Splunk Search

Community Activity

How do you search part of a text field (delimited by date)? I'm trying to search for specific words inside the last entry added to a paragraph, where each entry/addition to the ... by anelson1 New Member in Splunk Search 04-29-2020 0 29	0	29
Is it possible to use IN against a field that contains comma-separated values? Is it possible to "expand" a single variable with comma-separated values into a "list" and then use it inside IN cond... by pm771 Communicator in Splunk Search 04-29-2020 0 1	0	1
how to compare compare stats counts and highlight in new field ? Hello dear, I want to compare stats count for same host and counts are not equal than create a new field and put "!"... by corehan Explorer in Splunk Search 04-29-2020 0 4	0	4
What does the status of "info=granted" mean in my search? I am trying to find out all the searches made by users in Splunk. I am running the below search index=_audit action... by rahulrawlani Explorer in Splunk Search 04-29-2020 0 3	0	3
Extract data between multiple days.. Hi Guys, I am just trying to write a spluNk query to extract data between 1-32 days , >32 days , > 42 days , > 72 da... by Inayath_khan Path Finder in Splunk Search 04-29-2020 0 2	0	2
Finding a Sessions Length Hi All, Summary I have windows logs for remote VPN access. I want to be able to graph concurrent use by user. B... by celdridge1988 Engager in Splunk Search 04-29-2020 0 2	0	2
How to format text extracted from a lookup? Good afternoon, I have text in a lookup.csv that has hard returns in it, for example: This is the reason why the s... by ChrisCLewis Communicator in Splunk Search 04-29-2020 0 3	0	3
Sorting issue with numeric field, descending order I have a simple search with a sort command at the end as follows: .... some base search \| dedup id \| table id, name ... by pgoldweic Communicator in Splunk Search 04-29-2020 0 4	0	4
How to use IN clause in a search string? Why does the following string work: url=string1 OR url=mystring2 But, this one does not work? url in (*mystrin... by lhumbertosplunk New Member in Splunk Search 04-29-2020 0 3	0	3
Why kv store lookup is much slower than csv lookup? Hi everyone! We've moved some of heavy lookups to kv store and now they work faster and more stable. But one of them ... by iKate Builder in Splunk Search 04-29-2020 1 0	1	0
How to match values if already in table I appended a CSV to an index, and right now my results pop up as the 100 lines of CSV, and then 30K of the index. W... by katmagee Engager in Splunk Search 04-29-2020 0 6	0	6
It is possible to change the default delimiter "," by ";" in the ouputcsv? I need to change the default output separator of ouputcsv or outputlookup, is there any way to change it? For exampl... by lumpie New Member in Splunk Search 04-29-2020 0 1	0	1
Is it possible to use TERM() with Datamodel in a tstats? Currently I am trying to optimize my application and I would like to know if it is possible to use TERM() with a data... by fabio_lourenco Explorer in Splunk Search 04-29-2020 0 5	0	5
Error during Python init in custom search commands Hi, I believe that my Splunk's Python has some issue during initialization. This happens whenever I try to run any o... by seva98 Path Finder in Splunk Search 04-29-2020 0 6	0	6
Timespan based output Hi Can someone help me in getting o/p over 1h interval along with Total requests count, Success count, Failure count ... by poddraj Explorer in Splunk Search 04-29-2020 0 2	0	2
By any chance can we change the log rotation format? Hi Splunkers, Ideally what happens is we set threshold for log file and set some retention. so files do get create l... by sarvesh_11 Communicator in Splunk Search 04-28-2020 0 2	0	2
Converting events data into metric using Mcollect Hi Guys, I'm trying to convert events data into metric for CPU, Disk, Memory monitoring for Azure PAAS, using below ... by ssharma09 Explorer in Splunk Search 04-28-2020 0 1	0	1
Compare results to previous results? If say I have data from December to march in csv every 5 min , and no data from Marc to April.if say in month of nay ... by ksharma7 Path Finder in Splunk Search 04-28-2020 0 1	0	1
Yet Another Question - math on fields from different index and searches in one display? @to4kawa You have helped me a lot the past few weeks, lol you will probably answer this one too!  So i have thes... by pir8radio Path Finder in Splunk Search 04-28-2020 0 8	0	8
How to get two fields in two lines in one event ? I'm hoping to get help. I have the below errors that are in the same event at in different lines. i would like to g... by alwagia87 New Member in Splunk Search 04-28-2020 0 1	0	1
multivalue field search time extraction through UI Hi, I would like to extract field values from UI using the field transformations and field extractions from settin... by nawazns5038 Builder in Splunk Search 04-28-2020 0 12	0	12
Extract a field and perform subsearch Hello, I have this subsearch command: [search source="local/data/user/logs/access" status =5 \| table request_id] ... by mihirpradhan Explorer in Splunk Search 04-28-2020 0 2	0	2
Why can't a non-admin user search my accelerated data model? I've created two accelerated data models. As admin, I can search each of them with \|tstats summariesonly=t FROM data... by john_dagostino Path Finder in Splunk Search 04-28-2020 0 4	0	4
Capitalize every word of field in search results I have a list of Cities in a field that are all lower case. Is there a way to capitalize them in search? Example: los... by aelliott Motivator in Splunk Search 04-28-2020 1 6	1	6
time frame calculation Hello i want to write IF statement as part of my query and want it to run on time frame of 30 days or more... the qu... by sarit_s Communicator in Splunk Search 04-28-2020 0 2	0	2