Splunk Search

Community Activity

Why is scheduler failing after upgrading a search head pool? Our search head pool nodes were recently upgraded from 6.6.1 to 7.3.0. After the upgrade, the scheduled searches have... by ekost Splunk Employee in Splunk Search 02-05-2020 1 1	1	1
How to define the starting month of the year and original quarter periods (Apr - Jun, Jul - Sept, etc) in Splunk? I’ve been trying to create a yearly/half-yearly/quarterly/monthly/weekly report by using timechart and span command. ... by okakizaki_splun Splunk Employee in Splunk Search 02-05-2020 0 3	0	3
Identify a hanging GUI (process) Problem I have a gui running as javaw.exe and I want to identify when this gui is "Not Responding" Tools I am using ... by j_star New Member in Splunk Search 02-05-2020 0 0	0	0
How to run a multi search with a dynamic calculated time frame I have an existing search that finds "RunDate" "StartTime" "EndTime" stored as part of test run summaries. The search... by lukepatrick Explorer in Splunk Search 02-05-2020 0 2	0	2
How to extract fields from windows security log? I am looking to extract fields from some windows security events. Much of the data I need ends up being in the "messa... by andrewits New Member in Splunk Search 02-05-2020 0 1	0	1
How to replace description into timechart results Splunk Enterprise 7.2.0 I have my query: index="_itrospection" component ="hostwide" \| timechart max(data.mem.mem_... by wieslaww Engager in Splunk Search 02-05-2020 0 2	0	2
Add location to IPs found in lookup or add unknown if missing So I have a string of IPs that are input and trying to figure out how to add the location on them which are stated in... by khaghsam New Member in Splunk Search 02-05-2020 0 4	0	4
How to replace whole row with null, based on if statement? Hi All, Hope you all are doing well. I was trying to setup email alert and event creation using Splunk and it was w... by niks987 Explorer in Splunk Search 02-05-2020 0 6	0	6
Field Extraction Need some suggestion for field extraction. Take this as an example: I have a file path /opt/splunk/var/log/splunk/s... by aknsun Path Finder in Splunk Search 02-05-2020 0 2	0	2
How to pass values from main search to appended subsearch I have this search: index=xxx sourcetype="yyy" earliest=01/27/2020:08:00:00 latest=01/27/2020:18:00:00 \| timechart ... by rain979 New Member in Splunk Search 02-05-2020 0 3	0	3
Is it better to use loadjob or scheduled saved search to improve dashboard performance? We're writing Simple XML dashboards that utilize summary indexes for the aggregated data, but that is getting too big... by calebwidmer Explorer in Splunk Search 02-04-2020 2 6	2	6
How do you subtract two column values in Splunk? Hi team, say i have a column like this : _time A 11pm 30 10pm 40 I have to subtract 40-30 and store in a new... by Mohsin123 Path Finder in Splunk Search 02-04-2020 0 3	0	3
How i can merge two value in one field output Hi All, How i can merge two row value in one field. i am trying with case but i am not getting the output. by hrs2019 Path Finder in Splunk Search 02-04-2020 0 6	0	6
How to format output table for an object? I have a message that consists of key-value pairs: "status=BLOCKED, identifier=123422dsd13, userId=12344, name=John" ... by alpsplunkuser Engager in Splunk Search 02-04-2020 0 3	0	3
How to get every configuration detail in the local directory of an app via rest command? Because of reasons, I need to find a way to find every customized config parameter of an app placed in the local dir.... by jdanij Path Finder in Splunk Search 02-04-2020 0 1	0	1
Capture Connected Devices Does anyone have any SPL that looks at ALL connected network devices? For example, John Doe decides he wants to conn... by itsmevic Communicator in Splunk Search 02-04-2020 0 0	0	0
tstats and a lookup I hope I explain this well. I have the following tstats search: \| tstats max(_time) AS _time WHERE index=_internal s... by chirsf Explorer in Splunk Search 02-04-2020 0 2	0	2
Duration between events - Max gap (not the start and end points) hi all . I am trying to create a map where I can look at users max duration between logins who register with us betw... by stephenreece New Member in Splunk Search 02-04-2020 0 3	0	3
How to display what values are missing in my lookup table comparing to actual data? How to display what values are missing in my lookup table comparing to actual data? Table.csv SERVER_A,DATA_A SERVER... by yuvarajvelu New Member in Splunk Search 02-04-2020 0 4	0	4
where is the custom command documentation? Lots of custom commands come with Splunk. 31 in the search app alone. I often see all of those commands and wonder... by MonkeyK Builder in Splunk Search 02-04-2020 0 6	0	6
replace function itself is not working when i did a splunk search query I have a use case where i need to pass the previously performed search query to replace the part of message with empt... by d942725 New Member in Splunk Search 02-04-2020 0 11	0	11
Pass subsearch field to parent search I am trying to pass number from subsearch to main search and find before or after 10 values of number. So if number ... by satya2p Path Finder in Splunk Search 02-04-2020 0 2	0	2
Why does my python custom reporting command work only if I use a stats command in the pipeline before? I'm trying to write a new custom search command, more specifically a reporting command. I'm using the Python SDK 1.6.... by grundsch Communicator in Splunk Search 02-04-2020 1 14	1	14
help with counting search events / output needed Hello, I need a help with counting the search results. I cannot use the following: \| stats count as Total because... by damucka Builder in Splunk Search 02-04-2020 0 2	0	2
How do I send syslog data to nullQueue from a single source IP but multiple destination IPs? I am receiving Syslog data from the firewall and I would like to send a subset of it to the nullQueue. The issue I am... by scottrunyon Contributor in Splunk Search 02-04-2020 0 3	0	3