Splunk Search

Community Activity

validate access to knowledge object Good afternoon I am trying to perform an audit of the environmental lookups and I need to know if there is any query... by efaundez Path Finder in Splunk Search 02-25-2020 0 1	0	1
How to search and isolate any multifields that equal true Hi all, I am racking my brains on this one. The business has built field names containing years and volumes in the... by stephenreece New Member in Splunk Search 02-25-2020 0 3	0	3
How to only keep the rows related with process Hello, in the below data I have a lot of processes and the ParentProcesses of them. I would like to keep only the ro... by vpaschalidis Loves-to-Learn in Splunk Search 02-25-2020 0 11	0	11
Lookup vs join with inputlookup We were testing performance and for some reason a join with an inputlookup is faster than a direct lookup. Sample que... by sboogaar Path Finder in Splunk Search 02-25-2020 0 2	0	2
How to export the key and values in a CSV format cf_app_id: ***************88 cf_app_name: *******888 cf_ignored_app: false cf_org_id: *************8... by harishhari390 New Member in Splunk Search 02-25-2020 0 1	0	1
Splunk Query provided wrong results Hello, Splunk query provided in correct responses. I have A query which filters the data on a specific day and prov... by Gowtham0809 New Member in Splunk Search 02-25-2020 0 6	0	6
Why is conditional stats count not working with basic example? The following query is pulled directly from the Splunk documentation and for whatever reason always returns 0, even w... by Cuyose Builder in Splunk Search 02-25-2020 0 3	0	3
lookup table question Hello everyone. Question: I'm periodically given a .csv file provided to me from a team in my company.I need to cre... by shandman Path Finder in Splunk Search 02-25-2020 0 1	0	1
Field extraction for Log File Entries with Pipe delimiters Hi, I have a log file I am monitoring. Log file entries have pipe delimited field entries as below: LE Variation 1:... by mbasharat Builder in Splunk Search 02-25-2020 0 6	0	6
How to calculate percentage based on 2 different searches? Greetings to the pro's, I have 2 panels, one brings me the Total Active Hosts and the other brings me the Total Host... by albinortiz Engager in Splunk Search 02-25-2020 0 11	0	11
Lookup file data in a search string Hi , I have following search string , where Username field is extracted using rex command . Now I want to use a loo... by rashi83 Path Finder in Splunk Search 02-25-2020 0 1	0	1
Compare Lines in a Single Field Hello All, Is there a way in a Splunk search to iterate through a multiline field and do stats on each value/each l... by airalee New Member in Splunk Search 02-25-2020 0 4	0	4
How to extract values from my sample log? Hi can you help us to extract values from log like ACTION, URI and response_time i used extract kvdelim=":" pairdeli... by rajgowd1 Communicator in Splunk Search 02-25-2020 0 16	0	16
Line chart group by month Hi, I am sorry I am very new to the splunk and I am struggling with the results I want to get. I have a query that pr... by andy222 New Member in Splunk Search 02-25-2020 0 2	0	2
wanna show the of the job as it is untill its changes its status Hi Team I have following details One of autosys job is running for 20 hours with the status recording in the logs a... by pench2k19 Explorer in Splunk Search 02-25-2020 0 19	0	19
Displaying unwanted user names on the output Below is my code and I want to display only "Druv" Failed logins. But, I see the user name 'None' , 'Karla' and other... by brpsingara Explorer in Splunk Search 02-25-2020 0 2	0	2
Compare two different tables from different sources and get the matching and non matching Hi All, Hope you all are doing good. I have to check 2 table from different sources and get a new table where its s... by niks987 Explorer in Splunk Search 02-25-2020 0 2	0	2
INGEST_EVAL field returning no results Hello i have this configuration in transforms.conf: [adjust_flight_fields] INGEST_EVAL = flight_id=Designato... by sarit_s Communicator in Splunk Search 02-24-2020 0 13	0	13
reverse wildcard lookup from event field in index Hello Everyone I am trying to see if i can pass an event field over to a lookup attached with a wildcard (reverse l... by luck123813 Explorer in Splunk Search 02-24-2020 0 0	0	0
Eval Time_Diff I am having trouble getting a result to appear for the below query. I am trying to produce a column showing time_dif... by cglowjr New Member in Splunk Search 02-24-2020 0 4	0	4
To what degree does chaining (or nesting) automatic lookups actually work? Example: Say I have two lookups A and B. Let's say they're both file-based lookups (even though I don't think it act... by sideview SplunkTrust in Splunk Search 02-24-2020 2 1	2	1
How do I fine tune my custom scoring system? \| inputlookup scanner_visibility.csv \| lookup visibility_blue.csv Acronym AS application local=t OUTPUTNEW "Risk Scor... by UMDTERPS Communicator in Splunk Search 02-24-2020 0 2	0	2
Using the value of a subsearch in main search I am trying to create a search that gets the top value of a search and saves it to a variable: \| eval top=[\| eval MB... by tomscott21 Engager in Splunk Search 02-24-2020 0 6	0	6
Subsearch assistance - feel like I'm close I have ldap logs that give me events that look like this: Feb 21 13:13:22 ldap.foo.com slapd[28026]: conn=15306 fd=1... by erinmichaud New Member in Splunk Search 02-24-2020 0 10	0	10
need help to hold the status of a job from an event and make it count till next status change event and show it in the timechart Hi Ninjas, I have following sample events in splunk. [02/18/2020 10:47:15.1318] CAUAJM_I_40245 EVENT: CHANGE_STATUS... by pench2k19 Explorer in Splunk Search 02-24-2020 0 20	0	20