Splunk Search

Community Activity

Field extraction using props.conf and transforms.conf Hello, This is what my field extraction looks like in the GUI: Name- source::/home/user/logs/* : EXTRACT-request_id ... by mihirpradhan Explorer in Splunk Search 04-30-2020 0 0	0	0
Navigations Can anyone help me with navigation's, I have created 2 app's. In test app i have a dashboard , when i clicked my pan... by tramya96 New Member in Splunk Search 04-30-2020 0 1	0	1
What is a good convention for config file organisation? Something to ponder while working from home... I am planning on storing and managing my config files in Git. We re... by mikeydee Explorer in Splunk Search 04-30-2020 0 1	0	1
Percentage of two calculated search values don't hate me @to4kawa But can you help me one last time! Ive been stuck for a few hours trying to figure out how ... by pir8radio Path Finder in Splunk Search 04-30-2020 0 2	0	2
How to handle staggered logs Hi , Basically their server send logs one line at a time. When it came to Splunk it ingest automatically and not fol... by jadengoho Builder in Splunk Search 04-30-2020 0 17	0	17
Change the time format in time chart tool tip We have time-chart visualization on a dashboard. The events are uploaded manually on last day of every month with tim... by rajeshjlnt Path Finder in Splunk Search 04-30-2020 0 2	0	2
Can the Splunk OS TAs capture time? Apparently, the Splunk OS TAs don't capture time and if there are index time delays, _time would be skewed and actual... by danielbb Motivator in Splunk Search 04-30-2020 0 1	0	1
filtering in search also that filter value display one of the filed of stats or table column I have query like below index="us_west_prod_power_platform" sourcetype="spark:metric" metricName="HRTBT_LHIST_METRIC... by manibattula New Member in Splunk Search 04-30-2020 0 13	0	13
Submit Button not working correctly Hi Splunk Team, I am using a dropdown input form. Corresponding to a value of dropdown, it should show panel. But b... by sahiljindal290 New Member in Splunk Search 04-30-2020 0 1	0	1
Calculate total count difference per day I have a set of data like the below total=2000 date=2020-04-29 total=1975 date=2020-04-28 total=1951 date=2020-04-... by Sfry1981 Communicator in Splunk Search 04-30-2020 0 6	0	6
Copy field to another event Hello, I'm searching doing a search in splunk for the "request_id" field. For example: request_id = "XXXXXXX" It ret... by mihirpradhan Explorer in Splunk Search 04-30-2020 0 4	0	4
Why am I getting duplicate values for all fields from JSON events? I have some JSON that I am indexing, using 6.3.0.1. If I index it as sourcetype=_json, all is well. I defined a new ... by wegscd Contributor in Splunk Search 04-29-2020 0 12	0	12
Merging values with similar I want to merge values with similar string context and still be able to reverse search for those logs. Similar to thi... by exocore123 Path Finder in Splunk Search 04-29-2020 1 3	1	3
How do you search part of a text field (delimited by date)? I'm trying to search for specific words inside the last entry added to a paragraph, where each entry/addition to the ... by anelson1 New Member in Splunk Search 04-29-2020 0 29	0	29
Is it possible to use IN against a field that contains comma-separated values? Is it possible to "expand" a single variable with comma-separated values into a "list" and then use it inside IN cond... by pm771 Communicator in Splunk Search 04-29-2020 0 1	0	1
how to compare compare stats counts and highlight in new field ? Hello dear, I want to compare stats count for same host and counts are not equal than create a new field and put "!"... by corehan Explorer in Splunk Search 04-29-2020 0 4	0	4
What does the status of "info=granted" mean in my search? I am trying to find out all the searches made by users in Splunk. I am running the below search index=_audit action... by rahulrawlani Explorer in Splunk Search 04-29-2020 0 3	0	3
Extract data between multiple days.. Hi Guys, I am just trying to write a spluNk query to extract data between 1-32 days , >32 days , > 42 days , > 72 da... by Inayath_khan Path Finder in Splunk Search 04-29-2020 0 2	0	2
Finding a Sessions Length Hi All, Summary I have windows logs for remote VPN access. I want to be able to graph concurrent use by user. B... by celdridge1988 Engager in Splunk Search 04-29-2020 0 2	0	2
How to format text extracted from a lookup? Good afternoon, I have text in a lookup.csv that has hard returns in it, for example: This is the reason why the s... by ChrisCLewis Communicator in Splunk Search 04-29-2020 0 3	0	3
Sorting issue with numeric field, descending order I have a simple search with a sort command at the end as follows: .... some base search \| dedup id \| table id, name ... by pgoldweic Communicator in Splunk Search 04-29-2020 0 4	0	4
How to use IN clause in a search string? Why does the following string work: url=string1 OR url=mystring2 But, this one does not work? url in (*mystrin... by lhumbertosplunk New Member in Splunk Search 04-29-2020 0 3	0	3
Why kv store lookup is much slower than csv lookup? Hi everyone! We've moved some of heavy lookups to kv store and now they work faster and more stable. But one of them ... by iKate Builder in Splunk Search 04-29-2020 1 0	1	0
How to match values if already in table I appended a CSV to an index, and right now my results pop up as the 100 lines of CSV, and then 30K of the index. W... by katmagee Engager in Splunk Search 04-29-2020 0 6	0	6
It is possible to change the default delimiter "," by ";" in the ouputcsv? I need to change the default output separator of ouputcsv or outputlookup, is there any way to change it? For exampl... by lumpie New Member in Splunk Search 04-29-2020 0 1	0	1