Splunk Search

Community Activity

Log format validation I have frequently asked whether the fields are being extracted well. The easiest method to answer this question is t... by landen99 Motivator in Splunk Search 03-19-2020 1 2	1	2
How to get diff count and show field and result of diff Hello Splunkers, I have a trouble with the result, example i have some data log Goat \| alive Goat \| dead Goat \| ali... by mockingj New Member in Splunk Search 03-19-2020 0 4	0	4
regex to split names extracted from a string This is a little tricky to explain but I have this query: index = active_directory directReports=* sAMAccountName=* ... by nathanluke86 Communicator in Splunk Search 03-19-2020 0 2	0	2
項目名に変数の値を設定できるかお世話になります。項目名に月の値を入れたいです。現在検討している方法は別カラムに月の値(2020-03)を設定し、【予定】という項目の先頭に月の値(2020-03)をセットして、【2020-03予定】という項目名にしたいのですが、実... by 1014502 New Member in Splunk Search 03-19-2020 0 3	0	3
Regex assistance on match, capture, repeat - simple yet I can't! Good morning you lovely lot, I have a theoretically simple regex extraction, but it is slaying me. If one of you wou... by Barty Explorer in Splunk Search 03-19-2020 0 4	0	4
How can I extract a value from a field that have many content I have a field named "Message", the content as below: *Active Directory Domain Services could not use DNS to resolve ... by lllidan New Member in Splunk Search 03-18-2020 0 1	0	1
How to tell which transform applied to which event Is there a way to tell if a regex has been applied to an event? I'm doing field extractions and want a way to confirm... by Alan_Bradley Path Finder in Splunk Search 03-18-2020 2 10	2	10
Splunk query for getting the hosts that are not reporting but with a condition mentioned below? Hi All, I want to build a splunk query which will give us the host details, last_time_stamp, number_of_days_aged not... by abhi04 Communicator in Splunk Search 03-18-2020 0 0	0	0
How can I fix my field extraction? Hello I have a structured data source that puts out data in a table with headers and a footer row with a total. I go... by tkw03 Communicator in Splunk Search 03-18-2020 0 2	0	2
Search to identify the most volatile values in a field Hello Splunkers! I have the following fields being populated by 1000s of values every 1 minute: Name Cost E.g. Luk... by luke222010 Engager in Splunk Search 03-18-2020 0 2	0	2
help on tstats command hello I use the stats command below in order to count the number of index on which an host collect events \| stats dc... by jip31 Motivator in Splunk Search 03-18-2020 0 2	0	2
Getting average response after joining 2 sourcetypes Hello Splunk Community, I am trying to create dashboard with the following query but the query returns no results. I... by dminev1 Explorer in Splunk Search 03-18-2020 0 7	0	7
Compare inputlookup column with actual search Hi all, I have .csv file with the multiple columns. But only one will be used to compare results, name of that colu... by dblagojevic Engager in Splunk Search 03-18-2020 0 4	0	4
Help on field renaming wich dont works hi I use the serch below wich match the data present in 2 indexes following by host In LastLogonBoot, the field "host... by jip31 Motivator in Splunk Search 03-17-2020 0 11	0	11
How to limit results in a bar chart while still sorting by one of the values of column-split field? I have this search, where I am charting usage over id field (which is on x-axis) split by two columns - two values o... by nickrally2009 Explorer in Splunk Search 03-17-2020 0 6	0	6
dedup maximum value Assuming there are 2 columns - Date & count and there are duplicates date. How to dedup on Date and pick the maximum... by reverse Contributor in Splunk Search 03-17-2020 0 3	0	3
can someone help improve the efficiency of this query eventtype="" "screen" OR "ui1" \| stats count AS TotalEvents by product \| appendcols [search eventtype="" "ui2" OR... by sriyechuri New Member in Splunk Search 03-17-2020 0 8	0	8
Counting events based on IP Subnets I need to create a search to count the number of events in each geographic are of our network. Each geo area will co... by tsheets13 Communicator in Splunk Search 03-17-2020 0 6	0	6
Prevent mvexpand to show duplicate events when searching all events Related to this question: https://answers.splunk.com/answers/807988/splunk-search-show-results-from-json.html I bas... by panulpet Loves-to-Learn in Splunk Search 03-17-2020 0 12	0	12
Last record per hour I manage to extract the data from Splunk below: ID SignalStrength TimeStamp 01 3 ... by 627412 New Member in Splunk Search 03-17-2020 0 1	0	1
Difference between 2 dates based on another field in years and days I have a sample data as below Assigned Analyst Assigned Date John ... by khojas02 Engager in Splunk Search 03-17-2020 0 8	0	8
What is the equivalent of excel's vlookup in Splunk? i'm trying to join these 2 tables. table 1 : index ="A" sourcetype = A WITH fields deviceName, physicalElementId, ph... by jonglim New Member in Splunk Search 03-17-2020 0 5	0	5
Radial gauge and max value Hi I have a dataset that isn't entirely clean so I first do some trim to get rid of a trailing comma (,). That didn't... by uthornander_spl Splunk Employee in Splunk Search 03-17-2020 0 3	0	3
Need help with below Query I am running below Query \| makeresults\| eval data="Brand1,File1,123;Brand1,File2,456;Brand2,File1,789;Brand2,File2,1... by nilbak1 Communicator in Splunk Search 03-16-2020 0 4	0	4
Splunk Query of Date and Time condition Hi, I am working on a splunk query to pull the records from daily basis depends on timinging. For example 30m and 6... by splunk_venkat New Member in Splunk Search 03-16-2020 0 0	0	0