Splunk Search

Community Activity

Join is breaking multivalues...? It looks like a join will break multivalues. And I thought mvexpand couldn't get any more dangerous or misleading tha... by nick405060 Motivator in Splunk Search 02-02-2020 0 1	0	1
Carbon footprint for a splunk search Hi, We are about to start up a new project where the project manager need to know the carbon footprint of the work d... by JonasLind New Member in Splunk Search 02-01-2020 0 9	0	9
Cascade Table View Hello everyone, I am trying to put a table view together with no luck. The view is rather simple in theory but I can... by ylucena Explorer in Splunk Search 01-31-2020 0 1	0	1
How to combine two searches to form an alert Query 1: (sourcetype="PAYA:Enterprise:CDE:Web:App:Gateway.Bankcard" OR sourcetype="PAYA:Enterprise:CDE:Web:App:Gate... by alexrieffel Observer in Splunk Search 01-31-2020 0 3	0	3
How to remove everything after a specific character in a line Currently i am not familiar with REx and replace commands in splunk. Can someone help me here i want to replace to b... by rijinc Explorer in Splunk Search 01-31-2020 0 9	0	9
How to parse a field to use later in a table Can someone please help me parse the field of FunctionArn for the account id value ( "65123456723" in the example) f... by petersonjared Explorer in Splunk Search 01-31-2020 0 6	0	6
How to list indexers that my search head is connected to? Is there any Splunk search which lists all the active indexers that my search head can pull the data? by pavanae Builder in Splunk Search 01-31-2020 0 1	0	1
Extract a Value from a Field I have a situation where I have a defined field that has a large amount of data but I am interested in only one part ... by joshy50 New Member in Splunk Search 01-31-2020 0 3	0	3
help on eval command Hi I dont know why my eval command doesnt return any resulys `index` \| lookup tutu.csv HOSTNAME as host output SIT... by jip31 Motivator in Splunk Search 01-31-2020 0 3	0	3
Can I remove a part of a string? Hi, Is there an eval command that will remove the last part of a string. For example: "Installed - 5%" will be come... by baty0 Explorer in Splunk Search 01-31-2020 0 5	0	5
Splitting or searching a MV JSON I have a json array like: How can I search or split that? The search: index=jira "issues{}.fields.customfield_14028... by moseisleydk Path Finder in Splunk Search 01-31-2020 0 6	0	6
field extraction Hello i have this part of event : "POST /posts/posts/explore HTTP/1.0" i need to extract the part between "POST" a... by sarit_s Communicator in Splunk Search 01-31-2020 0 3	0	3
How to sort a statistics based on 2 columns I have written a command to get the timings of particular log from different servers. I want to sort it based on host... by prerana_jain Explorer in Splunk Search 01-31-2020 0 2	0	2
rename wineventlog not happening for AWS generic s3 I have downloaded and installed the splunk TA for windows and splunk aws s3 in the search head and the universal for... by dhanasekar79 New Member in Splunk Search 01-30-2020 0 2	0	2
How Can I extraxt specific string part of app logs? This is the text which is being print in our app logs : throws abc.xyz.error.AppException,java.rmi.RemoteException, w... by iqbalintouch Path Finder in Splunk Search 01-30-2020 0 1	0	1
Regex to extract a filed How can I properly extract just the client that is doing the query from the below log entries. I noticed that on some... by samble Path Finder in Splunk Search 01-30-2020 0 3	0	3
Process thread utilization over time how to find Top 10 processes per hour i need to Capture CPU, RAM, and Process threads by srikanth700 Loves-to-Learn Everything in Splunk Search 01-30-2020 0 2	0	2
What can be done when there is no date in the event? We have cases in which there is no date in the log files, meaning, only the time of the event is in the data. What ca... by danielbb Motivator in Splunk Search 01-30-2020 0 8	0	8
Is it possible to run two separate searches on a Inputlookup CSV to use the first/last X amount of results? I am looking to run two searches on a CSV, one that looks at the first 35,000 results and another that looks at the l... by UMDTERPS Communicator in Splunk Search 01-30-2020 0 5	0	5
Can I have "hidden" fields in a TableView? I want to bind an action to a click event (probably 'click:cell', but can go with 'click:row') in a TableView. That a... by arkadyz1 Builder in Splunk Search 01-30-2020 0 3	0	3
How to combine information from 2 different sources like sourcetype=eea:loghandler and lookup file Dear all I have 2 data sources: logs forwared to the server as : sourcetype=eea:loghandler and lookup definition fi... by silviuchiric76 New Member in Splunk Search 01-30-2020 0 2	0	2
How to group and visualize 2 versions of same host name Hi, Currently, I'm trying to find a way to extract the URL from this search, basically, our store has 2 versions Glo... by andreshuexes New Member in Splunk Search 01-30-2020 0 8	0	8
merge two sourcetypes that have the same data but different field names Hello, I have two sourcetypes in the same index, however the fields names are different. Is it possible to rename bo... by supersnedz Path Finder in Splunk Search 01-30-2020 0 7	0	7
Two stats on different period Hello, I have this query that return me the table below. The query : \| loadjob savedsearch="myquery" ... by tahasefiani Explorer in Splunk Search 01-30-2020 0 5	0	5
How to calculate the number of hours per month subtracting weekends? I'm looking to calculate the number of hours per month (minus Saturday and Sunday). Is there straightfoward way to ... by jcioffari Explorer in Splunk Search 01-29-2020 1 8	1	8