Splunk Search

Community Activity

	How to combine two indexes with Stats? Following a super helpful thread here https://answers.splunk.com/answers/129424/how-to-compare-fields-over-multiple-s... by mattfunk20 Explorer in Splunk Search 02-21-2020 0 2	0	2
	help on complex bar chart hi With the xml below, i display a complex bar chart that you can see in the screenshot I would like to modify 3 thin... by jip31 Motivator in Splunk Search 02-21-2020 0 7	0	7
	Why is the subsearch excluding inputlookup results? Good morning, Hope someone can help me out here. I am trying to get a list of IPs where hits are > 100, but I want t... by swengroeneveld Explorer in Splunk Search 02-21-2020 0 4	0	4
	Adding a Time Range (Extending to the Future) and Use it in a Timechart Hi everyone, We have logs that contain field named "var" with num data type, the value of this field changes throug... by jameldebbiche Engager in Splunk Search 02-21-2020 0 6	0	6
	Is there a sub search limit in a single search? The subject states the question.... is there a limit on how many sub search I can use within a single query. While d... by cresposh Explorer in Splunk Search 02-21-2020 0 1	0	1
	Searching for exact string match Hi , I have logs like this a) 04:55:21.8630 Info {"message":"16 A Process completed, notification displayed" b)04:... by rgjnnc New Member in Splunk Search 02-21-2020 0 5	0	5
	Basic commands with SPL Hi @all, I'm a little bit helpless at the beginning of SPLUNK. I tried to do simple queries like: Request statusc... by 123michi19 Explorer in Splunk Search 02-20-2020 0 3	0	3
	Splunkのタイムピッカーで日付範囲を指定する方法(バージョン違い) バージョン7.1.4のSplunkでタイムピッカーで日付範囲を指定した場合以下の図のように、yyyy/mm/dd 00:00:00となりますが、 yyyy/mm/dd 24:00:00で選択することは可能でしょうか。バージョン... by muto123 New Member in Splunk Search 02-20-2020 0 0	0	0
	Set dark mode as the default for an app? All, I am creating an app and was hoping to set the default to dark mode, is there a simple XML or conf file I shou... by daniel333 Builder in Splunk Search 02-20-2020 0 0	0	0
	Search query to check failed login attempt to ec2 instances Hi fellow Splunk users, I need help to set up search query (later will be saved as an alert) to check failed login a... by mufthmu Path Finder in Splunk Search 02-20-2020 0 2	0	2
	How to extract fields from the header? Hello, I would like to leave the "header.JMSDestination"="topic/testTopic/Durable-Non-Subscription/20" the la... by mklhs Path Finder in Splunk Search 02-20-2020 0 2	0	2
	Extract from dynamic values I have a dynamic set of result data which I'd like to extract when the beginning of a line is the same across multipl... by neluvasilica Explorer in Splunk Search 02-20-2020 0 13	0	13
	transaction with duplicate start events and should be taking the earliest event Hello All, I'm trying to get the duration from the transaction. The problem here is I've duplicate start events and ... by harshavmb New Member in Splunk Search 02-20-2020 0 7	0	7
	Add fields to events returned by inputlookup data with other data from the same inputlookup. I have several lookup tables containing various data types filenames hashes emails usernames etc (lookup tables are s... by livesplunkcomsk Engager in Splunk Search 02-20-2020 0 9	0	9
	Flush on search custom command not working I try to use flush on custom command and not working. I used generatetext.py from searchcommands_app and put self.fl... by rleoneti New Member in Splunk Search 02-20-2020 0 0	0	0
	syntax for outputlookup when defined in transforms.conf? I have a transforms as follows which defines a lookup [ABC] filename = ABC.csv case_sensitive_match = false Now, ... by pavanae Builder in Splunk Search 02-20-2020 0 5	0	5
	Coalesce function not working with extracted fields Hi, I am using below simple search where I am using coalesce to test. index=fios 110788439127166000 \| eval check=c... by poddraj Explorer in Splunk Search 02-20-2020 0 3	0	3
	Search performance benefit from field inclusion versus exclusion Hi all, First, I do apologise if this is clearly answered in Answers or Documentation; I have spent some time in bot... by johnjarvis Explorer in Splunk Search 02-20-2020 0 4	0	4
	How to create a regex expression to mask the input? Hi, Can someone help with regex expression to mask the below kind of pattern. I need this pattern of text to be maske... by poddraj Explorer in Splunk Search 02-20-2020 0 1	0	1
	What is the root cause of the message preventing saving a search: "Error in 'SearchParser': The search specifies a macro.." What is the root cause of the message preventing saving a search: Error in 'SearchParser': The search specifies... by landen99 Motivator in Splunk Search 02-20-2020 0 3	0	3
	Splunk Field Extraction I have indexed few sample logs in to the Splunk.. 2020-02-15T10:41:54.305Z servername.com sev="INFO" msg_details="... by cyber_castle Path Finder in Splunk Search 02-20-2020 0 2	0	2
	How to make pattern of error events? Hello, I want create a pattern for similar error message without discarding all the events.. Let's say, I have event... by marisstella Explorer in Splunk Search 02-20-2020 0 4	0	4
	help on eval field which returns any results link textHi I have an issue with the field MemoryUsageI have no results in \| eval MemoryUsage = round((TotalMemory-Fr... by jip31 Motivator in Splunk Search 02-20-2020 0 19	0	19
	Splunk Data Fabric Search(DFS) basics Data Fabric Search - DFS overview Data Fabric Search (DFS) is the new search platform that leverages the distributed ... by inventsekar SplunkTrust in Splunk Search 02-19-2020 0 2	0	2
	How to compare 2 field values and exclude matching results from the final output / count Below is my search output for the SPL i am running. ` db_1 oracle_test db2_bio oracle_890 n88888 n7777 ... by promukh Path Finder in Splunk Search 02-19-2020 0 7	0	7