Splunk Search

Community Activity

Need to extract Workweek from date I have a date like 2020-06-08 06:39:49.0 I need to extract workweek from it. Thanks in advance. by shivareddysompa Explorer in Splunk Search 06-10-2020 0 3	0	3
Add avg to xyseries I have a column chart that works great, but I want to add a single value to each column. The columns represent the su... by seomaniv Explorer in Splunk Search 06-10-2020 0 3	0	3
Search by lookup file did not return all results I have a base search that produces a lookup that contains a million rows. When doing inputlookup, it displays the num... by timyong80 Explorer in Splunk Search 06-09-2020 0 1	0	1
Matching fields from different indices to return another field Hi, I have two different indexes where I need to match a field and if true, return another field. First Search (Index... by izyknows Path Finder in Splunk Search 06-09-2020 0 8	0	8
Zero results when searching with Splunk Powershell Module. I am experiencing an odd behavior with my Splunk module for powershell. A search query that on the web interface woul... by cmlombardo Path Finder in Splunk Search 06-09-2020 0 3	0	3
search with parameters Hello, I have this query: index=prod eventtype="csm-messages-dhcpd-lpf-eth0-listening" OR eventtype="csm-messages-dhc... by sarit_s Communicator in Splunk Search 06-09-2020 0 8	0	8
Join 3 source types with common field which matches on substring Hi All, I have query below which joins 3 sources 1,2,3 on id field, this works when id values matches across 3 source... by msrama5 Explorer in Splunk Search 06-09-2020 0 0	0	0
How to apply a regular expression that pulls multiple values from application log and show them to the given field name Hi all, I've been struggling to extract certain values from application logs and assign them to the given field name... by iqbalintouch Path Finder in Splunk Search 06-09-2020 0 2	0	2
How to build a lookup table based on a condition? Hello all, I can't figure out how to build a lookup with a condition. I have the following table which is my base sea... by dgoamaral Engager in Splunk Search 06-09-2020 0 1	0	1
Error message when creating a diag file Hello All, I'm receiving the following error when I try to create a diag file; ./splunk diag Collecting components:... by jrsanders Path Finder in Splunk Search 06-04-2020 0 2	0	2
How to add a value from a lookup table to results, by using a field value from the search? I want to include a value from a lookup table in search results, by using a field value from the main search. by jrobar New Member in Splunk Search 06-04-2020 0 1	0	1
How to abort a search if lookup file is causing errors and incomplete results? Hello all, I'm using a search that baselines user activity (looks back in time). But I've noticed that sometimes the ... by ddelmont Explorer in Splunk Search 06-04-2020 0 0	0	0
How to extract fields between backslashes and quotes with rex command? These rows have a field that begins and ends with a quote, but have different meanings between the backslashes. 1st a... by kjonesdba_lm Explorer in Splunk Search 06-04-2020 1 14	1	14
Month to date for previous month with current month date Hi, I have to extract the sum of particular search output from my query and the same needs to be compared with previ... by prakashmca05 Explorer in Splunk Search 06-04-2020 0 3	0	3
How to add a new column with serial number based on the uniqueness of the existing column? I have a column called "message" which has duplicate records in it. I want to create a new column named "serial" besi... by spkriyaz Path Finder in Splunk Search 06-04-2020 0 1	0	1
I want number of days between two events in splunk search? My query index=main source=secure.log sourcetype=* \| stats earliest(_time) as start, latest(_time) as stop \| eval ... by uagraw01 Motivator in Splunk Search 06-04-2020 0 1	0	1
Multiselect: value's prefix and suffix not working Hi Splunk colleagues, I'm having a problem with multiselect in my dashboards. Here's the code of the multiselect: <in... by ferivas New Member in Splunk Search 06-04-2020 0 2	0	2
What is the usage of "(?msi)" in Splunk with rex comamnd? Hi,I am having some problem to understand the usage of "(?msi)" with rex command,please help me regarding that? by admin12345678 Path Finder in Splunk Search 06-04-2020 0 3	0	3
How to display the value of the difference result in Splunk? Hi, How can I display the actual value of the difference in a new column? The value is "cts16k1sacc". Row 1 in attac... by vdalvi Explorer in Splunk Search 06-04-2020 0 4	0	4
stats count or eval I am trying to make an overview with different counts. The message always starts with : logger="blahblah-main.Start*"... by Mike6960 Path Finder in Splunk Search 06-04-2020 0 3	0	3
Why does search only display 24 hours of event data on Linux, but all-time on Windows? There are approximately 1.5 Billion ingested entries from 40 forwarders.Performing a search with any criteria on Wind... by jmasat Observer in Splunk Search 06-04-2020 0 5	0	5
How to get the field value from a previous event to compare with the value of the same field in the following event? Hi all, I'd like to get value on a field to my previous event to compare this same field with the current value Expla... by ludoz13 Path Finder in Splunk Search 06-04-2020 0 6	0	6
generate a list of unique hashes and append new hashes hourly I would like to take the following search that generates the hashes and outputs the lookup: index=windows source="Xml... by wgawhh5hbnht Communicator in Splunk Search 06-04-2020 0 3	0	3
Field extraction from data within backslashes Hi, I have dateset that contains IP addresses. IP Addresses are coming in variations due to ranges they are assigned... by mbasharat Builder in Splunk Search 06-04-2020 0 7	0	7
How to resolve error in rex command when parsing a long string with escaped double quotes? Hi everybody, When parsing a long string containing escaped double-quotes I get this error: Error in 'rex' command: r... by agrandville Explorer in Splunk Search 06-04-2020 0 8	0	8