Splunk Search

Community Activity

Dedup Field with event times as column headers I have json data that comes in tracking ID's. An event is created when an ID is "created" and an event is created whe... by wwhite12 Path Finder in Splunk Search 05-12-2020 0 4	0	4
Search query to fetch the list of servers Hi Splunkers! I'm trying to frame a query which fetches the list of servers that connects my deployment servers but ... by sarahnazzar Explorer in Splunk Search 05-12-2020 0 7	0	7
How to get the Vcenter each VM since poweroff state, Below query i am able to get the snap date. i need to capture correct date and timing. index=vmware-inv sourcetype=... by sivajiy New Member in Splunk Search 05-12-2020 0 4	0	4
How to display events which has logged at the same time as different events using tstats Hi, There are 3 events that have been logged exactly at the same time say 2020-04-28 15:39:34. When the search quer... by gndivya Explorer in Splunk Search 05-12-2020 0 2	0	2
Replace no value with "0" (zero) Hi all, Since a few days I am in a battle regarding the following and I am on the loosing edge here. So all help is ... by swengroeneveld Explorer in Splunk Search 05-12-2020 0 1	0	1
trim a string i have a string 14/04/2020\|A3\|ABC149251\|text i really need can i run something which will trim this string from th... by vinitpathri Path Finder in Splunk Search 05-12-2020 0 6	0	6
Unable to create sourcetype I am trying to create a souretype "meraki" on the GUI. But it is saying "Sourcetype meraki already exists" source... by pratapa Explorer in Splunk Search 05-12-2020 0 3	0	3
Why is the CIDR search on accelerated data failing? When I run my tstat including a CIDR filter with summariesonly=T I got no result, while setting the parameter to fals... by isabel_ycourbe Path Finder in Splunk Search 05-12-2020 0 4	0	4
Base Query return 440 events, but stats result is 0 Hi team, I have below query. The base query has 440 events returned, But when I use stats command, tje number is 0... by cheriemilk Path Finder in Splunk Search 05-11-2020 0 5	0	5
If Reverse DNS lookup fails, then results don't get displayed - not what I intended! I'm trying to report on successful login activity to S/FTP server via the following: host="my-ftp-server" sc_status=... by myeatman Engager in Splunk Search 05-11-2020 1 2	1	2
Join 4 source types with common field after eval Hello, I have 4 sources (source 1-4) , common field for source 1 to 3 is Properties.Id, source4 common field is Id, ... by msrama5 Explorer in Splunk Search 05-11-2020 0 11	0	11
need to help to extract few fields Hi Team, I have the following as raw event INFO : [0:HLog][20200507 12:25:25.739 -0400] [CFarmdHealth.java:538] +1{... by pench2k19 Explorer in Splunk Search 05-11-2020 0 6	0	6
Return values in CSV lookup not in index My CSV has 98 rows and I want the search to return the rows from that csv if they are not in my index=gcp* what i ha... by katmagee Engager in Splunk Search 05-11-2020 0 1	0	1
Does Splunk Contain any Messages about the License of Splunk Addons I wonder if Splunk internal logs contain any information such as the expiry of the services on a Splunk addon. Thank... by lucas4394 Path Finder in Splunk Search 05-11-2020 0 2	0	2
Lookup Update Table Unique Rows Hi Experts, I'm trying to build a lookup table that will update based on the latest time a user logged into a partic... by antb Path Finder in Splunk Search 05-11-2020 0 3	0	3
Is there a way to create two charts with a time range that stays in sync? I want to create multiple charts that have the same time range. That way I can correlate between the two. For insta... by paulerlong Explorer in Splunk Search 05-11-2020 0 4	0	4
report not load search command result for users Hi I create report and share with users (join to ldap server). they can see report but when click on numbers that sho... by indeed_2000 Motivator in Splunk Search 05-11-2020 0 4	0	4
Display only specific values in a column field in Splunk Hi, I have a list of values getting displayed in one of the columns - Error Messages (for all languages) which i have... by sudeep5689 Explorer in Splunk Search 05-11-2020 0 13	0	13
How to increase chart column number more than 3000? Hi Guru, I would like to show my data with 4000 x 3000 matrix. I used chart command but the limit for the number of ... by brandy81 Path Finder in Splunk Search 05-11-2020 0 4	0	4
Base and post process search Can someone help me in understanding the actual use of base and post process searches please. And I would also like t... by prettysunshinez Explorer in Splunk Search 05-11-2020 0 2	0	2
eval round Hi all, During evaluating round I got the error: \| stats avg(duration) AS "booking average time" by hours \| eval "b... by slipinski Path Finder in Splunk Search 05-11-2020 0 6	0	6
help with if-else statement Hello, I have this query : index="prod" eventtype="csm-messages-dhcpd-lpf-eth0-sending" OR eventtype="csm-messages-... by sarit_s Communicator in Splunk Search 05-11-2020 0 10	0	10
Search syntax help I import csv files structure like following A Last Login Region Disable abc@abc.com ... by kenntun Engager in Splunk Search 05-11-2020 0 1	0	1
visualization in a line chart after reaching a threshold it needs to show in different color how is it ?? by punithjigali Explorer in Splunk Search 05-11-2020 0 1	0	1
Joint two table with subrow I' struggle with joining two following table: Table1 Table 2 The row company of table 1 contains two industry_id,... by alberttra Engager in Splunk Search 05-10-2020 0 1	0	1