Splunk Search

Community Activity

Show percentage on pie chart out of 100% I have event logs with a % in them and I want to break them apart and show them on their own: My event log looks lik... by trever Loves-to-Learn in Splunk Search 05-05-2020 0 2	0	2
How to ignore fill null values in the result? In below scenario i want to ignore two vales are null in the result. index=test \|stats count by ErrorDetail ErrorMes... by karthi2809 Builder in Splunk Search 05-05-2020 0 5	0	5
How to count min max time by user? Hello, I am trying to pull min and max time for each user: index="iptv_rdkb" [\|inputlookup usersfile.csv] \| fields ... by t874560 New Member in Splunk Search 05-05-2020 0 2	0	2
How can I delete search data result incoming within 5 minutes? Hi. When I search a '_time' field, there are two result values like '2020/04/30 18:00' and '2020/04/30 18:03' I just... by tkdguq0110 Path Finder in Splunk Search 05-05-2020 0 8	0	8
How to fill auto-fill missing dates in a time range and fill null with previous value? Hello everyone, I need help with a query. I have a table with the following fields: _time USERNUMB... by srive326 Explorer in Splunk Search 05-05-2020 0 7	0	7
Architecture Can Deployer and Deployment server be on a Single instance? What are Management servers in Splunk? by revanthammineni Path Finder in Splunk Search 05-05-2020 0 3	0	3
Field aliasing using host tags I am looking to alias several field names from multiple sources/hosts with an alias of 'Username'. When looking in t... by pj Contributor in Splunk Search 05-05-2020 0 5	0	5
Subsearch map command doesn't work I have a query that uses map and subsearch inside map command as below: host="X" booking source="Y" Success \| ded... by slipinski Path Finder in Splunk Search 05-05-2020 0 12	0	12
Unable to input zipped csv files from .gz Hi All, I am unable to index .gz files which has csv file. Can you guys please help 04-16-2019 03:11:28.982 -0400 INF... by hethaishibk New Member in Splunk Search 05-05-2020 0 3	0	3
Rex to match fields until particular string Hi, I'm using expression: (?ms)book.(?\d{7}-\d) to extract some numbers from this input (thanks @to4kawa ) : " ne... by slipinski Path Finder in Splunk Search 05-05-2020 0 2	0	2
Filter Events based on lookup file contents Hey All, I am attempting to write a search that looks for AD group add/removals for specific groups executed by spec... by adalbor Builder in Splunk Search 05-05-2020 0 8	0	8
Using lookups, determine if search is null. I have a lookup table where the columns are formatted as follows: Location, Vendor, dns_name, host-ip, host-short-na... by OldManEd Builder in Splunk Search 05-05-2020 0 6	0	6
IOC Inputlookup Hi , my goal is to detect if there is any matches with my custom Domain_IOC.csv list and display additional column f... by zayedaljaberi Engager in Splunk Search 05-05-2020 0 7	0	7
validate that index is not being queried in splunk Good afternoon I can validate in the MC which index have events and which do not, but is it possible to know whic... by efaundez Path Finder in Splunk Search 05-05-2020 0 1	0	1
duration calculator with current time Need help in find a query to get the duration of the alert w.r.t the current time. Current code am using: index=o... by jerinvarghese Communicator in Splunk Search 05-05-2020 0 1	0	1
How to set class for different fields using JavaScript for changing font color and background color in Splunk table? Hi i am new to Splunk/JavaScript, Need your help for reducing my code, i have created two class for 2 fields, likewis... by 812456 New Member in Splunk Search 05-05-2020 0 1	0	1
Some fields with >90% coverage disappear randomly between searches So this is a prerequisite-free kind of question about a field disappearing from "All Fields" section. By prerequisite... by funghorn Explorer in Splunk Search 05-05-2020 0 2	0	2
customize the chart display on selecting value from static multiselect option HI, I am trying to implement customized chart views, to state the issue I have static multi select input with token... by vikashperiwal Path Finder in Splunk Search 05-05-2020 0 6	0	6
Search Same URLs between two endpoints, each endpoint different time range I'm trying to find what URLs are the same that two endpoints went to, but at different times. Example: What URLs di... by pkohn117 Explorer in Splunk Search 05-05-2020 0 0	0	0
Bank holiday exclusion from search query HI All, I have a search query that needs to be excluded to run on a bank holiday. I have created a holidays.csv fil... by ashrafsj Path Finder in Splunk Search 05-05-2020 0 2	0	2
Discrepancies between metadata and tstats latest time results I'm trying to figure out which search will most accurately tell me when events with future timestamps are being detec... by merch_sf Engager in Splunk Search 05-05-2020 0 3	0	3
Alternate to EventStats \| Using EventStats for a longer duration results in data loss Hi Team, Is there an alternative to count all the events to 'eventstats' using it results in data loss if exceed the... by nishantberiwal New Member in Splunk Search 05-05-2020 0 6	0	6
Unable to break events using multikv? Hi Splunkers, Please find attached image, this is the way i am getting my data. My desired format is : Hostname \| Mi... by sarvesh_11 Communicator in Splunk Search 05-04-2020 0 4	0	4
How to compare fields over multiple sourcetypes without 'join', 'append' or use of subsearches? Hello everyone, Now, this one bugs me for some time and this question got my attention back to this topic. How can o... by MuS SplunkTrust in Splunk Search 05-04-2020 20 24	20	24
Can not get my subsearch work Hello, everybody! Does anybody can help me understand why the following subsearch not limits the results of the oute... by oshirnin Path Finder in Splunk Search 05-04-2020 0 5	0	5