Splunk Search

Community Activity

How can I split values based on two possible delimiters? \| eval field2=mvindex(split(word, " "),2) How can I split based on either space " " or comma "," Beforehand, I do ... by smhsplunk Communicator in Splunk Search 04-14-2020 1 7	1	7
question about complicated condition search I am facing a difficult problem about search, the condition is: I want to filter the user who change his/her logon so... by lllidan New Member in Splunk Search 04-14-2020 0 6	0	6
How to get count by unique value? Hi, I am new to Splunk. I have below log which is capturing product id, Header product-id, 12345678900 Header produ... by vel4ever New Member in Splunk Search 04-14-2020 0 5	0	5
Static Fields Hi everyone, I'm going through the course Splunk Fundamentals 2 and I'm sorry if the question is too easy: what does... by tepus Explorer in Splunk Search 04-14-2020 0 4	0	4
Get % values out of a query I have the following query. The key TEST_DECISION has 4x possible outcomes. CALL_FAILED, VALID, INVALID, NOT_CALLED. ... by angersleek Path Finder in Splunk Search 04-14-2020 1 1	1	1
What is the best way to get list of index in my splunk Currently i'm running this command for 2 days, it takes quite a lot of time index=* \| stats count by index Is there... by ma_anand1984 Contributor in Splunk Search 04-14-2020 2 8	2	8
Help optimising a query Hi All I'm fairly new to Splunk, and still very much learning (its a small hobby), and I recently found Elastic Beat... by kwestlake Engager in Splunk Search 04-14-2020 0 2	0	2
Multiple Blocked Queues on Multiple Hosts I run the query below every so often to see if there are any blocked queues and most of the time I see results when I... by wwhite12 Path Finder in Splunk Search 04-14-2020 0 1	0	1
regex to extract field Hello, This is my character string user=YHYIFLP@intra.bcg.local i want to display just YHYIFLP, i use \| eval use... by numeroinconnu12 Path Finder in Splunk Search 04-14-2020 0 4	0	4
How to force the sequence of search-time operations to perform calculated fields AFTER lookups ? Hello, I try to figure out how to perform fields calculation based on rules coming from a lookup table. This is my ... by dhtran Loves-to-Learn Lots in Splunk Search 04-14-2020 0 2	0	2
Is base search will ignore events I'm using base search in my dashboard, In dashboard panels , one created using base search query and other one is us... by kirrusk Communicator in Splunk Search 04-14-2020 0 6	0	6
How do you create the below chart in Splunk? I am working on Sentiment Analysis for twitter logs. The client requirement is to produce the graph/chart as mentione... by aravindpadmin Explorer in Splunk Search 04-13-2020 0 6	0	6
View interesting fields - maximum When I click on an interesting field I have 100 values but it only displays the top 10. How can I view all values? by allenhau Engager in Splunk Search 04-13-2020 0 5	0	5
Speed Search Review Hello Everyone. I m new to splunk and I have one search which is taking a bit longer than others. Is there any sugge... by rafazurc New Member in Splunk Search 04-13-2020 0 10	0	10
How to list fields, values and also index and source names using fieldsummary Hi All, I need to look for specific fields in all my indexes. Using fieldsummary, I am able to get a listing of my sp... by chanmic New Member in Splunk Search 04-13-2020 0 4	0	4
Eval check condition not working Hello, I have the splunk query below which has multiple sourcetype rows and if the row has x-correlation-id keywpord ... by msrama5 Explorer in Splunk Search 04-13-2020 0 1	0	1
Timechart a total count Hello, I am currently tracking a total count of VPN Users. I want to track the total over a timechart to see when the... by cooperjaram Engager in Splunk Search 04-13-2020 0 3	0	3
is there a way to escape source when log contains source field ? Hey Splunk Experts, I have a log that produce something like below; (Notice there is a key named source[not the splu... by charmsstyler Explorer in Splunk Search 04-13-2020 0 1	0	1
How to exclude lines from a log --IndexQueue We are trying to index only events that contain a certain structure set by a regular expression: \ S + \ s \ S + \ s ... by IreneAsdfgk Engager in Splunk Search 04-13-2020 0 4	0	4
Comparing Values Based on Another Field Hello, I'm thinking is real simple, but I have been digging in the weeds for so long I am unable to see this simple a... by genesiusj Builder in Splunk Search 04-13-2020 0 3	0	3
How to search for a value in multiple fields I have 2 sources in separate indexes; the first contains a field "appId"; to get the human readable (appDisplayName) ... by robinettdonWY Path Finder in Splunk Search 04-13-2020 0 3	0	3
stats count returns different results for indexed field I'm having difficulty understanding why Query 2 is returning a different count than the other two queries. The clust... by bschaap Path Finder in Splunk Search 04-13-2020 0 2	0	2
Loop through event message Hi I want to compare a date time value with many entities in my message. I have an eval(IST_time_latest) with the va... by gurkiratsingh Explorer in Splunk Search 04-13-2020 0 3	0	3
Timechart flickering issue not pointing to data points properly on mouse over ? I am facing issues when I am trying to mouse over on the timechart to see the exact values on the graph. I am selecti... by pgadhari Builder in Splunk Search 04-13-2020 0 8	0	8
Correlate value between 2 columns hi, i am a newbie in Splunk here and i am not a native speaker, so please bare my grammar. can someone explain how to... by mfirmanf New Member in Splunk Search 04-13-2020 0 2	0	2