Splunk Search

Community Activity

	Restricting a timechart to exclude the OTHER series when using a where clause The Splunk Docs have this example under timechartExample 3: Show the source series count of INFO events, but only whe... by jimhobday Engager in Splunk Search 07-02-2020 0 2	0	2
	Compare Current date with field Date I am trying to compare the current date with the lastInformTime I have tried \| eval but nothing seems to work. index=... by dlnewman Loves-to-Learn in Splunk Search 07-02-2020 0 1	0	1
	Web datamodel contains negative values for bytes ingested from Umbrella proxylogs The Web datamodel contains negative values for bytes ingested from Umbrella proxylogsbelow is the query that we are u... by nagamadhupriyan Loves-to-Learn Lots in Splunk Search 07-02-2020 0 2	0	2
	How to add join in one index This is the piece of code i tried so far but the join part is not working for me i don't know why ((index="ata" sourc... by rj12 Loves-to-Learn Lots in Splunk Search 07-02-2020 0 2	0	2
	Splunk savesearch expires but still running Hi I would like to ask why is the Splunk Realtime Savesearch still running even it's expired. Also whats the purpose ... by jadengoho Builder in Splunk Search 07-02-2020 0 2	0	2
	How to exclude the private ip range I try to exclude the private ip range with command \| search NOT ( src=10.0.0.0/8 OR src=192.168.0.0/16 OR src=172.16.... by nareerat_pr Explorer in Splunk Search 07-02-2020 0 2	0	2
	How to create flexible search strings? Hello Experts,I am wondering is there any ways to make the search strings flexibly? Like I have multiple queries as b... by thinhdinh Path Finder in Splunk Search 07-02-2020 0 3	0	3
	Subtract the Results of one search from another search Search 1 : index=index_123 (msg="xyz") \| rex field=msg "results\":{\"(?<abc1>.)\" " \| stats values(_time) as abc1... by ramkomarapu Loves-to-Learn in Splunk Search 07-01-2020 0 3	0	3
	create an alert from two diffrent events We are looking to create an alert that will trigger if two distinct events happens. The first event is a DB health ch... by bballad Explorer in Splunk Search 07-01-2020 0 3	0	3
	Remove additional timestamp from the logs Hi Alli have onboarded linux logs from S3--> Splunk . I found additional timestamp is getting attached to the events.... by zaan New Member in Splunk Search 07-01-2020 0 1	0	1
	append or multi search Trying to make search more efficient. Any tips? Would multi search work more efficiently?index=<myindex> sourcetype=... by eus_e2e_enginee Engager in Splunk Search 07-01-2020 0 2	0	2
	How to set span for 1 day and 2 hours? This is my query and I have some challenges in the log. The thing is my daily job will start at 11 PM. If the job run... by karthi2809 Builder in Splunk Search 07-01-2020 0 0	0	0
	find other results using search results from first query its been a while since I've worked with splunk I have an error detail that I can search in splunk:index=* errorMessag... by donrtowery New Member in Splunk Search 07-01-2020 0 1	0	1
	Timechart count by a changing field name I receive a new csv file every day in the following format:color 1/22/20 1/23/20 1/24/20 1/25/20yellow 1 ... by richnsanders_70 Path Finder in Splunk Search 07-01-2020 0 4	0	4
	external_lookup.py is missing Hi,I'm trying to setup a DNS lookup following the instructions her: https://docs.splunk.com/Documentation/Splunk/8.0.... by chrkohm Path Finder in Splunk Search 07-01-2020 0 1	0	1
	How to use makemv with tokenizers while keeping non-matching events? Hi, I have events similar to this example: 1) date1, id1, misc 2) date2, id2, misc 3) date3, , misc 4) date4, id3 and... by Gunnar Explorer in Splunk Search 07-01-2020 0 2	0	2
	How do you use regex to escape a backslash? Hi, I have the following regex which works on regex101, but gives me an error when I try and use this within a Splun... by jacqu3sy Path Finder in Splunk Search 06-30-2020 0 7	0	7
	Fast mode being set automatically I always use Verbose mode Sometimes I open splunk and it is set as Fast mode as default, why is splunk switching from... by gmuller1 Engager in Splunk Search 06-30-2020 0 4	0	4
	Can i display panel with Even or Odd Click on chart ? Hi all,Can i display left and right panel based on Even or Odd Click ?For example,I have a chart. And a row with titl... by akira2211 Explorer in Splunk Search 06-30-2020 0 4	0	4
	How can we compare two dynamic field values from two lookups Hi All,I am urgently looking for a help . I have one field object_name which is present in lookup X1.csv and has valu... by Trishla Loves-to-Learn Lots in Splunk Search 06-30-2020 0 1	0	1
	How to timewrap using the last 1 hour and check the same hour for previous 7 days Hi everyone,I want to create an alert which runs every hour, checks the last 60 minutes of events to get the count nu... by Sam1 Explorer in Splunk Search 06-30-2020 0 6	0	6
	Stuck yet again. percent difference between two searches So i have this search: index="sense_power_monitor" \| where 'usage_info.solar_w'>=0 \| bin _time span=1h \| stats co... by pir8radio Path Finder in Splunk Search 06-30-2020 0 3	0	3
	Idle log i need script in SPL to show when there is an idle forwarder or if a forwarder isn't forwarding by saotaigiri Path Finder in Splunk Search 06-30-2020 0 9	0	9
	How to get a comma separated List Hello all,I am hoping for help creating a comma separated list. I have tried multiple different things and all have ... by brownt61 Explorer in Splunk Search 06-30-2020 0 2	0	2
	DB connect issue Hi Team,I have created connection for oracle DB in db connect app. When i am trying to run the sql query in DB connec... by vin02ptl Explorer in Splunk Search 06-30-2020 0 5	0	5