Splunk Search

Community Activity

How to find events that are not splitting correctly I'm trying to determine which of my companies application logs aren't being split correctly but I'm having a hard tim... by freern New Member in Splunk Search 02-07-2020 0 6	0	6
Scheduled Searches delayed by one hour Hi, I have lately seen an issue that some scheduled alerts that contain attachments seem to get emailed to me one ho... by omuelle1 Communicator in Splunk Search 02-07-2020 0 7	0	7
how to use the rex command to extract data when we have space Hi have a scenario, where I would like to extract the field OfferCode which has space after and before the code: Off... by s0m073r Engager in Splunk Search 02-07-2020 0 16	0	16
Where can I find the "Created at" field from the "Job Manager" Hello, I have managed to locate the jobs within the Job Manager through the following search: \| rest /services/searc... by andrewtrobec Motivator in Splunk Search 02-07-2020 0 4	0	4
How to add an hyperlink icon in nav menu hi i would be able to add an icon in my nav menu which allows to open a link when i click on the icon is it possible ... by jip31 Motivator in Splunk Search 02-07-2020 0 2	0	2
Could not load lookup = lookup_table Indexer Instance Hello, I would like to request help. All searches that I do in my indexer, whether through search reporting or some ... by erlindemberg Explorer in Splunk Search 02-07-2020 0 3	0	3
How to optimize the given query without using join Hi, I need to Optimize my query to improve the dashboard performance without using any type of join function. Belo... by avni26 Explorer in Splunk Search 02-07-2020 0 4	0	4
help on eval command link texthi I use the search below which works fine as you can see i count hte number of hosts corresponding to a pr... by jip31 Motivator in Splunk Search 02-07-2020 0 3	0	3
How to color the field greater than or lower than or between? Hi Im a report, I am doing a basic count on a field \| stats values(CycleCount00) as "Cycle count" by host when "C... by jip31 Motivator in Splunk Search 02-06-2020 0 4	0	4
How can I make a field that contains a time series window group of 3 events? Is there a way I can group a window of 3 time points and add it as a field with the last two remaining being ignored?... by andrewhnguyen New Member in Splunk Search 02-06-2020 0 1	0	1
Append command not working to combine two searches with the same result but events occurred in two different timespans Hello there, Step1: user software_name dc_today dc_past A XYZ.exe 1 9 B ... by kanj New Member in Splunk Search 02-06-2020 0 1	0	1
Splunk Visualization Char counting by wrong field I have a monitoring search, that we are viewing both as a graph and when drilling in, as the events. When viewing the... by RyanDonnelly22 Explorer in Splunk Search 02-06-2020 0 1	0	1
Use fillnull to fill in different values within same field? Hi All, I am trying to use the fillnull to populate empty values within the same field with unique values. For examp... by rfranco83 New Member in Splunk Search 02-06-2020 0 4	0	4
Splunk DB Connect Connection To SQL My DB connect app is hosted on the Splunk Heavy forwarder and i need to create a connection to SQL server. I got the ... by Prakash493 Communicator in Splunk Search 02-06-2020 0 1	0	1
Can the dedup command run within props.conf? Hey everyone, I have an issue where I am ingesting data via REST API, though I am getting a lot of duplicate data i... by luck123813 Explorer in Splunk Search 02-06-2020 0 2	0	2
Receiving internal log errors I am getting these errors in my internal logs: ERROR SearchOperator:kv - Cannot compile RE \"(?:\s'[^']'\|\s"[^"]... by vpantangi Path Finder in Splunk Search 02-06-2020 0 1	0	1
using match_type wildcard in lookup not working Please any help will be appreciated. We have a lookup test_pci_asset.csv with a field nt_host values of nt_host are ... by btawiah Explorer in Splunk Search 02-06-2020 0 0	0	0
How to keyword search values in a lookup table without using field names Assume you have a lookup table and you want to load the lookup table and then search the lookup table for a value or ... by marycordova SplunkTrust in Splunk Search 02-06-2020 0 2	0	2
dedup not giving any results. I am not getting any results back using dedup search query: index=prdidx sourcetype="OUTPUT" source="http-access.l... by khandelwaly Explorer in Splunk Search 02-06-2020 0 19	0	19
How to convert epoch to human readable format at index time? I am currently monitoring a file that generates logs, but assigns the time in epoch format. Is there a way to transfo... by ricotries Communicator in Splunk Search 02-06-2020 0 5	0	5
Dedup Command information Hi, Dedup command gives recent unique values based on fields mention. I want to know these recent values are identifi... by ips_mandar Builder in Splunk Search 02-06-2020 0 2	0	2
calculate average of last 30 days below average function is not giving me the correct value for last 30 days.Kindly advise \| eval sTime=strptime(start... by thomaap New Member in Splunk Search 02-06-2020 0 5	0	5
Dashboard to query optional fields My log file is: TimeStamp=20180521095103123 Service=ABC12 User=ut1234 Id=12345678 Msg=tttttttttttttTimeStamp=2018052... by gtonti Explorer in Splunk Search 02-06-2020 1 5	1	5
list events with field changed by other field Hi, I have an index with events such as: CITY , TICKET, CREATION_DATE, OTHER METADATA FIELDS Pa... by margie68 New Member in Splunk Search 02-06-2020 0 1	0	1
How to rename dynamic column name? i have a dynamic column which is bascially today's date, but the column name is 05-02-2020 for example. i would like ... by jiaqya Builder in Splunk Search 02-06-2020 1 6	1	6