicator in Splunk Search 08-20-2020 0 0	0	0
	Find percentage of two numbers Hi, I am trying to search through some patch data to find percentage of devices that have been patched against the to... by FraserC1 Path Finder in Splunk Search 08-20-2020 0 9	0	9
	Regex help for incident I am using below query to fetch Incident from the subject line:—rex field=subject max_match=0 “(?<Incident>INC\d+)”ho... by priya0709 Path Finder in Splunk Search 08-20-2020 0 5	0	5
	Regex field help Hi All,need help in 2 regex problem.1. Filtering Class_Type value from the _raw . "Ticket_ID": "8158", Please see Wo... by jerinvarghese Communicator in Splunk Search 08-20-2020 0 1	0	1
	avoid search job being queued indefinitely Hi,Using the api I am submitting searches to splunk. Sometimes, the jobs remain in queued state forever. I can see wh... by henryw374 New Member in Splunk Search 08-20-2020 0 0	0	0
	Populate drop down with eval values Hello,Is it possible to populate drop down in Dashboard with eval values. I have a query as given below which returns... by subhrangshu Explorer in Splunk Search 08-20-2020 0 2	0	2
	How to compare a search field value with a field value in a lookup ? Hi,My issue is : I have a query which contains a "NetworkIterface" field: eni-12345, eni-6789, ...I have a lookup whi... by mah Builder in Splunk Search 08-20-2020 0 1	0	1
	How to include timestamp of most recent event in a comparison between current day and a prior period I have a search that compares the number of events for the current day, for a given combination of fields, to the dai... by djhowie New Member in Splunk Search 08-19-2020 0 7	0	7
	How to join two sourcetypes by hostname field and create a table? Hello, I need to make a report with 2 different sourcetypes.For the first sourcetype, lets call it st1, I have the li... by 3DGjos Communicator in Splunk Search 08-19-2020 0 3	0	3
	How to transform data base on the value of the field? Hello all, I need to get the total each column of the date and create a new column that showing the date column base ... by ChioNeng Explorer in Splunk Search 08-19-2020 0 2	0	2
	How to compare the data from CSV and get the desired result I have a CSV (domains.csv) that contain the list of domains. I have uploaded into Splunk and get the result using [\| ... by nitinpa Observer in Splunk Search 08-19-2020 0 6	0	6
	Exclude results where two or more fields match I am trying to understand how to remove results where "field_a" and "field_a" each contain a certain value together i... by iomega311 Explorer in Splunk Search 08-19-2020 0 2	0	2
	Timechart with multiple where like statements Hello Guys,I'm trying to plot multiple values onto a time chart. These values are collected through a Where Like stat... by Marco Communicator in Splunk Search 08-19-2020 0 7	0	7
	How to hide dashboard panels ? I have a drill down in my dashboard.When I select any choice from the drill down other two panels(reports) will appea... by vinod0313 Explorer in Splunk Search 08-19-2020 0 1	0	1
	Is there a way to do retention based on sourcetypes? Hi rteam, We have too many index created and now planning to have different retention duration based on sourcetypes.... by prabhu77749 Explorer in Splunk Search 08-19-2020 0 1	0	1
	Change In Sourcetype Format Before a change was made, data was originally being sent to Splunk in the example of { %a \| %b \| %c \| %d }. Now after... by BookerT14 Engager in Splunk Search 08-19-2020 0 4	0	4
	Why are the queues full and searches in error on Search Head? Hello, We are having some issues finalizing the installation of our Splunk environment. We have 2 Linux servers: 1 Se... by performancemoni Path Finder in Splunk Search 08-19-2020 0 1	0	1
	Combine a numerical field with a string field separated with a dash Hello,I am trying to combine couple of fields data separated by a dash. Tried few options but could not get the expec... by subhrangshu Explorer in Splunk Search 08-19-2020 0 2	0	2
	Extracting a JSON boolean value I've been unable to get a boolean value extracted from JSON written to Splunk. The data looks like this: build: {<!-- --> ... by danl Explorer in Splunk Search 08-19-2020 0 5	0	5
	Why do these seemingly identical searches return different results when sorted? I have four versions of a nearly identical search. The last one returns a completely different result. What is it a... by CarbonCriterium Path Finder in Splunk Search 08-19-2020 0 3	0	3
	Filtering a Field Extracted with Rex Hello,I am having trouble with filtering fields extracted using rex as follows:rex max_match=0 field=sessions_as_clie... by user333 Engager in Splunk Search 08-19-2020 0 2	0	2
	Separate rows for a string ? I have a string like this below{ABC,DEF,GHI,JKL}i am able to show it as below in my result 1. ABC DEF GHI JK... by vinod0313 Explorer in Splunk Search 08-19-2020 0 1	0	1
	How to search indexed JSON array output for objects that match a distinct name/value pair I'm calling a REST API using curl on a UF to collect data from a remote DataPower appliance; the output is in JSON fo... by beetlegeuse Path Finder in Splunk Search 08-19-2020 0 2	0	2
	Case open count and trend history We're using a REST API to connect to a case / monitoring system and retrieve any data newer than the last run. This d... by benhooper Communicator in Splunk Search 08-19-2020 0 5	0	5