Splunk Search

Community Activity

Using a "numeric" type rather than a "string" type is recommended to avoid indexing inefficiencies. got this error on the search head, Please help us to resolve this .Thanks Search peer xxxxxx has the following mess... by kranthimutyala Path Finder in Splunk Search 05-13-2020 0 2	0	2
Need to run the below query for a month Need to run the below query for a month If i run the below query i will get results for the yesterday AVG count. ... by pradeepk50 Loves-to-Learn in Splunk Search 05-13-2020 0 6	0	6
how to group events based on specific conditions. Hi, I want to group few events based on the success and failure action for a particular user and dest as below. Kind... by gndivya Explorer in Splunk Search 05-13-2020 0 4	0	4
How Report Any Host That Hasn't Had an Event From Source="/var" in "X" Minutes Greetings, I want to report on any Linux system that hasn't had an event in /var for 30 minutes. I was going to us... by SplunkLunk Path Finder in Splunk Search 05-13-2020 0 8	0	8
extract field from url skipping the ids i have urls that include numeric ids in the path: /api/clients/11111/interactions/api/clients/22222/interactions/api/... by artemdubrov Engager in Splunk Search 05-13-2020 0 2	0	2
Using untable function and perform the join with two fields Hello Everyone, I need help with two questions. Please consider below scenario: index=foo source="A" OR source="B" ... by khojas02 Engager in Splunk Search 05-13-2020 0 2	0	2
Timechart the daily sum of the last value of a field for each unique value of another field Hello, I have events in the following format (ordered from oldest to newest buyer=1 open_cases=3 buyer=1 open_case... by thefosk Engager in Splunk Search 05-13-2020 0 1	0	1
Query to get top 5 failures I have events being sent to Splunk which will have the following fields MsgID, Status(Failure/Success) I need to get ... by s_kandula Observer in Splunk Search 05-13-2020 0 1	0	1
aws cloudwatch-log-processor isnt sending the correct time the default value is "item.timestamp", this send splunk the timestamp of the cloudwatch log, and not the eventTime. i... by Stevensmith529 New Member in Splunk Search 05-13-2020 0 0	0	0
How to add certain character to a search result (Number)? I want to reformat any number of my search result to kWh ; as you see in pictures below for example 15 to 15 kWh. by aryamehr360 New Member in Splunk Search 05-13-2020 0 2	0	2
Why is my SPL number of results different when appended? Hello I have this SPL which returns like 40 000 records when run alone however when it's appended to another SPL whic... by xnx_1012 Explorer in Splunk Search 05-13-2020 1 1	1	1
Extract new fields from the existing field Hi, I have this log line: May 13 08:01:56 192.168.10.10 system_service: 192.168.10.10 05/13/2020:07:01:56 GMT : GUI... by fariapm1 Explorer in Splunk Search 05-13-2020 0 5	0	5
compare cell value in a raw Hello i have a raw with 5 columns from the same type and i want to compare the value of the cells of this 5 columns.... by sarit_s Communicator in Splunk Search 05-13-2020 0 7	0	7
Pass arguments for shell script in inputs.conf? How to pass arguments to a script from inputs.conf? example: shell_script.sh server1 server2 by ansif Motivator in Splunk Search 05-13-2020 0 3	0	3
Timechart in Local Timezone Hi I am trying to make a time chart visualisation but I want it to be in IST(Indian Standard Time). \| eval rece... by gurkiratsingh Explorer in Splunk Search 05-13-2020 0 3	0	3
Splunk Join Command not working as expected Hello everyone, I am trying to join using "Table" as common field, here is my query. index=prod source=A \| stats... by punyanit Path Finder in Splunk Search 05-13-2020 0 4	0	4
outputlookup to csv Hi I am trying to add dynamic lookup file as the the date chosen by the user. And then use the same lookup file crea... by surekhasplunk Communicator in Splunk Search 05-13-2020 0 0	0	0
Combine lockout event with last failed attempt event. I am building out a report that lists all the lockouts during a given period of time. If I look at the Windows securi... by snix Communicator in Splunk Search 05-13-2020 0 3	0	3
Can I force all rows of a joined lookup table to be returned? I log events from 30 devices every minute, and I'd like to be able to return a simple table of the count of events by... by kejamder1 New Member in Splunk Search 05-12-2020 0 2	0	2
How to force Splunk to use Python 3 for our app? We build our own app that only works in Python 3. I would like to know how to force Splunk to use python 3 for this a... by dgriffioen Engager in Splunk Search 05-12-2020 0 5	0	5
How to rekey or merge consecutive json key : value pairs into a field? So I have the following _json event that I need to wrangle into a more useful format. As you can see there are 2 key... by Glasses Builder in Splunk Search 05-12-2020 0 0	0	0
Paring events in a table I have events that happen in pairs. A request and a response from a server. What I would like to do is be able to eas... by trever Loves-to-Learn in Splunk Search 05-12-2020 0 1	0	1
How to find all the machines that are accessed or logged in as root? I have *nix add-on installed on all our linux machines and we get all the default data from the add-on , which sourc... by vrmandadi Builder in Splunk Search 05-12-2020 0 0	0	0
Chart by hour using multiple fields I am having trouble charting some data by hour and consoleID. Below is the search I used. I can use the stats func... by cglowjr New Member in Splunk Search 05-12-2020 0 6	0	6
Querying two indexes with same field name I have two indexes indexA and indexB . IndexA contains userID and Salary , IndexB contains userID, Name i want to pr... by sriramsb New Member in Splunk Search 05-12-2020 0 1	0	1