Splunk Search

Community Activity

How to use IN clause in a search string? Why does the following string work: url=string1 OR url=mystring2 But, this one does not work? url in (*mystrin... by lhumbertosplunk New Member in Splunk Search 04-29-2020 0 3	0	3
Why kv store lookup is much slower than csv lookup? Hi everyone! We've moved some of heavy lookups to kv store and now they work faster and more stable. But one of them ... by iKate Builder in Splunk Search 04-29-2020 1 0	1	0
How to match values if already in table I appended a CSV to an index, and right now my results pop up as the 100 lines of CSV, and then 30K of the index. W... by katmagee Engager in Splunk Search 04-29-2020 0 6	0	6
It is possible to change the default delimiter "," by ";" in the ouputcsv? I need to change the default output separator of ouputcsv or outputlookup, is there any way to change it? For exampl... by lumpie New Member in Splunk Search 04-29-2020 0 1	0	1
Is it possible to use TERM() with Datamodel in a tstats? Currently I am trying to optimize my application and I would like to know if it is possible to use TERM() with a data... by fabio_lourenco Explorer in Splunk Search 04-29-2020 0 5	0	5
Error during Python init in custom search commands Hi, I believe that my Splunk's Python has some issue during initialization. This happens whenever I try to run any o... by seva98 Path Finder in Splunk Search 04-29-2020 0 6	0	6
Timespan based output Hi Can someone help me in getting o/p over 1h interval along with Total requests count, Success count, Failure count ... by poddraj Explorer in Splunk Search 04-29-2020 0 2	0	2
By any chance can we change the log rotation format? Hi Splunkers, Ideally what happens is we set threshold for log file and set some retention. so files do get create l... by sarvesh_11 Communicator in Splunk Search 04-28-2020 0 2	0	2
Converting events data into metric using Mcollect Hi Guys, I'm trying to convert events data into metric for CPU, Disk, Memory monitoring for Azure PAAS, using below ... by ssharma09 Explorer in Splunk Search 04-28-2020 0 1	0	1
Compare results to previous results? If say I have data from December to march in csv every 5 min , and no data from Marc to April.if say in month of nay ... by ksharma7 Path Finder in Splunk Search 04-28-2020 0 1	0	1
Yet Another Question - math on fields from different index and searches in one display? @to4kawa You have helped me a lot the past few weeks, lol you will probably answer this one too!  So i have thes... by pir8radio Path Finder in Splunk Search 04-28-2020 0 8	0	8
How to get two fields in two lines in one event ? I'm hoping to get help. I have the below errors that are in the same event at in different lines. i would like to g... by alwagia87 New Member in Splunk Search 04-28-2020 0 1	0	1
multivalue field search time extraction through UI Hi, I would like to extract field values from UI using the field transformations and field extractions from settin... by nawazns5038 Builder in Splunk Search 04-28-2020 0 12	0	12
Extract a field and perform subsearch Hello, I have this subsearch command: [search source="local/data/user/logs/access" status =5 \| table request_id] ... by mihirpradhan Explorer in Splunk Search 04-28-2020 0 2	0	2
Why can't a non-admin user search my accelerated data model? I've created two accelerated data models. As admin, I can search each of them with \|tstats summariesonly=t FROM data... by john_dagostino Path Finder in Splunk Search 04-28-2020 0 4	0	4
Capitalize every word of field in search results I have a list of Cities in a field that are all lower case. Is there a way to capitalize them in search? Example: los... by aelliott Motivator in Splunk Search 04-28-2020 1 6	1	6
time frame calculation Hello i want to write IF statement as part of my query and want it to run on time frame of 30 days or more... the qu... by sarit_s Communicator in Splunk Search 04-28-2020 0 2	0	2
Automatically capitalize the first letter of every word that follows a period? I am looking for the proper SPL to capitalize the first letter of every word that follows a period. I have tried seve... by rogue670 Engager in Splunk Search 04-28-2020 0 5	0	5
need help in extracting a substring from a string hello splunkers! new to splunk and i am needing to extract a word from a message field. this is the message The Clust... by owie6466 Explorer in Splunk Search 04-28-2020 0 4	0	4
expand json array to multiple events, then search constraints on the results Hello, I've gone through a hundred of these types of posts and nothing is working for me. Here is the nested json arr... by zachsisinst Explorer in Splunk Search 04-28-2020 0 4	0	4
How to do an outer join on two tables with two fields? Hi, I'm wondering if it's possible to do an outer/left join two tables on two fields. I have two indexes with the fo... by apiprek2 Explorer in Splunk Search 04-28-2020 0 2	0	2
Clustered search heads broke lookup tables where do I reupload the lookups? Hi All, so i clustered my search heads and added them to my index cluster. However it broke all my lookup tables. ... by rtalcik Path Finder in Splunk Search 04-28-2020 0 1	0	1
How to split cooking data and routing between two (or more) forwarders? Hi all, I have already read several interesting questions regarding this topic. I'd like to verify which approach is... by MMCC Path Finder in Splunk Search 04-28-2020 0 3	0	3
concat lookups for a search so in this search the full list is everything in zone A. do is everything in zone b, zoneserialnumbers are a list o... by rtalcik Path Finder in Splunk Search 04-28-2020 0 6	0	6
define transaction and gather knowledge from it Hi have logs look likes below, and want to define where transaction begin and where finished. for example at ID654321... by indeed_2000 Motivator in Splunk Search 04-28-2020 0 6	0	6