Splunk Search

Community Activity

What's the best easter egg in Splunk 4.2? I think the title says it all. by amrit Splunk Employee in Splunk Search 02-10-2020 6 6	6	6
Removing values from a field how to remove values from fields highlighted in red index=main \| eval description=case(status == 200, "OK", status ... by gagareg Explorer in Splunk Search 02-10-2020 0 4	0	4
Outer Join not working I have data in a CSV called 25_million_Linie_Rule.csv (example below) host,source,count "INTERFACES_BUILD","/hp547s... by robertlynch2020 Influencer in Splunk Search 02-10-2020 0 5	0	5
Different element between two stats values() lists search made before ...\| stats values(user) as AllUsers, values(usr_mod) as ModifiedUsers And it returns two lists ... by rsaude Path Finder in Splunk Search 02-10-2020 0 17	0	17
How do I show full series name while mouse over on the legend? Hello, I have a line chart with multiple series in my dashboard. The series names are quite long, so they cut in the... by damucka Builder in Splunk Search 02-10-2020 0 0	0	0
Subtract One Field from Another Hi guys, I'm having trouble making a simple subtraction (well, I thought it would be simple!). Field1 is a number in... by driva Path Finder in Splunk Search 02-09-2020 0 2	0	2
What's the easiest way to return a multivalue result containing the values that are present in two multivalues? Hello, Working with Splunk 7.3.2. I have two multivalues that have a set of values in common: \| makeresults \| eval... by andrewtrobec Motivator in Splunk Search 02-09-2020 0 2	0	2
BREAK_ONLY_BEFORE_DATE=TRUE seems to not be working A custom web application produces logs in the tomcat format like this: 2020-01-31 18:19:02,091 DEBUG [com.vendor.mak... by mitag Contributor in Splunk Search 02-09-2020 0 7	0	7
Arithmetic on multi field values I am new to Splunk, and I need to perform arithmetic on some multi-field values. What is the best way to do this? H... by rtakatsuka Engager in Splunk Search 02-08-2020 0 1	0	1
How to sum the percentage of this two value in the table and rename it as X and show it in the table next to other values?! As you can see in the picture there is 2 value (ChargeInProgress & Charging) which I know they are same (but whit the... by aryamehr360 New Member in Splunk Search 02-08-2020 0 10	0	10
How to extract data I want to know how to take data from multiple data sources by ID. The following is an example of a data source. A Dat... by 1014502 New Member in Splunk Search 02-07-2020 0 4	0	4
can't use a field with special characters in search --> _@timestamp I have a field named '_@timestamp' in my data. When i search for this field, the result doesn't show up. May be becau... by pavan_injarapu Explorer in Splunk Search 02-07-2020 0 6	0	6
plot rate of change This seems like such an elementary use of splunk, I can't believe I've spent days researching this to no avail. I've... by jgc94131 Explorer in Splunk Search 02-07-2020 1 7	1	7
Search fieldsummary values for search keyword Hello, I have query below and want to search by filterstring from fieldsummary values and return all values which mat... by msrama5 Explorer in Splunk Search 02-07-2020 0 1	0	1
Logs aren't coming in, forward servers are listed as inactive I have very little experience with splunk, and am on a time crunch, so a bit of patience for my ignorance would be aw... by happycaptain Loves-to-Learn in Splunk Search 02-07-2020 0 2	0	2
How to find events that are not splitting correctly I'm trying to determine which of my companies application logs aren't being split correctly but I'm having a hard tim... by freern New Member in Splunk Search 02-07-2020 0 6	0	6
Scheduled Searches delayed by one hour Hi, I have lately seen an issue that some scheduled alerts that contain attachments seem to get emailed to me one ho... by omuelle1 Communicator in Splunk Search 02-07-2020 0 7	0	7
how to use the rex command to extract data when we have space Hi have a scenario, where I would like to extract the field OfferCode which has space after and before the code: Off... by s0m073r Engager in Splunk Search 02-07-2020 0 16	0	16
Where can I find the "Created at" field from the "Job Manager" Hello, I have managed to locate the jobs within the Job Manager through the following search: \| rest /services/searc... by andrewtrobec Motivator in Splunk Search 02-07-2020 0 4	0	4
How to add an hyperlink icon in nav menu hi i would be able to add an icon in my nav menu which allows to open a link when i click on the icon is it possible ... by jip31 Motivator in Splunk Search 02-07-2020 0 2	0	2
Could not load lookup = lookup_table Indexer Instance Hello, I would like to request help. All searches that I do in my indexer, whether through search reporting or some ... by erlindemberg Explorer in Splunk Search 02-07-2020 0 3	0	3
How to optimize the given query without using join Hi, I need to Optimize my query to improve the dashboard performance without using any type of join function. Belo... by avni26 Explorer in Splunk Search 02-07-2020 0 4	0	4
help on eval command link texthi I use the search below which works fine as you can see i count hte number of hosts corresponding to a pr... by jip31 Motivator in Splunk Search 02-07-2020 0 3	0	3
How to color the field greater than or lower than or between? Hi Im a report, I am doing a basic count on a field \| stats values(CycleCount00) as "Cycle count" by host when "C... by jip31 Motivator in Splunk Search 02-06-2020 0 4	0	4
How can I make a field that contains a time series window group of 3 events? Is there a way I can group a window of 3 time points and add it as a field with the last two remaining being ignored?... by andrewhnguyen New Member in Splunk Search 02-06-2020 0 1	0	1