Splunk Search

Community Activity

problem with rounding bytes to gb HelloI have use this command to convert from bytes to GB:\| eval b = b /1024/1024/1024and this is an example value as ... by net1993 Path Finder in Splunk Search 04-01-2020 0 4	0	4
RegEx How to find two strings from splunk log I have below log: Service ABCD(blabla_blabla): 365.45.1.87.3.60354 -> remote.234.5 Failure Service DERF(blabla_blabl... by dabroma5 Explorer in Splunk Search 04-01-2020 0 4	0	4
If column is missing then eval if a field is missing in output, what is the query to eval another field to create this missing field. below query ca... by jiaqya Builder in Splunk Search 04-01-2020 0 5	0	5
Sourcetype count per host Hello, I would like to Check for each host, its sourcetype and count by Sourcetype.I tried host=* \| stats count by ho... by warmup031 Explorer in Splunk Search 04-01-2020 0 6	0	6
Distinct count returns less results than expected Hello Im running this query: index="prod" \| rex field=source "(?<crate>.*?)/" \| stats dc(crate)H But the number o... by sarit_s Communicator in Splunk Search 04-01-2020 0 1	0	1
CEF Field Parsing I am not seeing extracted field against below query. index=fireeye \| eval {flexString2Label} = flexString2 below are ... by riqbal47010 Path Finder in Splunk Search 04-01-2020 0 1	0	1
How to count the number of issues (from Jira) that were created, only once? I have data from Jira in Splunk, and issues (stories in particular) are counted multiple times because of modificatio... by YuliyaVassilyev Explorer in Splunk Search 04-01-2020 0 3	0	3
Cumulative hourly Average Hi All, I have counts of some offers for every hour eg 9-10 30 and then 10-11 - it is 40 it should be cumulative... by Rukmani_Splunk Path Finder in Splunk Search 04-01-2020 0 0	0	0
Query help lookup Hi, I am using below query to get a match by SUBNET from B.csv and get the IP filed. And show all fields from A.cs... by surekhasplunk Communicator in Splunk Search 04-01-2020 0 2	0	2
Dynamic dashboard event handling Hello I am new to Splunk. Would be great if you can help me with this. Once I open the dash board , it has couple of ... by 812456 New Member in Splunk Search 03-31-2020 0 0	0	0
Move _time to the last column in the attached mail How I can move _time column to be the last on the an attached csv file in the email send by scheduled report the que... by rayar Contributor in Splunk Search 03-31-2020 0 1	0	1
Transaction starts with ends with Hi does anyone know is there is a way for transaction starts with ends with take the middle result Example, i have tr... by chookp Explorer in Splunk Search 03-31-2020 1 11	1	11
Join 2 fields with the same value in the same search. Hi. I need help to be able to unify 2 fields that have the same value, however, in separate searches. Here is an exam... by LeandroKopke Explorer in Splunk Search 03-31-2020 0 6	0	6
Raw data only parsing the first instance Hello All, I have a data like this X1=[A(status=X, reason=Y), A(status=Z, reason=Y), A(status=xyz, reason=abc)] No... by praddasg Path Finder in Splunk Search 03-31-2020 0 9	0	9
Fetch the data from the fields which has 2 words in the field name using regular expression? I have an event as below: Mar 30 16:59:08 vg1 : %ASA-4-113019: Group = EMPLOYEE, Username = roys86, IP = ...**, Sess... by khojas02 Engager in Splunk Search 03-31-2020 0 3	0	3
is it possible to know which is the index that has less use? good afternoon I would like to know which is the index that has had less access at the data query level. regards by efaundez Path Finder in Splunk Search 03-31-2020 0 2	0	2
How to remove tags in a string? Hello, I have a string field like: View How can I remove tag and to only display View in the search? Thanks, by vnguyen46 Contributor in Splunk Search 03-31-2020 0 9	0	9
Symantec TA field Extractions not working Hello All, I am troubleshooting an issue with the Symantec TA. Fields are not being extracted correctly and I am stum... by rwardwell Explorer in Splunk Search 03-31-2020 2 1	2	1
Using Web datamodel _time doesnt show seconds.. the _time is in format of 2020-03-31 08:45:00 I am trying to use tstats to develop a query, however i need _time to be included in the query for the logic to work.... by dwibedi03 Explorer in Splunk Search 03-31-2020 0 2	0	2
Can I execute job inspector on SH and IDX both? When I execute job inspector on IDX and SH under the indexer cluster environment, are the results same? Do they have ... by brandy81 Path Finder in Splunk Search 03-31-2020 0 1	0	1
Fillnull with previous known or conditional values? I am logging a number of simple on/off switches that Splunk has done a wonderful job automagically parsing. The data ... by keycoldstorage Explorer in Splunk Search 03-31-2020 1 17	1	17
Can we perform search on a value that is returned from a CASE function Hi can I perform a search on a value that is returned from a CASE function in the same search. eval filter=case( ( (... by gurkiratsingh Explorer in Splunk Search 03-30-2020 0 3	0	3
Deriving one event from another Hi, pardon if my question is too obvious, am a Splunk noob. My requirement is: I have a search String , example "Erro... by akki2428 New Member in Splunk Search 03-30-2020 0 1	0	1
Search parameter changed, need help with query i have a search parameter for ex : search Data="Test". This data is there in the index and it has daily ingest and it... by jiaqya Builder in Splunk Search 03-30-2020 0 4	0	4
How to show a count of "0" for hosts with no events in my search results? I am trying to do a search for certain hosts and get counts on the number of events available for each host while try... by harjotsidhu82 New Member in Splunk Search 03-30-2020 0 7	0	7