Splunk Search

Community Activity

Unable to extract the field: 'Select Sample Event' fails I have a query which is able to fetch me the results. I want to extract the fields from raw data. So I click on 'Ext... by ghildiya Explorer in Splunk Search 07-26-2020 0 0	0	0
Finding duration for particular day if user did not disconnect session Hello,How can I find the duration to check the actual active hours of a user for a perticular day if the VPN session ... by himpawar Observer in Splunk Search 07-26-2020 0 0	0	0
Help on appendpipe HiI use the code belowIn the case of no FreeSpace event exists, I would like to display the message "No disk pace eve... by jip31 Motivator in Splunk Search 07-26-2020 0 8	0	8
Why am I unable to filter logs using props.conf & transforms.com? I am using universal forwarder. Created app named - cisco-ios. Then inputs.conf , props.conf & transforms.conf inside... by alexspunkshell Contributor in Splunk Search 07-26-2020 0 9	0	9
Multiple Evals with multiple values that requires renaming Hello,I understand that you can have two evals in one line but i keep getting several errors when i try to combine tw... by Corey_Heart Engager in Splunk Search 07-25-2020 0 4	0	4
What is the command to check if a field exists in one column but not in the other column? hello what is the command to check if a field exists in one column but not the other? for example, to count the "10... by avivn Explorer in Splunk Search 07-25-2020 0 8	0	8
How to calculate average based on 2 fields and group the result by values in the third field? Hi everyone, This is the first time, I've used Splunk. I have the data like this:ORDER_IDPRICEGROUP0000110A0000220B0... by dominhthe110 Explorer in Splunk Search 07-25-2020 0 4	0	4
how to refer to data between 2 sourcetypes I am running a search against my windows event logs, lets call it sourcetypeA. I need to use the IP address obtained... by sirching Loves-to-Learn Lots in Splunk Search 07-25-2020 0 1	0	1
How can i list the the results of saved reports simultaneously I have created the reports based on the errors in the OS.Saved Reports:Report_Name -- DescriptionNetwork -- Repo... by bala1185 Engager in Splunk Search 07-25-2020 0 0	0	0
Add Filter Query if Field Exists Hi. I already have a Splunk query that we use in a production environment. We are now adding a new field that we'd li... by lmattar Engager in Splunk Search 07-24-2020 0 2	0	2
Help for diisplay a message in a single panel following a token value HII use the code below and I would like that if the host I fill in my drilldown doenst exists J have the message "No ... by jip31 Motivator in Splunk Search 07-24-2020 0 3	0	3
How to use timechart to display failed user login info, sorted by time/date of each login attempt? I'm trying to display failed user login information by using a timechart but I'm not sure how to show the time and da... by rkris Explorer in Splunk Search 07-24-2020 0 5	0	5
Taking daily "OPEN"/"CLOSED" reports and creating a monthly avg So suppose that everyday Splunk takes in a report that houses 9 different fields, one of which is called 'status'. St... by Username1 Path Finder in Splunk Search 07-24-2020 0 6	0	6
Why is the rename command not working when using it to rename with _time field? Hello Team, Whenever i use the rename command to rename the _time field than output comes in the binary fomart. For E... by harsh5523 New Member in Splunk Search 07-24-2020 0 2	0	2
Does maxTotalDataSizeMB parameter in indexes.conf still apply if we use volume for coldPath and homePath? Hello guys, does maxTotalDataSizeMB parameter in indexes.conf will still apply if we use volume for coldPath (and hom... by splunkreal Motivator in Splunk Search 07-24-2020 0 1	0	1
I need a search to find mapping of roles to AD Groups and indexes I have been able to find searches for roles mapped to AD Groups, but I need to get the indexes those roles are allowe... by nls7010 Path Finder in Splunk Search 07-24-2020 0 1	0	1
Help with field extraction and table Hi I hope someone can help me .. I am completely new to Splunk. Although I love it so far I don't really know how to ... by splunknoob Engager in Splunk Search 07-24-2020 0 3	0	3
data extraction from Nested JSON data and print only corresponding details H Team, Am trying to fetch the nicSwitch* details of only corresponding nicName from the below json data, which i cou... by bala1185 Engager in Splunk Search 07-24-2020 0 3	0	3
Count for same field but for non occurring values based on other field. In below example I want only count of "a" as he has not paid till the end. And also the data entries are many which c... by shravanikarale Loves-to-Learn Lots in Splunk Search 07-24-2020 0 5	0	5
time span = week Hello, I am trying to span for 1 week and 1 month chart from the summary index search, but When in use \| bin span=1w,... by gowtham08091 Explorer in Splunk Search 07-24-2020 0 3	0	3
How to make another search in if condition using eval Hello,I think this might be simple but need some guidance. Any help would be really appreciated.I have a log and in w... by mnarmada Path Finder in Splunk Search 07-24-2020 0 4	0	4
Performance in inputlookup vs lookup (command) There is a big difference in term of performance in using "inputlookup" and "lookup" from the following queries with ... by lucas4394 Path Finder in Splunk Search 07-24-2020 0 5	0	5
Convert from any timezone to UTC How do I convert a timestamp from any timezone to UTC in splunk? I have a field "DeviceTime" that can hold any time z... by rockstarter New Member in Splunk Search 07-23-2020 0 2	0	2
Using mstats with eval grouped by field I wanted to graph the computed value of two fields and group the result by another field: \| mstats avg(kube.pod.cpu.l... by prandelicious Loves-to-Learn Lots in Splunk Search 07-23-2020 0 9	0	9
How to get current GMT time? I have a search: search \| eval difference=now() - strptime(createdDate,"%Y-%m-%d %H:%M:%S.%3N") This works, excep... by Sundried Explorer in Splunk Search 07-23-2020 1 5	1	5