Splunk Search

Community Activity

Append command not working to combine two searches with the same result but events occurred in two different timespans Hello there, Step1: user software_name dc_today dc_past A XYZ.exe 1 9 B ... by kanj New Member in Splunk Search 02-06-2020 0 1	0	1
Splunk Visualization Char counting by wrong field I have a monitoring search, that we are viewing both as a graph and when drilling in, as the events. When viewing the... by RyanDonnelly22 Explorer in Splunk Search 02-06-2020 0 1	0	1
Use fillnull to fill in different values within same field? Hi All, I am trying to use the fillnull to populate empty values within the same field with unique values. For examp... by rfranco83 New Member in Splunk Search 02-06-2020 0 4	0	4
Splunk DB Connect Connection To SQL My DB connect app is hosted on the Splunk Heavy forwarder and i need to create a connection to SQL server. I got the ... by Prakash493 Communicator in Splunk Search 02-06-2020 0 1	0	1
Can the dedup command run within props.conf? Hey everyone, I have an issue where I am ingesting data via REST API, though I am getting a lot of duplicate data i... by luck123813 Explorer in Splunk Search 02-06-2020 0 2	0	2
Receiving internal log errors I am getting these errors in my internal logs: ERROR SearchOperator:kv - Cannot compile RE \"(?:\s'[^']'\|\s"[^"]... by vpantangi Path Finder in Splunk Search 02-06-2020 0 1	0	1
using match_type wildcard in lookup not working Please any help will be appreciated. We have a lookup test_pci_asset.csv with a field nt_host values of nt_host are ... by btawiah Explorer in Splunk Search 02-06-2020 0 0	0	0
How to keyword search values in a lookup table without using field names Assume you have a lookup table and you want to load the lookup table and then search the lookup table for a value or ... by marycordova SplunkTrust in Splunk Search 02-06-2020 0 2	0	2
dedup not giving any results. I am not getting any results back using dedup search query: index=prdidx sourcetype="OUTPUT" source="http-access.l... by khandelwaly Explorer in Splunk Search 02-06-2020 0 19	0	19
How to convert epoch to human readable format at index time? I am currently monitoring a file that generates logs, but assigns the time in epoch format. Is there a way to transfo... by ricotries Communicator in Splunk Search 02-06-2020 0 5	0	5
Dedup Command information Hi, Dedup command gives recent unique values based on fields mention. I want to know these recent values are identifi... by ips_mandar Builder in Splunk Search 02-06-2020 0 2	0	2
calculate average of last 30 days below average function is not giving me the correct value for last 30 days.Kindly advise \| eval sTime=strptime(start... by thomaap New Member in Splunk Search 02-06-2020 0 5	0	5
Dashboard to query optional fields My log file is: TimeStamp=20180521095103123 Service=ABC12 User=ut1234 Id=12345678 Msg=tttttttttttttTimeStamp=2018052... by gtonti Explorer in Splunk Search 02-06-2020 1 5	1	5
list events with field changed by other field Hi, I have an index with events such as: CITY , TICKET, CREATION_DATE, OTHER METADATA FIELDS Pa... by margie68 New Member in Splunk Search 02-06-2020 0 1	0	1
How to rename dynamic column name? i have a dynamic column which is bascially today's date, but the column name is 05-02-2020 for example. i would like ... by jiaqya Builder in Splunk Search 02-06-2020 1 6	1	6
help on a query - password changed on first login on splunk Hey everyone, Im trying to come up with a way to get a table stating that, a user was created in splunk had the "Re... by rsaude Path Finder in Splunk Search 02-06-2020 0 3	0	3
How to detect not-reporting hosts? We have a large number of hosts reporting to Splunk, and sometimes (rarely), some of them stop sending events. Is the... by unitedmarsupial Path Finder in Splunk Search 02-05-2020 0 10	0	10
How to request volume per source per day (time stamped, not indexed) ? Many questions deal with indexed volume per source and per day for licence concern. My need is logs volume per source... by albasii New Member in Splunk Search 02-05-2020 0 2	0	2
Rex fields from a log fle I have the log snippet below want to extract id and hostname into 2 different fields for example in the expected ou... by rczone Path Finder in Splunk Search 02-05-2020 0 3	0	3
How to change the colour of the value based on the range in statistics table How to change the color of the value based on the range in statistics table visualization by shruthiangadi Explorer in Splunk Search 02-05-2020 0 6	0	6
To change the colour of the value in statistics table not the back ground Hi , I have a statistics table in which each column contains different value for eg: Application Name Application... by shruthiangadi Explorer in Splunk Search 02-05-2020 1 4	1	4
Need help with linebreaker for array of json objects I am indexing json files. Each file contains an array of around 1,000 json objects (with nested arrays/objects). I... by lyndac Contributor in Splunk Search 02-05-2020 0 6	0	6
How to extract an endpoint until certain value and not the complete route? Hello, I am trying to simplify a search in Splunk taking only my principal endpoints and not the detail transactions,... by dnavia29 New Member in Splunk Search 02-05-2020 0 4	0	4
tstats WHERE clause filtering on CIDR only partially filters results I have a dashboard which displays some simple "top 15" visualizations based on outbound network traffic. The base sea... by stroud_bc Path Finder in Splunk Search 02-05-2020 0 7	0	7
How to break JSON for individual values Hello, I want to break the TestTransaction inside testVal values, JSON needs to break up and show all field values i... by msrama5 Explorer in Splunk Search 02-05-2020 0 3	0	3