Splunk Search

Community Activity

Evaluate _time against current value and next value in a foreach and mvfilter ? Hello, I need to evaluate my _time against a list of times output from a lookup table and produce a calculated fiel... by dhtran Loves-to-Learn Lots in Splunk Search 04-22-2020 0 2	0	2
parsing multivalue subfields in cisco ise Hi, we have from a cisco ISE a syslog like this one: calling-Station-ID=15.15.15.15, NAS-Port-Type=Virtual, Tunnel-... by tfechner Path Finder in Splunk Search 04-21-2020 0 2	0	2
Compare a date field with current date Hello, I have some events into splunk which I would like to compare with today's date less than 30 days. I want to e... by rbw78 Communicator in Splunk Search 04-21-2020 5 10	5	10
Not able to search data with source. Hi Folks, we are ingested the aws vpc flow logs in splunk and able to see the data while searching with index but wh... by sridharlakshman New Member in Splunk Search 04-21-2020 0 14	0	14
how do I add an upper row with count eval? Hello, i'm doing a report (splunk 7.3) in which I need to append some counts in the first row of the table im generat... by 3DGjos Communicator in Splunk Search 04-21-2020 0 3	0	3
Separate the fields from a merged result Hi I have two events with following fields Event 1 Log.Status : IN TransactionTime : IN time Tracking id: Unique ID... by s_kandula Observer in Splunk Search 04-21-2020 0 3	0	3
NOT like multiple values Looking to exclude certain values for field instance. How can I achieve this? Propose code (not working) index=abc so... by rizwan0683 Path Finder in Splunk Search 04-21-2020 0 3	0	3
Overcoming subsearch truncation I do not have any admin privilege in my Splunk instance and cannot change any configuration. Need to search an index ... by yepyepyayyooo New Member in Splunk Search 04-21-2020 0 3	0	3
count the specific items from the list in Splunk Hi, I have a list column with different values and i want to count the number of occurence of a specific value. For e... by Shashank_87 Explorer in Splunk Search 04-21-2020 0 4	0	4
Automatic Lookup not working debug Hello, I've always had trouble with automatic lookups and every time I manage to do it it seems that I do it differe... by user93 Communicator in Splunk Search 04-21-2020 0 0	0	0
create a status field based on 3 separate avgs I have a search that looks at the output of a few scripts and lets me know if they are not running. These scripts c... by codedtech Path Finder in Splunk Search 04-21-2020 0 1	0	1
How to create a beautified time difference? We have the following code: \| stats count min(_time) as min, max(_time) as max by src, .... \| eval delta = (max - mi... by danielbb Motivator in Splunk Search 04-21-2020 1 2	1	2
Replace only if commas exist I have a dashboard (form) that I'm trying to allow a text field to accept single values or comma separated values tha... by treverce Explorer in Splunk Search 04-21-2020 0 5	0	5
eval by rows i have a table data where in a row has 0's . i need to replace those 0 only for that row ex: rowname:data one:5 two... by jiaqya Builder in Splunk Search 04-21-2020 0 3	0	3
Field extraction on source type on splunk when i want to do field extraction ask me source type. and when I open this listbox show files on that path... by indeed_2000 Motivator in Splunk Search 04-21-2020 0 0	0	0
Search lookup containing IP addresses by CIDR mask I cannot find this question being asked this way round, so hopefully its not a duplicate. I have a lookup CSV like t... by joepjisc Path Finder in Splunk Search 04-21-2020 0 5	0	5
How to make a chart where the x-axis is a guid I have 3 fields: "Runtime_A", "Runtime_B", and "guid". My current query is: search \| chart values(guid) AS "Guid", ... by splunkuser2127 Loves-to-Learn in Splunk Search 04-20-2020 0 2	0	2
How to display 0 when there is No Records Found or Nothing returned the search (thanks for who provided this) is: \| tstats count where host=linux01 sourcetype="linux:audit" by _time sp... by splunkbeginner Engager in Splunk Search 04-20-2020 0 8	0	8
I have a search that returns activity summary by email address. I also have a ksv with KNOWN users. How do I list those users that have no activity in the search? someone suggested a join, but as a newbie...... Don't know how to do this. I believe I would need two searches, 1 b... by MwayneSmith Explorer in Splunk Search 04-20-2020 0 1	0	1
Convert CIDR Range into list of member IPs. Given a list of CIDR ranges ... 10.198.68.132/30, 10.244.18.150/31, 10.48.37.96/24 Is there a search that could extr... by pkeller Contributor in Splunk Search 04-20-2020 0 2	0	2
How do you overlay charts that are linked together with a field? I have 3 extraction fields: "guid", "runtime_general", "runtime_specific". There is also a value "A" that I will sea... by splunkuser2127 Loves-to-Learn in Splunk Search 04-20-2020 0 0	0	0
Field extraction tool not showing whole event. I'm trying to use the field extraction tool. The problem is that the field I want to extract is about 18 lines down ... by nocostk Communicator in Splunk Search 04-20-2020 0 4	0	4
How to fill empty or missing data values based on approximations of previous values? Hello All, I spent a lot of time trying to figure out how to fill out missing data with approximations based on the ... by bntdumas Engager in Splunk Search 04-20-2020 0 6	0	6
Stumped. Selective removal of events while keeping others. Ideally avoiding mvexpand. Hi folks, I'm having a hard time with this one. Maybe I need more coffee. Say I have several events like this: Event... by loc_spl New Member in Splunk Search 04-20-2020 0 1	0	1
searchs that does not succeed Hello, I would like to know how to find searchs that do not succeed (no results or with errors) ? Some users complain... by warmup031 Explorer in Splunk Search 04-20-2020 0 2	0	2