Splunk Search

Community Activity

	Join only returns 1 value The search below looks up a serial number in another index, there will be multiple values to "x", but currently it on... by arrowecssupport Communicator in Splunk Search 02-28-2020 0 4	0	4
	My search is slow. I was wondering how should I convert my search into a macro? My search is running slow. I have a live dashboard and it is populated by a query in my search. I am new to Splunk bu... by bmendez0428 Explorer in Splunk Search 02-28-2020 0 1	0	1
	Need help in some time conversion HI all, Need help in getting below code adjust to get the value as expected. index=nw_syslog "DDOS_PROTOCOL_VIOLATI... by jerinvarghese Communicator in Splunk Search 02-28-2020 0 2	0	2
	Does the Windows TA nullify the Windows field called Error Code? It's similar to Windows TA not Parsing "Error_Code" from 4776 Logs My take on that is - The TA does the following -... by danielbb Motivator in Splunk Search 02-28-2020 0 0	0	0
	How to populate a null field if certain field equals *** Hi Folks Have an issue where some of my log entries contain null fields in which i need to populate in order to run ... by smithjnick Path Finder in Splunk Search 02-28-2020 0 6	0	6
	Cant generate proper table with percentage and BY clause together Hi! First question and relative newbie, so bear with me!  I created below query to show the number of missing server... by martinmasif Explorer in Splunk Search 02-28-2020 0 4	0	4
	Is it possible to get more than 90days logs in splunk ? I need to get the logs which are older than 90days in splunk but our retention policy is 90days only. So, If it is po... by chandu141084 New Member in Splunk Search 02-28-2020 0 4	0	4
	Break individual events from json array Hello, I have been working on breaking events which come from the Splunk Rest api addon output. Default "_json" sour... by dvarghes Explorer in Splunk Search 02-28-2020 0 5	0	5
	Alert if there are no logs (by host and by sourcetype) Hello, We scheduled a search that alerts us if we do not receive logs from any of our hosts since >5 minutes. It loo... by woodentree Communicator in Splunk Search 02-28-2020 0 7	0	7
	NULLの場合に他のフィールドの値を代入したいお世話になります。以下のようなデータがあります。 issue.id,Key 1111 2222 null 3333 issue.idがNUｌｌの場合Keyの値をissue.idに代入したいのですが、どのようにすればよろしいでしょ... by 1014502 New Member in Splunk Search 02-27-2020 0 2	0	2
	How to remove unfinished buckets from "bin" command I am using a bin command on _time field to have 10 minute sections of data. Like below: \|bin _time span=10m minspan=... by rohitmaheshwari Explorer in Splunk Search 02-27-2020 0 1	0	1
	Why is disk used in my SEARCH HEAD too high? I can check that 80% of my disk is used in my Search Head. How to decrease it and what exactly is taking up space? Th... by muez Explorer in Splunk Search 02-27-2020 0 2	0	2
	Getting counts of each search result over time I am trying to determine a way to search for user logins over time to get an idea of application usage. If I have a ... by chadwell Explorer in Splunk Search 02-27-2020 0 2	0	2
	Help with props.conf with lookup? All, I have a lookup, which I in turn want to do a couple aliases on. But doesn't seem to work. I get clienthost ba... by daniel333 Builder in Splunk Search 02-27-2020 0 3	0	3
	How to mask a password in a log coming from an HTTP Event Collector I am trying to mask a password that is inside a log coming from HTTP Event Collector. I configure my props.conf with... by dnavia29 New Member in Splunk Search 02-27-2020 0 8	0	8
	iplocation.py file missing from $SPLUNK_HOME/etc/apps/search/bin/ Hello Eveyone, I am trying to use iplocation command to search for ip address info within my network. My search is as... by rahulkumarfgf Explorer in Splunk Search 02-27-2020 0 5	0	5
	What is the most elegant way to convert from float to currency in SPL? Miraculously in 2020 there still hasn't been a Splunk Answer that details an elegant way to convert from float to cur... by nick405060 Motivator in Splunk Search 02-27-2020 0 1	0	1
	Alternative solution for join with bad performance I need to do a search on multiple indexes/events and need to do a join on different fields from both. Below query wor... by amdhindsa New Member in Splunk Search 02-27-2020 0 3	0	3
	Can't get my chart to sort Here is my query index="myIndex" AND host="myHost" AND ObjectName="myObjectName" \| eval secondsEpoch = GroupDateTim... by peterimbery Engager in Splunk Search 02-27-2020 0 2	0	2
	Routing the data to a different Index via Regex Hello, We have a source ABC sending us logs and are being stored inside an index called all_logs. From that source, ... by shiv1593 Communicator in Splunk Search 02-27-2020 0 3	0	3
	How to replace a dynamic string in an event? I want to replace a dynamic string in an event.. Example: error occurred from the server ABCXYZ12345ABCXYZ under lend... by marisstella Explorer in Splunk Search 02-27-2020 0 11	0	11
	is it possible to use json file with csv lookup file? Hi all, i have used csv lookup file to csv files to map the values . Can i use json file instead of csv file to map t... by anooshac Communicator in Splunk Search 02-27-2020 0 5	0	5
	splunk event time and timestamp on log file is not matching. splunk event time and timestamp on log file is not matching. Our log file has below entry for timestamp "2020-02-20 1... by sim_tcr Communicator in Splunk Search 02-27-2020 0 4	0	4
	Correlate two events with one common field value Hello, I have some logs with a common field and I'd like to correlate them. here my first event: 26/02/2020 16:3... by mvagionakis Path Finder in Splunk Search 02-27-2020 0 3	0	3
	how to pass filter token based on filter value in search query? Hi, I have below multiselect filter , based on username="ABC" , I need to display two more filters.( ip, city) And w... by avni26 Explorer in Splunk Search 02-27-2020 0 3	0	3