Splunk Search

Community Activity

	Regex field help Hi All,need help in 2 regex problem.1. Filtering Class_Type value from the _raw . "Ticket_ID": "8158", Please see Wo... by jerinvarghese Communicator in Splunk Search 08-20-2020 0 1	0	1
	avoid search job being queued indefinitely Hi,Using the api I am submitting searches to splunk. Sometimes, the jobs remain in queued state forever. I can see wh... by henryw374 New Member in Splunk Search 08-20-2020 0 0	0	0
	Populate drop down with eval values Hello,Is it possible to populate drop down in Dashboard with eval values. I have a query as given below which returns... by subhrangshu Explorer in Splunk Search 08-20-2020 0 2	0	2
	How to compare a search field value with a field value in a lookup ? Hi,My issue is : I have a query which contains a "NetworkIterface" field: eni-12345, eni-6789, ...I have a lookup whi... by mah Builder in Splunk Search 08-20-2020 0 1	0	1
	How to include timestamp of most recent event in a comparison between current day and a prior period I have a search that compares the number of events for the current day, for a given combination of fields, to the dai... by djhowie New Member in Splunk Search 08-19-2020 0 7	0	7
	How to join two sourcetypes by hostname field and create a table? Hello, I need to make a report with 2 different sourcetypes.For the first sourcetype, lets call it st1, I have the li... by 3DGjos Communicator in Splunk Search 08-19-2020 0 3	0	3
	How to transform data base on the value of the field? Hello all, I need to get the total each column of the date and create a new column that showing the date column base ... by ChioNeng Explorer in Splunk Search 08-19-2020 0 2	0	2
	How to compare the data from CSV and get the desired result I have a CSV (domains.csv) that contain the list of domains. I have uploaded into Splunk and get the result using [\| ... by nitinpa Observer in Splunk Search 08-19-2020 0 6	0	6
	Exclude results where two or more fields match I am trying to understand how to remove results where "field_a" and "field_a" each contain a certain value together i... by iomega311 Explorer in Splunk Search 08-19-2020 0 2	0	2
	Timechart with multiple where like statements Hello Guys,I'm trying to plot multiple values onto a time chart. These values are collected through a Where Like stat... by Marco Communicator in Splunk Search 08-19-2020 0 7	0	7
	How to hide dashboard panels ? I have a drill down in my dashboard.When I select any choice from the drill down other two panels(reports) will appea... by vinod0313 Explorer in Splunk Search 08-19-2020 0 1	0	1
	Is there a way to do retention based on sourcetypes? Hi rteam, We have too many index created and now planning to have different retention duration based on sourcetypes.... by prabhu77749 Explorer in Splunk Search 08-19-2020 0 1	0	1
	Change In Sourcetype Format Before a change was made, data was originally being sent to Splunk in the example of { %a \| %b \| %c \| %d }. Now after... by BookerT14 Engager in Splunk Search 08-19-2020 0 4	0	4
	Why are the queues full and searches in error on Search Head? Hello, We are having some issues finalizing the installation of our Splunk environment. We have 2 Linux servers: 1 Se... by performancemoni Path Finder in Splunk Search 08-19-2020 0 1	0	1
	Combine a numerical field with a string field separated with a dash Hello,I am trying to combine couple of fields data separated by a dash. Tried few options but could not get the expec... by subhrangshu Explorer in Splunk Search 08-19-2020 0 2	0	2
	Extracting a JSON boolean value I've been unable to get a boolean value extracted from JSON written to Splunk. The data looks like this: build: {<!-- --> ... by danl Explorer in Splunk Search 08-19-2020 0 5	0	5
	Why do these seemingly identical searches return different results when sorted? I have four versions of a nearly identical search. The last one returns a completely different result. What is it a... by CarbonCriterium Path Finder in Splunk Search 08-19-2020 0 3	0	3
	Filtering a Field Extracted with Rex Hello,I am having trouble with filtering fields extracted using rex as follows:rex max_match=0 field=sessions_as_clie... by user333 Engager in Splunk Search 08-19-2020 0 2	0	2
	Separate rows for a string ? I have a string like this below{ABC,DEF,GHI,JKL}i am able to show it as below in my result 1. ABC DEF GHI JK... by vinod0313 Explorer in Splunk Search 08-19-2020 0 1	0	1
	How to search indexed JSON array output for objects that match a distinct name/value pair I'm calling a REST API using curl on a UF to collect data from a remote DataPower appliance; the output is in JSON fo... by beetlegeuse Path Finder in Splunk Search 08-19-2020 0 2	0	2
	Case open count and trend history We're using a REST API to connect to a case / monitoring system and retrieve any data newer than the last run. This d... by benhooper Communicator in Splunk Search 08-19-2020 0 5	0	5
	Removing some results from stats count by function Hi all,I'm a bit of a newbie to splunk but I was trying to create a dashboard using the stats count by function for a... by DCUpro Explorer in Splunk Search 08-19-2020 0 2	0	2
	time difference between two events HiI am using below query to get the details of alarms which has (one Warning and one OK status) or (one Critical and ... by surekhasplunk Communicator in Splunk Search 08-19-2020 0 8	0	8
	Add several information on a point Hi everyone, I'm looking for how to add information on a graphical point. My graph shows only an average and an ofnum... by Lucie99 Explorer in Splunk Search 08-19-2020 0 2	0	2
	data joins I've got a few different tables, all csv, that provide different information.The main events table includes a bunch o... by friskyapple Explorer in Splunk Search 08-19-2020 0 1	0	1