Splunk Search

Community Activity

splunk event time and timestamp on log file is not matching. splunk event time and timestamp on log file is not matching. Our log file has below entry for timestamp "2020-02-20 1... by sim_tcr Communicator in Splunk Search 02-27-2020 0 4	0	4
Correlate two events with one common field value Hello, I have some logs with a common field and I'd like to correlate them. here my first event: 26/02/2020 16:3... by mvagionakis Path Finder in Splunk Search 02-27-2020 0 3	0	3
how to pass filter token based on filter value in search query? Hi, I have below multiselect filter , based on username="ABC" , I need to display two more filters.( ip, city) And w... by avni26 Explorer in Splunk Search 02-27-2020 0 3	0	3
how to get my duration from transaction my search query is this: DESCRIPTION="sump pump" OR (DESCRIPTION="ejector pump" AND DESCRIPTION="run/stop") \| rex fi... by chookp Explorer in Splunk Search 02-27-2020 0 6	0	6
question on stats and blank values i have a table like below. cola:colb:colc:cold 1::2:3: :::: 1:2:3:4 when i do a stats , i only get non-null values i... by jiaqya Builder in Splunk Search 02-26-2020 0 8	0	8
AD user modification Hi All I have an AD Account how can i know what modifications has been done in last one month on this account from s... by risingflight143 Explorer in Splunk Search 02-26-2020 0 3	0	3
Using Eval and stats together I am trying to feed the results of (2) subsearches into and eval search. \| eval Average=data/asstes [stats sum(data)... by ianpaquette New Member in Splunk Search 02-26-2020 0 2	0	2
How to add commas into a number and make the final result a string? hi there, I need to add decimal comma separation for a long number such as 2546788 that is, 2,546,788 Then I need to ... by maximusdm Communicator in Splunk Search 02-26-2020 0 3	0	3
How to use multisearch for inputlookup tables ? please provide an example. I want to check data from two different lookup tables and relate it using multisearch command. by Uday_Gonti New Member in Splunk Search 02-26-2020 0 2	0	2
Trim string after second exclamation mark Hi, I have a field called SESSION_ID which has a value "0cdWYCu982HhTjoSYMUgnrCIW8c1apbU!1706637738!1581997108157" I ... by mandlikarbaaz Loves-to-Learn Everything in Splunk Search 02-26-2020 0 3	0	3
Metric Index problem with null values I am running Splunk Enterprise 8.0.1 monitoring files with a universal forwarder and putting info from csv files into... by drezanka Explorer in Splunk Search 02-26-2020 0 0	0	0
Compare columns in same table Hello, I have the following table: column1 column2 Andrew Andrew George George Paris Berlin I would... by carlospalma03 Engager in Splunk Search 02-26-2020 0 2	0	2
DB Connect - another "index 1 is out of range" - how to fix it? Trying to pull specific fields out of the database tables "LastContact" and listing the output with a timestamp (Last... by arimaldo Explorer in Splunk Search 02-26-2020 0 1	0	1
How do I do sparklines based on lookup table data Trying to create a sparkline from data in a lookup table monitor_user_traffic.csv has fields -user -traffic_dest_ip ... by MonkeyK Builder in Splunk Search 02-26-2020 0 3	0	3
Why Isn't My String Value (a multivalue field) Being Converted to a Number? Hello, I've checked many of the Answers pages, but to no avail. In my table, the value "appears" to be converted fro... by genesiusj Builder in Splunk Search 02-26-2020 1 2	1	2
How can I get the occurrence of a field in events as a percentage, when the field names are unknown (dynamic per event)? I have events with JSON in them and I need to know what % of the time each field appears. The fieldset in the events... by nicholmikey Explorer in Splunk Search 02-26-2020 0 4	0	4
GeoLite IPLocation discrepancy Good Afternoon everyone! We seem to be encountering a discrepancy with our IPLocation database. We're running Splun... by mbraiman Explorer in Splunk Search 02-26-2020 0 3	0	3
permissions are not granted for Office 365 Management Activity API and permissions are not granted for ThreatIntelligence Read not able to get logs into splunk regarding O365 Management activity and threatintelligence. due to this MSO365 app fo... by ashisrma New Member in Splunk Search 02-26-2020 0 0	0	0
delta command doesn't return accurate results if i have multiple delta in the search My search is index="xxx" sourcetype="yyy" topic=IN* \| stats list(message_count) as message_count by _time topic \| ... by ssyed2009 New Member in Splunk Search 02-26-2020 0 1	0	1
rex command help... Hi All, my data is like below-- I want to extract when it has string ignore numbers 853727-gcplusrspcndb01.usa.corp... by harishalipaka Motivator in Splunk Search 02-26-2020 0 6	0	6
How can I list all the scheduled searches? We have some spikes for concurrent search jobs? therefore, how can I list all the scheduled searches for a given mome... by danielbb Motivator in Splunk Search 02-26-2020 0 1	0	1
How to change the timechart x-axis label I did a timechart and span= 1w, my time range is from Jan1. 2020(Wednesday) but the label on x-axis is Mon Dec30. 201... by t900502 New Member in Splunk Search 02-26-2020 0 3	0	3
Looking for way to explain why subsearches are so slow I've seen it suggested before and definitely have witnessed myself that for searches involving any significant amount... by bcronrath Path Finder in Splunk Search 02-26-2020 0 1	0	1
change x axis value hi i plot a graph in the dashboard, the x axis is series from 1 to 2001 i want to replace 1-2001 to 500-3000 (yes, t... by erez10121012 Path Finder in Splunk Search 02-25-2020 0 0	0	0
Prevent Horizontal Overflow in TableView Hello, I am using the Splunk Web Framework TableView Component on a custom dashboard. I have enabled the "wrap" prop... by jinseong Path Finder in Splunk Search 02-25-2020 0 0	0	0