Splunk Search

Community Activity

Replace no value with "0" (zero) Hi all, Since a few days I am in a battle regarding the following and I am on the loosing edge here. So all help is ... by swengroeneveld Explorer in Splunk Search 05-12-2020 0 1	0	1
trim a string i have a string 14/04/2020\|A3\|ABC149251\|text i really need can i run something which will trim this string from th... by vinitpathri Path Finder in Splunk Search 05-12-2020 0 6	0	6
Unable to create sourcetype I am trying to create a souretype "meraki" on the GUI. But it is saying "Sourcetype meraki already exists" source... by pratapa Explorer in Splunk Search 05-12-2020 0 3	0	3
Why is the CIDR search on accelerated data failing? When I run my tstat including a CIDR filter with summariesonly=T I got no result, while setting the parameter to fals... by isabel_ycourbe Path Finder in Splunk Search 05-12-2020 0 4	0	4
Base Query return 440 events, but stats result is 0 Hi team, I have below query. The base query has 440 events returned, But when I use stats command, tje number is 0... by cheriemilk Path Finder in Splunk Search 05-11-2020 0 5	0	5
If Reverse DNS lookup fails, then results don't get displayed - not what I intended! I'm trying to report on successful login activity to S/FTP server via the following: host="my-ftp-server" sc_status=... by myeatman Engager in Splunk Search 05-11-2020 1 2	1	2
Join 4 source types with common field after eval Hello, I have 4 sources (source 1-4) , common field for source 1 to 3 is Properties.Id, source4 common field is Id, ... by msrama5 Explorer in Splunk Search 05-11-2020 0 11	0	11
need to help to extract few fields Hi Team, I have the following as raw event INFO : [0:HLog][20200507 12:25:25.739 -0400] [CFarmdHealth.java:538] +1{... by pench2k19 Explorer in Splunk Search 05-11-2020 0 6	0	6
Return values in CSV lookup not in index My CSV has 98 rows and I want the search to return the rows from that csv if they are not in my index=gcp* what i ha... by katmagee Engager in Splunk Search 05-11-2020 0 1	0	1
Does Splunk Contain any Messages about the License of Splunk Addons I wonder if Splunk internal logs contain any information such as the expiry of the services on a Splunk addon. Thank... by lucas4394 Path Finder in Splunk Search 05-11-2020 0 2	0	2
Lookup Update Table Unique Rows Hi Experts, I'm trying to build a lookup table that will update based on the latest time a user logged into a partic... by antb Path Finder in Splunk Search 05-11-2020 0 3	0	3
Is there a way to create two charts with a time range that stays in sync? I want to create multiple charts that have the same time range. That way I can correlate between the two. For insta... by paulerlong Explorer in Splunk Search 05-11-2020 0 4	0	4
report not load search command result for users Hi I create report and share with users (join to ldap server). they can see report but when click on numbers that sho... by indeed_2000 Motivator in Splunk Search 05-11-2020 0 4	0	4
Display only specific values in a column field in Splunk Hi, I have a list of values getting displayed in one of the columns - Error Messages (for all languages) which i have... by sudeep5689 Explorer in Splunk Search 05-11-2020 0 13	0	13
How to increase chart column number more than 3000? Hi Guru, I would like to show my data with 4000 x 3000 matrix. I used chart command but the limit for the number of ... by brandy81 Path Finder in Splunk Search 05-11-2020 0 4	0	4
Base and post process search Can someone help me in understanding the actual use of base and post process searches please. And I would also like t... by prettysunshinez Explorer in Splunk Search 05-11-2020 0 2	0	2
eval round Hi all, During evaluating round I got the error: \| stats avg(duration) AS "booking average time" by hours \| eval "b... by slipinski Path Finder in Splunk Search 05-11-2020 0 6	0	6
help with if-else statement Hello, I have this query : index="prod" eventtype="csm-messages-dhcpd-lpf-eth0-sending" OR eventtype="csm-messages-... by sarit_s Communicator in Splunk Search 05-11-2020 0 10	0	10
Search syntax help I import csv files structure like following A Last Login Region Disable abc@abc.com ... by kenntun Engager in Splunk Search 05-11-2020 0 1	0	1
visualization in a line chart after reaching a threshold it needs to show in different color how is it ?? by punithjigali Explorer in Splunk Search 05-11-2020 0 1	0	1
Joint two table with subrow I' struggle with joining two following table: Table1 Table 2 The row company of table 1 contains two industry_id,... by alberttra Engager in Splunk Search 05-10-2020 0 1	0	1
Results no show for users Hi I create report and share with users (join to ldap server). they can see report but when click on numbers that sho... by indeed_2000 Motivator in Splunk Search 05-10-2020 0 0	0	0
Relative and Exact Time Hello, I am using these two commands at the end of my search, and it works. \| timewrap d \| where _time >= relative_t... by genesiusj Builder in Splunk Search 05-09-2020 0 15	0	15
transpose xyseries not helping Need to transform like this. Please help. Before: Col1----Col2 Name1---- a ------------b --------c After:... by mukulraghuram New Member in Splunk Search 05-09-2020 0 1	0	1
extract fields from multiple events. Below are my events. Event1:contains Messages Id and Status Event2: contains Messages Id and Origin E... by valivarthiramu New Member in Splunk Search 05-09-2020 0 1	0	1