Splunk Search

Community Activity

Not Like function !Like I am trying to search for a server which is named differently than all the others in our network. Commonly servers ar... by navdeep1568 New Member in Splunk Search 02-13-2020 0 2	0	2
How to edit multiselect token to include a field with a null value? I have a multiselect box on a field-- modelName modelName can have different values or empty value. eg. modelName="m... by kualo Explorer in Splunk Search 02-13-2020 0 10	0	10
Create table with nested columns I am not sure what the proper terminology is for this so I have attached captures below to better illustrate my goal.... by ShaneNewman Motivator in Splunk Search 02-13-2020 1 6	1	6
Stats list removes empty strings in the search GUI \| makeresults \| eval a="1" \| append [\| makeresults \| eval b="2"] \| fillnull value="" \| stats list(a) vs. \| makeres... by nick405060 Motivator in Splunk Search 02-13-2020 0 1	0	1
How to sum multiple individual columns into a flat row I have a search that based on a lookup that is pulling names and totals over the course of a 24 hour period or week b... by eric_delac New Member in Splunk Search 02-13-2020 0 2	0	2
Splunk Report I have a enteries in logfile that has information like the following two - transaction sucessful. Request: {empName=... by runiyal Path Finder in Splunk Search 02-13-2020 0 2	0	2
Guidance needed on how to display current waiting time by shift I am really struggling on how to frame the question. In essence I need to display the duration trucks are spends wai... by PBerry7538 New Member in Splunk Search 02-13-2020 0 0	0	0
How to show table data on map using latitude & longitude? I am working on a query where I have a data in below format: How can I show these hub Ids on the map with their s... by pahujadeep Explorer in Splunk Search 02-13-2020 0 7	0	7
How to count lookup matches by the field values in the Lookup? Hi, I was given a request to use csv lists (i.e. lookups) with keyword values to find USB writes in an index where a ... by Glasses Builder in Splunk Search 02-13-2020 0 6	0	6
How to forward indexed data to RSA NetWitness? So I will start with the details of my setup. I am running a single server instance on a network of ~300 endpoints. A... by Bakerton New Member in Splunk Search 02-13-2020 0 0	0	0
Passing multiselect in Where clause I've a multiselect. <label>Grade</label> <default>9,6,7</default> <fieldForLabel>grade_name</fieldForLabel> ... by jonu4u New Member in Splunk Search 02-13-2020 0 2	0	2
Convert Date Timestamp in Lookup for Drill-down I have a dashboard that queries a Lookup file. The Lookup file contains a column containing Date Timestamps in this ... by smullins Explorer in Splunk Search 02-13-2020 0 3	0	3
How to match and obtain a fields values from subsearch based on parent search filed value and aggregate on same table Hello Friends, I am collecting an event log data from an Internal App on Windows to an Index called "pr" I have a Pr... by skylabsit Engager in Splunk Search 02-13-2020 0 5	0	5
Combining fields How to combine three fields in one field and display it as table? I need one field called emails consisting of from, ... by gagareg Explorer in Splunk Search 02-13-2020 0 3	0	3
Lookup Definition - Default Matches not working as expected Hi, I have built a lookup table, definition & automatic lookup. I've set the definition to; Min Matches - 1 Max Mat... by jackreeves Explorer in Splunk Search 02-13-2020 0 0	0	0
How to alert on license pool violation and can i trigger a search upon the violation Hi, I'm referencing this post - https://answers.splunk.com/answers/321226/how-to-create-an-alert-to-notify-me-via-em... by a212830 Champion in Splunk Search 02-13-2020 0 7	0	7
Convert time to epoch time & time zone In my index, I have a field that has been extracted for a "last checkin time". The time shown is GMT and I need to u... by willadams Contributor in Splunk Search 02-13-2020 0 2	0	2
親IDと子が持つ親IDが一致している場合に子にデータを追加する方法お世話になります。以下のようなデータがあります。 Index A（工数データ） id,issue.id,man-hour a c 2 Index B（チケットデータ） issue.id,parent.id... by 1014502 New Member in Splunk Search 02-13-2020 0 5	0	5
Add a percentage row into a chart? Hello there! I want to add a percentage row into a chart table. string: index=smsc tag=MPRO_PRODUCTION DATA="800000... by ganinurceski Engager in Splunk Search 02-12-2020 0 4	0	4
How to capture CPU Load Average shown in Windows Task manager in Splunk Hi, I am trying to create a report to capture overall CPU Load average. I have created a search query in splunk using... by sjhaider72 New Member in Splunk Search 02-12-2020 0 0	0	0
extract a string from email id from raw logs ? One of the sample log is as follows :- time="2020-02-12 13:45:37" user-name="abc12345@def-ghi-01.com" proto="HTTPS"... by pavanae Builder in Splunk Search 02-12-2020 0 5	0	5
How to find count of occurrences of each IP for the first 15 mins starting from the first occurrence of each IP ? Say I have an index A which has all the IPs logged during the day. So every event has an IP and the timestamp it was ... by sambit_kabi Path Finder in Splunk Search 02-12-2020 0 2	0	2
Searching CSV against a INTERESTING FIELDS of I have uploaded a CSV and I'm attempting to search it against a INTERESTING FIELDS of of DisplayName with any source... by bavituity New Member in Splunk Search 02-12-2020 0 1	0	1
How to calculate percentage of data which has two different values between these two values Here I have 3 fields "Status", merchantID & count. I am trying to find out the percentage of "CONFIRMED" and "REJECTE... by praddasg Path Finder in Splunk Search 02-12-2020 0 9	0	9
Regex in lookuptable Hi, Can I use a regex in a static lookup table,I want to filter some alerts that trigger frequently like Substant... by benmon Explorer in Splunk Search 02-12-2020 2 8	2	8