Splunk Search

Community Activity

	eval status=if ("inputlookup line x<70% and x+1>50%) Boolean While Loop? Hello,I am looking for some help on status evaluation. What I am trying to do is create a eval column where you eithe... by wblewis Engager in Splunk Search 06-24-2020 0 5	0	5
	How to sum one field values based on other fields values i'm trying to sum one of the fields values based on the other field values.For exampleSource Remediated Space... by kirrusk Communicator in Splunk Search 06-24-2020 0 3	0	3
	inputlookup in search macro generates error message My search consists solely of a call to a search macro. It looks like this:`blabla1(host="blabla2", mon-host="blabla3"... by MarcRiese Explorer in Splunk Search 06-23-2020 0 5	0	5
	Use of predict command for alerting Well , I want to create an alert which alert me whenever there is spike in Errors. Currently we are comparing say pas... by ksharma7 Path Finder in Splunk Search 06-23-2020 0 2	0	2
	Using multivalue field as field-list for transaction When multivalue field is given as field-list for transaction, transaction does not attempt to combine the events desp... by Puliyo Engager in Splunk Search 06-23-2020 0 2	0	2
	How to fetch mathed fileds values from index with lookup table ? Hi Team,I tried all possibilities to extract the data from index which are matched field values with lookup table .th... by 90509 Engager in Splunk Search 06-23-2020 0 0	0	0
	How to optimize a search which contains a join of 2 queries having different time picker each ? Hi, I have a performance issue with a query using a "join" command.The problem is that the first search using a time ... by mah Builder in Splunk Search 06-23-2020 0 3	0	3
	I'd like to get an idea for data grouping. I have numeric data.I'd like to group the data.It is easy to use 'Kmeans' command, but it cannot be necessarily k=3.I... by youngrap Explorer in Splunk Search 06-23-2020 0 1	0	1
	Joining search in Splunk using Ticket Number Field Greetings, I am new to Splunk and I have an assignment where I needed to extract data based on ticket number and time... by leymandudu Explorer in Splunk Search 06-23-2020 0 8	0	8
	Regex assistance - Blacklist host. Team,I would like assistance with creating regex,specifically to blacklist 1 host name - happens to be the spunk serv... by jmasat Observer in Splunk Search 06-23-2020 0 5	0	5
	Lookup with hundreds values for one field Still new to Splunk, seeking for some help. I have a index=account_Information, with account_number, cell_number, etc... by gaok123 Observer in Splunk Search 06-23-2020 0 9	0	9
	Script for idle logger Please i need a script that can give result when there is an idle logger, or when the fowarder isnt feed any informat... by saotaigiri Path Finder in Splunk Search 06-23-2020 0 1	0	1
	change how outputlookup assigns permissions and ownership to new files Years back the outputlookup command would create a csv lookup file in the user's app folder making it Private and own... by splunkettes Path Finder in Splunk Search 06-23-2020 0 4	0	4
	Need help to encircle the table row based on the selected date in drilldown instead of cell highlight Hi,I am looking for solution to encircle the entire row with a red line instead of highlighting the table row. I have... by spkriyaz Path Finder in Splunk Search 06-23-2020 0 1	0	1
	Comparing values between two columns Hi, I have a table like below where multiple entries of same ticket numbers are displaying as these are taken from th... by mariamathewtel Explorer in Splunk Search 06-23-2020 0 6	0	6
	Search - count by 2 fields Hello,I have a live database feed through DB Connect. This feed is having incidents data for different teams and _tim... by madhav_dholakia Contributor in Splunk Search 06-23-2020 0 7	0	7
	Extract Json Fields We want to extract Json key&Value pairs, but source is prefixing the text before Json data.Please let us know the sea... by srikanthr123 Explorer in Splunk Search 06-23-2020 0 4	0	4
	Date-Time Field Hi, I am currently attempting to split the Date and Time from one field into 2 or more fields. I have read some of t... by lucasle Engager in Splunk Search 06-23-2020 0 4	0	4
	What is the correct strategy to index data from a ticketing system? Hello, I need to use Splunk to provide insight about data coming from our internal ticketing tool. Each event will ... by sylbaea Communicator in Splunk Search 06-23-2020 0 10	0	10
	extract field using rex without using _raw I have data like202-06-19T13:02:293 message="event(level=Error name=xyz) context: {<!-- -->Id: 12345,locale: 'us'blah blah My... by ksharma7 Path Finder in Splunk Search 06-22-2020 0 2	0	2
	multiple searches combine into one report I have 3 reports that I want to put into one report, here is my searchsourcetype=MSExchange:*:MessageTracking source_... by ajromero Path Finder in Splunk Search 06-22-2020 0 2	0	2
	Else if like not working with json type data Hello AllI'm trying to use eval if like command with json type data (kv_mode = json) but it seems as though it's not ... by Jarohnimo Builder in Splunk Search 06-22-2020 0 1	0	1
	Problem with a macro `get_seclabel(host,"domain_controller","-90d")`Macro expanded:\| inputlookup sec_label where (label="domain_controller... by fdevera Path Finder in Splunk Search 06-22-2020 0 2	0	2
	Help with excluding field combination _timeSubjectUserNameTargetOutboundUserNamehostIpAddressSun Jun 21 08:37:39 2020bcharliebcharliexby-100::1Sun Jun 21 0... by fdevera Path Finder in Splunk Search 06-22-2020 0 5	0	5
	Password Spray Search / Alert Hello! I am building an alert to detect potential password spraying (it is looking for 10 or more failed logons withi... by johann2017 Explorer in Splunk Search 06-22-2020 0 2	0	2