Splunk Search

Community Activity

Join 3 source types with common field which matches on substring Hi All, I have query below which joins 3 sources 1,2,3 on id field, this works when id values matches across 3 source... by msrama5 Explorer in Splunk Search 06-09-2020 0 0	0	0
How to apply a regular expression that pulls multiple values from application log and show them to the given field name Hi all, I've been struggling to extract certain values from application logs and assign them to the given field name... by iqbalintouch Path Finder in Splunk Search 06-09-2020 0 2	0	2
How to build a lookup table based on a condition? Hello all, I can't figure out how to build a lookup with a condition. I have the following table which is my base sea... by dgoamaral Engager in Splunk Search 06-09-2020 0 1	0	1
Error message when creating a diag file Hello All, I'm receiving the following error when I try to create a diag file; ./splunk diag Collecting components:... by jrsanders Path Finder in Splunk Search 06-04-2020 0 2	0	2
How to add a value from a lookup table to results, by using a field value from the search? I want to include a value from a lookup table in search results, by using a field value from the main search. by jrobar New Member in Splunk Search 06-04-2020 0 1	0	1
How to abort a search if lookup file is causing errors and incomplete results? Hello all, I'm using a search that baselines user activity (looks back in time). But I've noticed that sometimes the ... by ddelmont Explorer in Splunk Search 06-04-2020 0 0	0	0
How to extract fields between backslashes and quotes with rex command? These rows have a field that begins and ends with a quote, but have different meanings between the backslashes. 1st a... by kjonesdba_lm Explorer in Splunk Search 06-04-2020 1 14	1	14
Month to date for previous month with current month date Hi, I have to extract the sum of particular search output from my query and the same needs to be compared with previ... by prakashmca05 Explorer in Splunk Search 06-04-2020 0 3	0	3
How to add a new column with serial number based on the uniqueness of the existing column? I have a column called "message" which has duplicate records in it. I want to create a new column named "serial" besi... by spkriyaz Path Finder in Splunk Search 06-04-2020 0 1	0	1
I want number of days between two events in splunk search? My query index=main source=secure.log sourcetype=* \| stats earliest(_time) as start, latest(_time) as stop \| eval ... by uagraw01 Motivator in Splunk Search 06-04-2020 0 1	0	1
Multiselect: value's prefix and suffix not working Hi Splunk colleagues, I'm having a problem with multiselect in my dashboards. Here's the code of the multiselect: <in... by ferivas New Member in Splunk Search 06-04-2020 0 2	0	2
What is the usage of "(?msi)" in Splunk with rex comamnd? Hi,I am having some problem to understand the usage of "(?msi)" with rex command,please help me regarding that? by admin12345678 Path Finder in Splunk Search 06-04-2020 0 3	0	3
How to display the value of the difference result in Splunk? Hi, How can I display the actual value of the difference in a new column? The value is "cts16k1sacc". Row 1 in attac... by vdalvi Explorer in Splunk Search 06-04-2020 0 4	0	4
stats count or eval I am trying to make an overview with different counts. The message always starts with : logger="blahblah-main.Start*"... by Mike6960 Path Finder in Splunk Search 06-04-2020 0 3	0	3
Why does search only display 24 hours of event data on Linux, but all-time on Windows? There are approximately 1.5 Billion ingested entries from 40 forwarders.Performing a search with any criteria on Wind... by jmasat Observer in Splunk Search 06-04-2020 0 5	0	5
How to get the field value from a previous event to compare with the value of the same field in the following event? Hi all, I'd like to get value on a field to my previous event to compare this same field with the current value Expla... by ludoz13 Path Finder in Splunk Search 06-04-2020 0 6	0	6
generate a list of unique hashes and append new hashes hourly I would like to take the following search that generates the hashes and outputs the lookup: index=windows source="Xml... by wgawhh5hbnht Communicator in Splunk Search 06-04-2020 0 3	0	3
Field extraction from data within backslashes Hi, I have dateset that contains IP addresses. IP Addresses are coming in variations due to ranges they are assigned... by mbasharat Builder in Splunk Search 06-04-2020 0 7	0	7
How to resolve error in rex command when parsing a long string with escaped double quotes? Hi everybody, When parsing a long string containing escaped double-quotes I get this error: Error in 'rex' command: r... by agrandville Explorer in Splunk Search 06-04-2020 0 8	0	8
command modifier what is the use of it in simple terms What is the use of command modifier in layman terms, please I don't know what it does apart from the understanding th... by hjainreddy New Member in Splunk Search 06-04-2020 0 3	0	3
inputs.conf whitelist regex issue on message field I am unable to whitelist input, I do not understand why, my Splunk is ingesting data from a c-icap server logfile and... by williamhardykim New Member in Splunk Search 06-04-2020 0 4	0	4
How to plot line graph against average over different time periods? We have a set of logs from different hosts that specify a metric. I want to display a line graph over a user-selectab... by richard_bragg New Member in Splunk Search 06-04-2020 0 12	0	12
How do I join two searches with common field? I have one search that checks for entries with duration >= 50000 (responses for requests) source="abc.log" \| regex "\... by ellstream44 Explorer in Splunk Search 06-03-2020 0 12	0	12
How to create a search that calculates the percentage between two rows? Hello!!! I need to calculate the percentage between the rows in my table, like this, for example: Search: \| bucket sp... by MarianaPereira New Member in Splunk Search 06-03-2020 0 2	0	2
need to add 45 days in a field i have a field "add_time" with the values as "05-27-2020 08:57:34.024" i want to create a field which will show 45 da... by vinitpathri Path Finder in Splunk Search 06-03-2020 0 4	0	4