Splunk Search

Community Activity

Why cant I see some data that I was able to see before 1 month? Even if retention policy of index is 3 years Notes - Our retention policy is 3 years for that abc index. - When I exported the result of that query before 1 month... by muez Explorer in Splunk Search 03-09-2020 0 3	0	3
How to see only earliest and latest values in a field. I'm having an issue because I need to show in a report only the first ticket received by an agent and the latest one,... by franciscof Explorer in Splunk Search 03-09-2020 0 8	0	8
First and Last event of Transaction Hi, I am working on a query where I need to join some events using a transaction command in Splunk. Below is my query... by Shashank_87 Explorer in Splunk Search 03-09-2020 0 1	0	1
Props.conf when not every line has a date time Hi, i am trying to build a props.conf for the following log entry. The log is based on an sql run and so is a mixtur... by ssaenger Communicator in Splunk Search 03-09-2020 0 4	0	4
Why is /opt/splunk/var/run/searchpeers folder is filling up? Splunk dose not clean up $SPLUNK_HOME/var/run/searchpeers and this leads to filling up of /opt/splunk/ by mbagali_splunk Splunk Employee in Splunk Search 03-09-2020 0 3	0	3
regex help Hi, My sample code looks like below : Mon Mar 9 14:18:14 2020: Unknown trap (.1.1.1.1.1..1) received from hostname... by surekhasplunk Communicator in Splunk Search 03-09-2020 0 3	0	3
How to search events happened before a particular statement in the log file Hi All, I am looking for a way to display the events which appeared before a particular error is written into the lo... by mavrodiev New Member in Splunk Search 03-09-2020 0 0	0	0
help on a jointure without join command hi I use the complex search below As you can see, there i a subsearch linked with a join command I find a way to do ... by jip31 Motivator in Splunk Search 03-09-2020 0 15	0	15
Adding or removing the append command changes a previous calculated field Hi all, I'm calculating the average electrical energy consumption per produced piece from today of one of our produc... by haph Path Finder in Splunk Search 03-09-2020 0 9	0	9
Why past data is missing even if date range is inside my retention policy of that index? SPL: "(index=3y OR index=3mon) (host=x OR host=y) name="RegisteredUserLog" actionType=egg pointGet=true (platform=0 O... by muizash Path Finder in Splunk Search 03-09-2020 0 9	0	9
First event Hello, this is my query \| loadjob savedsearch="myquery" \| where (strftime(_time, "%Y-%m-%d") >= "2020-02-26") AND (... by tahasefiani Explorer in Splunk Search 03-09-2020 0 10	0	10
How to merge multiple lookup lines into one I have a table with formatted something like this: 1 John, Smith, a123, superuser, blah2 John, Smith, a123, audit use... by mhale1982 Path Finder in Splunk Search 03-08-2020 0 4	0	4
Need to get events created in last 30days Hi, I am trying to fetch splunk events that are created in last 30days for below query, by selecting time range as l... by vijaya5 Engager in Splunk Search 03-08-2020 0 2	0	2
How to find the counting based on number of values i used the following command index=ABC \| stats values(L) AS USER i need the output like below user usercou... by Ashishanand New Member in Splunk Search 03-08-2020 0 1	0	1
datetime.xml addition Hello, I have a filename that i need to extract the date from : cvs.2020-02-10.3.log I understand that a modificatio... by ranmys Loves-to-Learn in Splunk Search 03-08-2020 0 1	0	1
How to extract integer value in search from string JSON in log event I am trying to extract 'timeTaken' value from json inside a log event string in order to build a dashboard. Example ... by soshua New Member in Splunk Search 03-08-2020 0 6	0	6
Why am I getting a warning about disk space when minFreeSpace is 5000 and there's 83GB available? The disk usage is at 17% and inode usage is at 1%. The error message from Splunk Web says minFreeSpace is 5000 and f... by gregbo Communicator in Splunk Search 03-08-2020 0 3	0	3
Unseen character in wineventlog message Hi all, I have a problem when I tried to parse EventID=1 in wineventlog. The message look like this: 03/05/2020 09:0... by louismai Path Finder in Splunk Search 03-07-2020 0 3	0	3
first connexion and last connexion VPN Hello, this is my request index=juniper_vpn ID=AUT24803 ( src_user!=ANONYMOUSUSER*) \| eval src_user=upper(src_user... by numeroinconnu12 Path Finder in Splunk Search 03-07-2020 0 2	0	2
Improving performance on join I have a data feed to Splunk that contains number, state and service name. This comes in to Splunk continuously as th... by andrewwjc Engager in Splunk Search 03-07-2020 0 1	0	1
Using a subsearch in an eval line I have some requests/responses going through my system. I want to get the size of each response. The only informatio... by htkhtk Path Finder in Splunk Search 03-07-2020 2 8	2	8
Code Sample does not work well. \| makeresults \| eval _raw="Source1_field2,Count dev,6 prod,5 uat,7 qa,8" \| multikv forceheader=1 \| table Source1_fiel... by to4kawa Ultra Champion in Splunk Search 03-07-2020 0 15	0	15
How to convert the time format to UK and 24 hour time? Hello, I have a field called in_time with example output = 8/31/2018 10:21:59 PM (GMT) I'd like this time (e.g. out... by aherrington Path Finder in Splunk Search 03-07-2020 0 8	0	8
is it possible to use tokens from 2 different files together in a query? Hi all, i have been trying to use 2 tokens which are calculated from 2 different files in another query. But it is no... by anooshac Communicator in Splunk Search 03-07-2020 0 5	0	5
help on stats by hi I need to understand why I execute the first search I have much more events in "Number of CPU alerts" count than i... by jip31 Motivator in Splunk Search 03-07-2020 0 3	0	3