Splunk Search

Community Activity

Did anyonen else lose all of their "Splunk Answers" history? I am aware that answers.splunk.com has changed engines and is now community.splunk.com. The migration announcement st... by bloizides Observer in Splunk Search 08-18-2020 0 4	0	4
Is there a dashboard visualization that allows editing a lookup table in the UI instead of using lookup editor? Is anyone aware of a dashboard visualization that will allow me to edit a lookup table in the UI? Rather than using L... by daniel_althoff8 Loves-to-Learn in Splunk Search 08-18-2020 0 0	0	0
License Usage by Each Indexer License Usage by Each Indexer : Need to find license usage by each indexer. by vishaltaneja070 Motivator in Splunk Search 08-18-2020 0 2	0	2
How to pivot results table? I got above result from my splunk query: index="cx_aws" source="notifications-service"\|stats count by tokenValidator... by vinod0313 Explorer in Splunk Search 08-18-2020 0 1	0	1
How do I modify the span for timechart to match a chart I'm defining with a time range of "last 7 days"? Hello! I've been playing around with the timechart command and spanning, however, there is an issue I'm having when ... by goodsellt Contributor in Splunk Search 08-18-2020 2 17	2	17
Arithmetic operation on fields from different events Consider the below types of eventsfields : OS transaction numbersEvents: Win purchased ... by sstanlee Explorer in Splunk Search 08-18-2020 0 6	0	6
Populating non-existent values where multiple timestamp comparisons exist. We have the following SPL query which generates statuses (i.e. "Success", "Failure", "Warn") for various different "s... by adnankhan5133 Communicator in Splunk Search 08-18-2020 0 6	0	6
Key value field extraction from Cisco devices Hi there,digging deeper into the REST API and XML parsing. When running an XML status command on our Ironport I get t... by marcluescher Explorer in Splunk Search 08-18-2020 0 1	0	1
Checking when a field value has changed Hi team, I have a highly simplified set of log entries similar to the sample data below: \|makeresults \|eval dummy="... by rleyba828 Explorer in Splunk Search 08-18-2020 0 4	0	4
xyseries drops result with duplicate timestamp I have this data_timeEventCodeMessage2020-06-16T19:48:53+00:004136Too late now2020-06-16T19:49:53+00:001234I don't kn... by lstewart_splunk Splunk Employee in Splunk Search 08-18-2020 0 3	0	3
If / Then Conditional. Heres what i'm trying to accomplish: requestID status123456 errored321654 ... by codichulo Loves-to-Learn in Splunk Search 08-18-2020 0 3	0	3
What exactly does dedup_splitvals do? Hi,I can't grasp the concept of dedup_splitvals. I was writing search for a pie chart on my dashboard, something like... by vrulev_algn Loves-to-Learn in Splunk Search 08-18-2020 0 0	0	0
How to reformat search results? Helloi got result like below from the splunk queryABC123DEF456GHI789But i want to show like belowABCDEFGHI by vinod0313 Explorer in Splunk Search 08-18-2020 0 3	0	3
Add certain feilds to an existing query to filter the count Below is my existing query :i want to add ceratin common feilds with different value for the respective indexes .How ... by bapun18 Communicator in Splunk Search 08-18-2020 0 2	0	2
Splunk HelloI have a log like this:ABC=true,DEF=false,GHI=false,JKL=trueI want to show only ABC and JKL in the result,becaus... by vinod0313 Explorer in Splunk Search 08-18-2020 0 3	0	3
Multivalued field extraction This is the search i am using to extract key/value from the field "RID" with multivalued "DEF"\| rex max_match=0 fiel... by Abhi89 New Member in Splunk Search 08-18-2020 0 2	0	2
Using blacklist on Windows TA and XML events Hi, ive successfully blacklisted the windows event 4658 with this line_blacklist2 = $XmlRegex="<EventID>4658<\/EventI... by dieguiariel Path Finder in Splunk Search 08-18-2020 0 3	0	3
Enabling 'Insecure Login' within web.conf Hi guys,I'd like to be able to allow 'insecure' logins for my dashboards to be used with an internal signage solution... by driva Path Finder in Splunk Search 08-18-2020 0 2	0	2
Spath field extract with period Hi All,I am trying to extract fields using spath command. I noticed that fields with period in it cannot be extracted... by mpaw Explorer in Splunk Search 08-17-2020 0 4	0	4
Dynamic Search Query Based on Field Value I'm trying to create a search that always looks for the responses from the latest version of my app. The `version` fi... by normand1 Engager in Splunk Search 08-17-2020 0 2	0	2
Is there any online regex tool to create regular expressions for given sample data ? Is there any online regex tool to create regular expressions for given sample data ? by splunker12er Motivator in Splunk Search 08-17-2020 2 11	2	11
How to a merge value and a field name from two multi value fields? Hello, I have a Field with Oracle SQL_BIND and a second field with the SQL_TEXT, the SQL_BIND contains the values wh... by hugohctint Loves-to-Learn Lots in Splunk Search 08-17-2020 0 9	0	9
How do I convert a timestamp from one timezone to another (inline)? I have an issue where logs contain timestamps in zulu and the server uses local time for its index. I need to calcul... by weidertc Contributor in Splunk Search 08-17-2020 0 13	0	13
Retain columns in lookup table but not creating duplicates I have a saved search which runs every month and looks at my vulnerability events and outputs the results into a look... by tromero3 Path Finder in Splunk Search 08-17-2020 0 4	0	4
Extracting data from a search table Hello,I have a raw data file from which I am trying to extract data and create a dashboard out of it. From this raw f... by ssaini5 Explorer in Splunk Search 08-17-2020 0 1	0	1