Splunk Search

Community Activity

	pick the last value in an array? (Apologies in advance since I am not even sure what question to ask and how to ask it. I'll rewrite it once I get a b... by mitag Contributor in Splunk Search 02-21-2020 0 4	0	4
	I am trying to use regular expression to remove the keyword %5C from my extracted filed The below is the text we are capturing Filename= &Filename=C%3A%5CUsers%5Cjbaile16%5CAppData%5CRoaming%5CDocumentum%5... by 1200125 Engager in Splunk Search 02-21-2020 0 3	0	3
	Table with with a column that contains positive and negative values. I want to sum the total of all values and have the results as a Total, but it ignores the negative values. What am I doing wrong? \| table Account "Estimated Gain_Loss" \| addcoltotals labelfield="Account" label="Totals" \| sort -"Estimated Gain_Los... by ihaveasplunkacc Loves-to-Learn Lots in Splunk Search 02-21-2020 0 3	0	3
	Calling an eval-macro Hi All, I can't put an eval before my search syntax so I am trying to use an eval-Macro called "FriendlyEval" However... by ignacm01 New Member in Splunk Search 02-21-2020 0 2	0	2
	How to combine two indexes with Stats? Following a super helpful thread here https://answers.splunk.com/answers/129424/how-to-compare-fields-over-multiple-s... by mattfunk20 Explorer in Splunk Search 02-21-2020 0 2	0	2
	help on complex bar chart hi With the xml below, i display a complex bar chart that you can see in the screenshot I would like to modify 3 thin... by jip31 Motivator in Splunk Search 02-21-2020 0 7	0	7
	Why is the subsearch excluding inputlookup results? Good morning, Hope someone can help me out here. I am trying to get a list of IPs where hits are > 100, but I want t... by swengroeneveld Explorer in Splunk Search 02-21-2020 0 4	0	4
	Adding a Time Range (Extending to the Future) and Use it in a Timechart Hi everyone, We have logs that contain field named "var" with num data type, the value of this field changes throug... by jameldebbiche Engager in Splunk Search 02-21-2020 0 6	0	6
	Is there a sub search limit in a single search? The subject states the question.... is there a limit on how many sub search I can use within a single query. While d... by cresposh Explorer in Splunk Search 02-21-2020 0 1	0	1
	Searching for exact string match Hi , I have logs like this a) 04:55:21.8630 Info {"message":"16 A Process completed, notification displayed" b)04:... by rgjnnc New Member in Splunk Search 02-21-2020 0 5	0	5
	Basic commands with SPL Hi @all, I'm a little bit helpless at the beginning of SPLUNK. I tried to do simple queries like: Request statusc... by 123michi19 Explorer in Splunk Search 02-20-2020 0 3	0	3
	Splunkのタイムピッカーで日付範囲を指定する方法(バージョン違い) バージョン7.1.4のSplunkでタイムピッカーで日付範囲を指定した場合以下の図のように、yyyy/mm/dd 00:00:00となりますが、 yyyy/mm/dd 24:00:00で選択することは可能でしょうか。バージョン... by muto123 New Member in Splunk Search 02-20-2020 0 0	0	0
	Set dark mode as the default for an app? All, I am creating an app and was hoping to set the default to dark mode, is there a simple XML or conf file I shou... by daniel333 Builder in Splunk Search 02-20-2020 0 0	0	0
	Search query to check failed login attempt to ec2 instances Hi fellow Splunk users, I need help to set up search query (later will be saved as an alert) to check failed login a... by mufthmu Path Finder in Splunk Search 02-20-2020 0 2	0	2
	How to extract fields from the header? Hello, I would like to leave the "header.JMSDestination"="topic/testTopic/Durable-Non-Subscription/20" the la... by mklhs Path Finder in Splunk Search 02-20-2020 0 2	0	2
	Extract from dynamic values I have a dynamic set of result data which I'd like to extract when the beginning of a line is the same across multipl... by neluvasilica Explorer in Splunk Search 02-20-2020 0 13	0	13
	transaction with duplicate start events and should be taking the earliest event Hello All, I'm trying to get the duration from the transaction. The problem here is I've duplicate start events and ... by harshavmb New Member in Splunk Search 02-20-2020 0 7	0	7
	Add fields to events returned by inputlookup data with other data from the same inputlookup. I have several lookup tables containing various data types filenames hashes emails usernames etc (lookup tables are s... by livesplunkcomsk Engager in Splunk Search 02-20-2020 0 9	0	9
	Flush on search custom command not working I try to use flush on custom command and not working. I used generatetext.py from searchcommands_app and put self.fl... by rleoneti New Member in Splunk Search 02-20-2020 0 0	0	0
	syntax for outputlookup when defined in transforms.conf? I have a transforms as follows which defines a lookup [ABC] filename = ABC.csv case_sensitive_match = false Now, ... by pavanae Builder in Splunk Search 02-20-2020 0 5	0	5
	Coalesce function not working with extracted fields Hi, I am using below simple search where I am using coalesce to test. index=fios 110788439127166000 \| eval check=c... by poddraj Explorer in Splunk Search 02-20-2020 0 3	0	3
	Search performance benefit from field inclusion versus exclusion Hi all, First, I do apologise if this is clearly answered in Answers or Documentation; I have spent some time in bot... by johnjarvis Explorer in Splunk Search 02-20-2020 0 4	0	4
	How to create a regex expression to mask the input? Hi, Can someone help with regex expression to mask the below kind of pattern. I need this pattern of text to be maske... by poddraj Explorer in Splunk Search 02-20-2020 0 1	0	1
	What is the root cause of the message preventing saving a search: "Error in 'SearchParser': The search specifies a macro.." What is the root cause of the message preventing saving a search: Error in 'SearchParser': The search specifies... by landen99 Motivator in Splunk Search 02-20-2020 0 3	0	3
	Splunk Field Extraction I have indexed few sample logs in to the Splunk.. 2020-02-15T10:41:54.305Z servername.com sev="INFO" msg_details="... by cyber_castle Path Finder in Splunk Search 02-20-2020 0 2	0	2