Splunk Search

Community Activity

E-Mail notification with table How can I insert a table in the e-mail notification message? Can I solve that with normal html codes? by igschloessl Explorer in Splunk Search 05-06-2020 0 1	0	1
Finding last event What is the best (the most efficient) way of finding last (the most recent) events for certain hosts? For example, I... by bojanz Communicator in Splunk Search 05-06-2020 3 8	3	8
How to compare when a field value changes from current to previous? I am looking to find events where IP address changes from previous to current, however using fist(ip) and last(ip) ... by Glasses Builder in Splunk Search 05-06-2020 0 4	0	4
extract custom filed and display value in the table output Query index=java networkenv=prod stackenv=prod source="/opt/jboss/standalone/custom_engine.log" \|convert ctime(_time)... by narenpg Explorer in Splunk Search 05-06-2020 0 5	0	5
How can i aline the field output in the table so that it ll not take more space. Hi everyone, How can i aline the field output in the table so that it ll not take more space. if you see in the scre... by hrs2019 Path Finder in Splunk Search 05-06-2020 0 2	0	2
Is there a way to remove extra separator(s) when using the strcat command? I have a search that is using the strcat command to string together text fields. My data looks something like this Na... by scottrunyon Contributor in Splunk Search 05-06-2020 0 3	0	3
Extract field with regex issue I'm trying to only extract the value of 'value' with regex. 2020-03-04 12:14:26,363 - measurement:34- sensor=43, va... by j3r0n Explorer in Splunk Search 05-06-2020 0 2	0	2
subquery not returning results Hi, I have two queries one from 1st_index and another from 2nd_index both are separately are giving correct outputs ... by surekhasplunk Communicator in Splunk Search 05-06-2020 0 2	0	2
How to write the logic for below condition? I have a situation where i will get the success message log when there is response, and there won't be any log in cas... by santhannerella New Member in Splunk Search 05-06-2020 0 1	0	1
eval command for two types of error Hi, I have this query : index="app" sourcetype="rxc" host="rxc-ip*" id=7 URL="/user/unauth" OR referer="https://que... by ksharma7 Path Finder in Splunk Search 05-05-2020 0 1	0	1
Fire Alert Based on Stats I have a stats query that I would like to fire only when a new value for a field comes in. I have my alert set up lik... by trever Loves-to-Learn in Splunk Search 05-05-2020 0 3	0	3
How to remove value in event field? Hi, I have processes logs like this: event1: {"snapshot":[{"name":"systemd"},{"name":"gvfsd-trash"},{"name":"gvfsd... by lehoang47tin Engager in Splunk Search 05-05-2020 0 1	0	1
Trouble creating a search to return other events that happened within a time period of a subsearch I'm trying to write a query that search for a users ID, shows what buildings they have accessed and who else has acce... by aaronnash Engager in Splunk Search 05-05-2020 0 5	0	5
Issue with strptime I am trying to convert a date / time into 24 hour format using strptime. Here's the example: OpenedAt = 5/4/2019 9:04... by sethinkbold Engager in Splunk Search 05-05-2020 0 2	0	2
FilesystemChangeWatcher : The device is not ready We are trying to monitor a lot of systems that have various configurations of drives, (C:disk  cdrom, c:disk d: disk... by troywollenslege Path Finder in Splunk Search 05-05-2020 1 10	1	10
Show percentage on pie chart out of 100% I have event logs with a % in them and I want to break them apart and show them on their own: My event log looks lik... by trever Loves-to-Learn in Splunk Search 05-05-2020 0 2	0	2
How to ignore fill null values in the result? In below scenario i want to ignore two vales are null in the result. index=test \|stats count by ErrorDetail ErrorMes... by karthi2809 Builder in Splunk Search 05-05-2020 0 5	0	5
How to count min max time by user? Hello, I am trying to pull min and max time for each user: index="iptv_rdkb" [\|inputlookup usersfile.csv] \| fields ... by t874560 New Member in Splunk Search 05-05-2020 0 2	0	2
How can I delete search data result incoming within 5 minutes? Hi. When I search a '_time' field, there are two result values like '2020/04/30 18:00' and '2020/04/30 18:03' I just... by tkdguq0110 Path Finder in Splunk Search 05-05-2020 0 8	0	8
How to fill auto-fill missing dates in a time range and fill null with previous value? Hello everyone, I need help with a query. I have a table with the following fields: _time USERNUMB... by srive326 Explorer in Splunk Search 05-05-2020 0 7	0	7
Architecture Can Deployer and Deployment server be on a Single instance? What are Management servers in Splunk? by revanthammineni Path Finder in Splunk Search 05-05-2020 0 3	0	3
Field aliasing using host tags I am looking to alias several field names from multiple sources/hosts with an alias of 'Username'. When looking in t... by pj Contributor in Splunk Search 05-05-2020 0 5	0	5
Subsearch map command doesn't work I have a query that uses map and subsearch inside map command as below: host="X" booking source="Y" Success \| ded... by slipinski Path Finder in Splunk Search 05-05-2020 0 12	0	12
Unable to input zipped csv files from .gz Hi All, I am unable to index .gz files which has csv file. Can you guys please help 04-16-2019 03:11:28.982 -0400 INF... by hethaishibk New Member in Splunk Search 05-05-2020 0 3	0	3
Rex to match fields until particular string Hi, I'm using expression: (?ms)book.(?\d{7}-\d) to extract some numbers from this input (thanks @to4kawa ) : " ne... by slipinski Path Finder in Splunk Search 05-05-2020 0 2	0	2