Splunk Search

Community Activity

Why past data is missing even if date range is inside my retention policy of that index? SPL: "(index=3y OR index=3mon) (host=x OR host=y) name="RegisteredUserLog" actionType=egg pointGet=true (platform=0 O... by muizash Path Finder in Splunk Search 03-09-2020 0 9	0	9
First event Hello, this is my query \| loadjob savedsearch="myquery" \| where (strftime(_time, "%Y-%m-%d") >= "2020-02-26") AND (... by tahasefiani Explorer in Splunk Search 03-09-2020 0 10	0	10
How to merge multiple lookup lines into one I have a table with formatted something like this: 1 John, Smith, a123, superuser, blah2 John, Smith, a123, audit use... by mhale1982 Path Finder in Splunk Search 03-08-2020 0 4	0	4
Need to get events created in last 30days Hi, I am trying to fetch splunk events that are created in last 30days for below query, by selecting time range as l... by vijaya5 Engager in Splunk Search 03-08-2020 0 2	0	2
How to find the counting based on number of values i used the following command index=ABC \| stats values(L) AS USER i need the output like below user usercou... by Ashishanand New Member in Splunk Search 03-08-2020 0 1	0	1
datetime.xml addition Hello, I have a filename that i need to extract the date from : cvs.2020-02-10.3.log I understand that a modificatio... by ranmys Loves-to-Learn in Splunk Search 03-08-2020 0 1	0	1
How to extract integer value in search from string JSON in log event I am trying to extract 'timeTaken' value from json inside a log event string in order to build a dashboard. Example ... by soshua New Member in Splunk Search 03-08-2020 0 6	0	6
Why am I getting a warning about disk space when minFreeSpace is 5000 and there's 83GB available? The disk usage is at 17% and inode usage is at 1%. The error message from Splunk Web says minFreeSpace is 5000 and f... by gregbo Communicator in Splunk Search 03-08-2020 0 3	0	3
Unseen character in wineventlog message Hi all, I have a problem when I tried to parse EventID=1 in wineventlog. The message look like this: 03/05/2020 09:0... by louismai Path Finder in Splunk Search 03-07-2020 0 3	0	3
first connexion and last connexion VPN Hello, this is my request index=juniper_vpn ID=AUT24803 ( src_user!=ANONYMOUSUSER*) \| eval src_user=upper(src_user... by numeroinconnu12 Path Finder in Splunk Search 03-07-2020 0 2	0	2
Improving performance on join I have a data feed to Splunk that contains number, state and service name. This comes in to Splunk continuously as th... by andrewwjc Engager in Splunk Search 03-07-2020 0 1	0	1
Using a subsearch in an eval line I have some requests/responses going through my system. I want to get the size of each response. The only informatio... by htkhtk Path Finder in Splunk Search 03-07-2020 2 8	2	8
Code Sample does not work well. \| makeresults \| eval _raw="Source1_field2,Count dev,6 prod,5 uat,7 qa,8" \| multikv forceheader=1 \| table Source1_fiel... by to4kawa Ultra Champion in Splunk Search 03-07-2020 0 15	0	15
How to convert the time format to UK and 24 hour time? Hello, I have a field called in_time with example output = 8/31/2018 10:21:59 PM (GMT) I'd like this time (e.g. out... by aherrington Path Finder in Splunk Search 03-07-2020 0 8	0	8
is it possible to use tokens from 2 different files together in a query? Hi all, i have been trying to use 2 tokens which are calculated from 2 different files in another query. But it is no... by anooshac Communicator in Splunk Search 03-07-2020 0 5	0	5
help on stats by hi I need to understand why I execute the first search I have much more events in "Number of CPU alerts" count than i... by jip31 Motivator in Splunk Search 03-07-2020 0 3	0	3
One Tile per Table Row Hello, I have a search that generates over 50's rows and 12 columns. I need to create a tile for each row. I thought ... by genesiusj Builder in Splunk Search 03-06-2020 0 7	0	7
Time Conversion Hi, I have time format as: 2019-10-08 15:24:40.132 UTC I used eval to strip it to: 2019-10-08 15:24:40 I need to c... by mbasharat Builder in Splunk Search 03-06-2020 0 2	0	2
help on a count which is different in a subsearch versus a search hi The search below returns me 558 events `CPU` \| stats values(SITE) as SITE count(process_cpu_used_percent) as "N... by jip31 Motivator in Splunk Search 03-06-2020 0 1	0	1
Limiting Results of matching values in an array field Anyone know of a way to only return the matching values of a sub search to the string array field in the parent searc... by yepyepyayyooo New Member in Splunk Search 03-06-2020 0 4	0	4
excluding a field value from a same events How can i exclude a single value from a field which generates multiple value in the single event.for eg- if in a sing... by rajiv_r Explorer in Splunk Search 03-06-2020 0 4	0	4
How to mark difference between Two CSV Hi Guys, There is a csv which gets updated every day once with details such as- VMName Group CPU Memory Storage Pow... by shugup2923 Path Finder in Splunk Search 03-06-2020 0 4	0	4
How to add a color coded legend with text to a pie chart visualization? Hi, I need to add colour code wise legend for my Pie chart visualization in a same way that Bar/Column chart has on ... by ketan_chanana Engager in Splunk Search 03-06-2020 0 2	0	2
Comparing index sizes on 2 dates I have been asked to create an alert that looks at the index sizes (all indexes) for today, and compare them to the s... by tsheets13 Communicator in Splunk Search 03-06-2020 0 5	0	5
Time periods for query and alert Hi there!I'm running this query index="staging" \|eval raw_len=len(_raw) \| eval raw_len_gb = raw_len/1024/1024/1024 \| ... by alekseisaiko Path Finder in Splunk Search 03-06-2020 0 5	0	5