Splunk Search

Community Activity

Can you specify timezone in a REST API search? I'm using the REST API with a one-shot search to pull back some previously summarized information. The summary indexi... by jedatt01 Builder in Splunk Search 05-08-2020 2 4	2	4
Create new fields based on value of another fields. Hi All, In my log, I have one field called ServerName. Below are some values of that field. DAAPP2aBANG2 DFAPP20bLON... by paragvidhi Engager in Splunk Search 05-08-2020 0 1	0	1
I want to omptimize the regex? ErrorMessage : 'rex' command: has exceeded configured match_limit, consider raising the value in limits.conf. \| rex field=_raw max_match=0 "BodyOftheMail_Script\s=\s\[\sBEGIN\s{0,}(?<BodyOftheMail>.((.\|\n)*?)(?=\s{1,}END\s\]))"... by vn_g Path Finder in Splunk Search 05-08-2020 0 2	0	2
How to merge two events with same field into one I have two rows having follwing values: Name Text Count A ABC 1 A EFG 1 I want that my result should be di... by sudeep5689 Explorer in Splunk Search 05-08-2020 0 3	0	3
timechart linechart to display in and out per device Hi, I have a query which gives me in_usage and out_usage for a device per metric bla bla ...\| table Device metric_n... by surekhasplunk Communicator in Splunk Search 05-08-2020 0 3	0	3
Not able to get number of days between now() and a date Hi Experts, I am trying to get number of days between current date and another date being generated by my query and I... by sbhatnagar88 Path Finder in Splunk Search 05-08-2020 0 3	0	3
Combine Data model data with another search for a match Hi all, I have CTI data that somes into splunk and id like to correlate for matches in indexes against the CTI data.... by geraldcontreras Path Finder in Splunk Search 05-08-2020 0 5	0	5
Rename a field Value in a lookup file? I have a lookup file called template.csv and it has field values, I want to rename a field value with another say man... by iamsplunker31 Path Finder in Splunk Search 05-07-2020 0 1	0	1
join multiple searches into field values I would like to create Cache_Hit, Cache_Miss and Revalidate_Hit based on the below and doisplay them in the pie graph... by glennstolz New Member in Splunk Search 05-07-2020 0 3	0	3
How can we deal with a negation of a transaction? We have a working code that captures transactions from the firewall into the windows servers and all is perfect as th... by danielbb Motivator in Splunk Search 05-07-2020 0 2	0	2
Bundle reload is in progress. Waiting for all peers to return the status. My splunk environment is: 1 Search Head 1 Deployment Server (Master Node) 2 Indexers (Cluster) I tried to implement ... by phanichintha Path Finder in Splunk Search 05-07-2020 0 2	0	2
subtract meterRead from Yesterday’s meterRead My electric meter sends a number but I want to subtract the current from the number an hour ago, so I can chart the u... by myron12 Explorer in Splunk Search 05-07-2020 0 8	0	8
How do I change the value of a field if a condition occurs? Hi community! I'm using Splunk Entreprise to create dashboards with my client's ServiceNow incident information. My... by diogenesloazeve Engager in Splunk Search 05-07-2020 0 10	0	10
Weekly Average Append Subsearch Optimization Hello, I have a search where I would like to compare the count of one search result against its running weekly averag... by jasonmadesometh Explorer in Splunk Search 05-07-2020 0 3	0	3
Summarized mail with multiples reports as single Pdf Hello Team, I have requirement that is I need to send the schedule mail with PDF which should contain the multiple re... by a5pw7zz New Member in Splunk Search 05-07-2020 0 1	0	1
How to join and get stats from same index? Hi Experts, I have data set like below from same index but from different sourcetype, common field on which I can j... by vikas_gopal Builder in Splunk Search 05-07-2020 1 2	1	2
Checking latest version of microservice I have got a query to check container metric for micro-services. There are currently multiple versions of micro-servi... by bsaujla131984 Path Finder in Splunk Search 05-07-2020 0 1	0	1
Why does my division of two fields return nothing? I have the following query that is inteded to divide the "stats.hypervisor_cpu_ppm" field by 10000 and then show that... by sjcoluccio67 Explorer in Splunk Search 05-07-2020 0 16	0	16
Need every time interval as a row even though the count of records is 0 in that interval Hi, I am using below query to get the stats o/p of Total, Failure & Failure percent by couple of fields for every 15 ... by poddraj Explorer in Splunk Search 05-07-2020 0 4	0	4
Why am i unable to search a value in an extracted field? I have a log file with three lines. 09-05-2018 10:12:15,123 ABC12I_AAA 09-05-2018 10:12:15,123 ABC12I_BBB 09-05-2018... by gtonti Explorer in Splunk Search 05-07-2020 1 7	1	7
color a splunk table collumn based on value I have a statistical table with rows and columns I need to color a particular column values either red or green based... by architkhanna Path Finder in Splunk Search 05-07-2020 0 2	0	2
Howa to Extract only MPid field with the value from the raw data. hello all How to Extract only MPid field with the value from the raw data. so that MPID=127746 i can list {"MPid":... by hrs2019 Path Finder in Splunk Search 05-07-2020 0 2	0	2
count number of grouped events hello i have this query : index="prod" eventtype="csm-messages-dhcpd-lpf-eth0-sending" OR eventtype="csm-messages-dh... by sarit_s Communicator in Splunk Search 05-07-2020 0 2	0	2
How to do the addition of content loaded from a Page Hi, I have a requirement where I have a page say https://www.abc.com/mobile and this page loads various assets like c... by Shashank_87 Explorer in Splunk Search 05-06-2020 0 4	0	4
Regex to match part of a multiline string delimited by timestamps I'm searching through several long blocks of free text (from a csv file uploaded into splunk) and I'm interested in t... by anelson1 New Member in Splunk Search 05-06-2020 0 11	0	11