Splunk Search

Community Activity

splunk query help index=ABC Check!=D \| stats count by Device Check I am using this query and getting Device and Related Checks repor... by surekhasplunk Communicator in Splunk Search 05-31-2020 0 1	0	1
how to create index of new device data source in splunk enterprise ? and how to create its fields by extracting fields using regex? Greetings!! how to create index of the new device data source in Splunk enterprise 7.2.6 in Linux? and how to create ... by pacifikn Communicator in Splunk Search 05-30-2020 0 2	0	2
Get last two http status for every subpage Hello, I need to query all last two http status for every page (extracted from URI) For example for this log: ip_addr... by ezoteriusz Engager in Splunk Search 05-30-2020 0 1	0	1
How to change colors on bars of a chart according to column values? I want to apply different colors on different bars according to my Column values.My column values are: A,B,C. These w... by nagar57 Communicator in Splunk Search 05-30-2020 0 4	0	4
Stats count query across possible fields from multiple sources? I am trying to create an alert but some issues with logging that is not standard, so each sourcetype has it's own cer... by spark2310 Explorer in Splunk Search 05-30-2020 0 1	0	1
How to format output of a query I have a query with time range earliest=-2mon@mon latest=-1mon@mon . Now can i store the result as the month name whi... by sudeep5689 Explorer in Splunk Search 05-30-2020 0 7	0	7
How to calculate the total in a time range based on it own time stamp? I want a table that looks like this. Where the first column UserID is the identity. The second column is the earliest... by suntianze New Member in Splunk Search 05-29-2020 0 1	0	1
How to inner join indexed data with lookup data on multiple fields and return yet another field from the lookup? Hey experts! I'm relatively new to Splunk, so if this is a stupid question, mea culpa. That being said, I have a soli... by paulito123 Explorer in Splunk Search 05-29-2020 0 2	0	2
Whitelist a lookup for bundle replication I blacklist lookups from bundle replication by size in distsearch.conf as below [replicationSettings] excludeReplicat... by pradeepkumarg Influencer in Splunk Search 05-29-2020 0 6	0	6
Streamstats change state count Hi below is my sample data- Date State 29-05-20 01:00:00 On 29-05-20 01:10:00 Off 29-05-20 01:20:00 On 29-05-20 01... by ips_mandar Builder in Splunk Search 05-29-2020 0 2	0	2
How to create an alert for events that are not logged? Hi, I have a weird requirement where I am looking to create an alert using some specific conditions. My OS index gets... by Shashank_87 Explorer in Splunk Search 05-29-2020 0 2	0	2
How do i find common values between two different fields from two different sourcetypes??? Hi all, so the question looks pretty simple but i am not able to figure out the accurate answer. So i need to find th... by nikitha15 Explorer in Splunk Search 05-29-2020 0 3	0	3
Tstats datamodel combine three sources by common field. In an attempt to speed up long running searches I Created a data model (my first) from a single index where the sourc... by JDukeSplunk Builder in Splunk Search 05-29-2020 0 5	0	5
Can a group be defined based on a list of variables I have an xml file in a logging statement that I extracted 3 instances of the value . These values are correctly disp... by 3618475 Engager in Splunk Search 05-29-2020 0 1	0	1
How to generate pie chart for internal app usage? Hi All, I have logs from my SSO servers, where I need to show a few apps' usage with names and rest all other apps di... by kpavan Path Finder in Splunk Search 05-29-2020 0 1	0	1
Aggregate the column data i have a query that show the data in table form i have to merge the row Query : my search query \|\| timechart span=5m ... by bharat149 Explorer in Splunk Search 05-29-2020 0 1	0	1
How to search for events that have null values for a field? I have json log lines that sometimes contain a request object of the form {<!-- --> timestamp: ts_val, app: "my_app",... by abelnation Explorer in Splunk Search 05-29-2020 2 2	2	2
Rex question Hello everyone, I am trying to extract several “NEW” fields from a field and I am having trouble doing so. The field ... by garciajbg Explorer in Splunk Search 05-29-2020 0 4	0	4
How to club and display the results of two queries in a single dashboard Hi i am having two search queries with a difference of only the time range. I want to show the results of both the qu... by sudeep5689 Explorer in Splunk Search 05-29-2020 0 11	0	11
field extraction a specific match in a field Hello, I have an issue with this type of log : [5/22/20 14:46:23:381 GMT] 0000009c ThreadMonitor 3 UsageInfo[ThreadPo... by davidbarat New Member in Splunk Search 05-29-2020 0 3	0	3
Search for a string that occurs more than once I'm trying to search for a string that occurs more than once. But the string contains wildcards and commas. Which qu... by c799651 Explorer in Splunk Search 05-29-2020 0 3	0	3
Comparing even field with lookup field in tstats search? Hi all, I'm quite new so pardon my bad exposition, I'll try my best to explain what i'm trying to achieve. Can two fi... by loat01 New Member in Splunk Search 05-29-2020 0 2	0	2
Inconsistent search results when searching data from a renamed sourcetype. host= rbal index=winevent_s earliest=5/18/2020:7:3:0 latest=5/18/2020:7:5:0 sourcetype=WinEventLog OR sourcetype=XmlW... by rbal_splunk Splunk Employee in Splunk Search 05-28-2020 0 1	0	1
How to use timechart to show increase in recent 7 days hey, I cant use \|timechart count span=1d to calculate recent 8 days count, search result as follow: _time ... by bestSplunker Contributor in Splunk Search 05-28-2020 0 1	0	1
Using the field of first search in second search. Hi experts, Search 1: base search from JSON... \| eval col1=strptime(taken_date,"%b %d %Y %H:%M:%S") \| sta... by email2vamsi Explorer in Splunk Search 05-28-2020 0 1	0	1