Splunk Search

Community Activity

how to rank or group similar data together ? Hi all, I have a requirement as below, When there is a name field, I want it to be ranked similar names together Na... by johnsasikumar Path Finder in Splunk Search 03-20-2020 0 2	0	2
Difference between two times Hi, I have two fields in my report. Time_Created and Time_Closed. They are for time an incident ticket was created a... by mbasharat Builder in Splunk Search 03-20-2020 0 6	0	6
how to table job names at each time Hi Guys, I have the following query which i am showing line chart in a panel, how ever i want to show the jobnames a... by pench2k19 Explorer in Splunk Search 03-20-2020 0 1	0	1
Avoiding renaming multiple columns using time based streamstats Hi there, I'm trying to create a time series data using streamstats function. Got it figured out, but is there any ... by hollybross1219 Path Finder in Splunk Search 03-20-2020 0 2	0	2
Lookup in a lookup table with multivalue fields Hello, I have a lookup table that looks like below: dns ip server1 ip1,ip2,ip3 server2 ... by vpaschalidis Loves-to-Learn in Splunk Search 03-20-2020 0 1	0	1
Is it possible to only return events that have no corresponding start or end transaction event? Hi Splunk community, I'm currently trying to correlate different event sources and events with each other. My sear... by horsefez Motivator in Splunk Search 03-20-2020 0 6	0	6
Cannot access results of a Searchmanager in a for loop I have a dashboard that should perform a dynamic number of searches. For this purpose I created a search manager, whi... by mariuswal New Member in Splunk Search 03-20-2020 0 0	0	0
How do you use the lookup value as a variable? Hi, I have the following lookup, which is basically a mapping lookup: lookup name: "scoring_rules" source , field... by lozarich007 New Member in Splunk Search 03-19-2020 0 2	0	2
Scatter Plot for time x-axis and numbered Y axis I am looking to plot scatter plot to show all the data points in a particular time. Some how I am not able to get aro... by howardroark Explorer in Splunk Search 03-19-2020 1 23	1	23
How to check if an index exists efficiently? In elasticsearch one would do HEAD [index_name] and check if an index exists efficiently. Is it possible to do someth... by dapitis Engager in Splunk Search 03-19-2020 0 13	0	13
How to convert epoch to human readable format at index time for multiple time values? Event data has multiple time values in the Epoch time format. I am able to convert the one used for event timestamp w... by donaldwayne1975 Path Finder in Splunk Search 03-19-2020 0 3	0	3
Combine the Sum of Two Fields Hi all, For a search similar to the following: index=myindex "Search Term" NOT field=value source="mylog.log" \| eval... by bcarr12 Path Finder in Splunk Search 03-19-2020 0 3	0	3
How to get session key in a search script (\| script ) similar to the way a scripted input can? I'm storing a few credentials in Splunk keystore using setup.xml endpoint="storage/passwords". I have no problem ex... by avilandau Path Finder in Splunk Search 03-19-2020 1 16	1	16
Sonicwall VPN group by field then sum of a field? Hi, We are getting data from syslog for ssl vpn login. Here is a sample log. ,,"'0'",,"'-'",,"Thor","'Tunnel'","MCU... by mashhoorgulati Engager in Splunk Search 03-19-2020 0 2	0	2
Split is converting my empty strings back into null? This query kills morejunk even though it should NOT be doing so: \| makeresults \| eval a="1 2" \| eval b="junk" \| appe... by nick405060 Motivator in Splunk Search 03-19-2020 1 5	1	5
Calculating total in row Hi, I need help adding b+ c together to get a total, I will then calculate a percentage using a/combined b+c. Is thi... by khanyag1 New Member in Splunk Search 03-19-2020 0 11	0	11
Display data in timechart I'm using summary index to get data and display in timechart. but not able to create a time chart with the data. ind... by kirrusk Communicator in Splunk Search 03-19-2020 0 4	0	4
Can I update a CSV lookup file with more rows and how will this affect existing csv files and lookups? Looking at understanding better how lookups work in Splunk. As I understand it, there are 3 steps: 1. lookup table... by HattrickNZ Motivator in Splunk Search 03-19-2020 2 12	2	12
SA-Eventgen and Splunk SPL Examples - Help Generating Data Hello community, I've installed SA-Eventgen and SPL Examples as directed in the following .conf talk: https://conf.s... by dillardo_2 Path Finder in Splunk Search 03-19-2020 0 4	0	4
How to extract numbers correctly Hi! I have this field in my log: callerSipNumber="18121710_text". How should I extract "18121710" and name it "number... by pomazanelvira New Member in Splunk Search 03-19-2020 0 4	0	4
Log format validation I have frequently asked whether the fields are being extracted well. The easiest method to answer this question is t... by landen99 Motivator in Splunk Search 03-19-2020 1 2	1	2
How to get diff count and show field and result of diff Hello Splunkers, I have a trouble with the result, example i have some data log Goat \| alive Goat \| dead Goat \| ali... by mockingj New Member in Splunk Search 03-19-2020 0 4	0	4
regex to split names extracted from a string This is a little tricky to explain but I have this query: index = active_directory directReports=* sAMAccountName=* ... by nathanluke86 Communicator in Splunk Search 03-19-2020 0 2	0	2
項目名に変数の値を設定できるかお世話になります。項目名に月の値を入れたいです。現在検討している方法は別カラムに月の値(2020-03)を設定し、【予定】という項目の先頭に月の値(2020-03)をセットして、【2020-03予定】という項目名にしたいのですが、実... by 1014502 New Member in Splunk Search 03-19-2020 0 3	0	3
Regex assistance on match, capture, repeat - simple yet I can't! Good morning you lovely lot, I have a theoretically simple regex extraction, but it is slaying me. If one of you wou... by Barty Explorer in Splunk Search 03-19-2020 0 4	0	4