Splunk Search

Community Activity

Compare data between 2 indexes Hi i am using below query to get the results for Ip index=shinken sourcetype=shinken_alarms Level=HARD Status!=UP S... by surekhasplunk Communicator in Splunk Search 01-23-2020 0 0	0	0
len(-5d@d) I am trying to solve a query and I came across a time modifier with len() function. I did not understand the behavior... by yasaswinipotta New Member in Splunk Search 01-23-2020 0 2	0	2
Updating eventgen.conf requires a Splunk restart Hi, I am playing around with SA-Eventgen to generate data in a Dev environment but I find if I make a change to the ... by newportknight Loves-to-Learn in Splunk Search 01-23-2020 0 3	0	3
Pass value to subsearch with inputlookup Hi, perhaps it is the wrong approach, but i try to use an inputlookup within a search and pass a value to this subse... by tdoSplunk Path Finder in Splunk Search 01-23-2020 0 6	0	6
Find Difference between multiple events TransID AppName timestamp Messagge 1 App1 2019-12-16 18:18:43.731 +0000 Message…… 1 App1 2019-1... by rkmaggidi New Member in Splunk Search 01-23-2020 0 2	0	2
Lookups and Wildcard Entries I'm currently setting up an alert using a CSV lookup file with wildcard entries. I followed the instructions provided... by pwguinto New Member in Splunk Search 01-23-2020 0 2	0	2
indexのrententionの仕様について。,indexのRetention (days)の仕様について。 DBConectデータを取り込んだところ、 indexのrententionは一日（a day ago）にもかかわらず、５日分保持されております。 splunk cloudではrentention以上の期間を保持するものでしょうか。... by suzuki_caica New Member in Splunk Search 01-23-2020 0 0	0	0
Predefined Group What is the best way to define a "group" of ip subnets called server_subnet then use that in searches. I have about ... by balcv Contributor in Splunk Search 01-22-2020 0 1	0	1
Is there a way to search and list all attributes from a data model? Is there a way to search and list all attributes from a data model in a search? For example if my data model consists... by spammenot66 Contributor in Splunk Search 01-22-2020 0 5	0	5
Specified driver could not be loaded due to system error 126: The specified module could not be found. (Splunk ODBC Driver, C:\Program Files\Splunk ODBC Driver\lib\SplunkDSII.dll). Hi, I am trying to connect to Splunk from tableau and getting the attached error. All the drivers are present in the ... by rtrived New Member in Splunk Search 01-22-2020 0 1	0	1
Can All-In-One be set as a search peer? Hello! Can All-In-One be set as a search peer? Although the status is set to UP when set, the search returns 0 resu... by HiroshiSatoh Champion in Splunk Search 01-22-2020 0 4	0	4
How to hide title space of a Table? I want to hide the blank space acquired by a TABLE TITLE as my table title is empty and occupying extra space on the ... by nagar57 Communicator in Splunk Search 01-22-2020 1 3	1	3
How to find time difference between below time formats? New_Time=2020‎-‎01‎-‎22T03:17:36.385000000Z Previous_Time=2020‎-‎01‎-‎22T03:17:36.388208200Z I tried below query and... by manurajrajappan New Member in Splunk Search 01-22-2020 0 5	0	5
Two dashboards values in single value panel should equal to third dashboard Hello Experts I have 3 dashboards basically. Board 1 represents total login attempts for an hour (including succes... by gopiven Explorer in Splunk Search 01-22-2020 0 4	0	4
Transaction includes non-relevant events? Why does transaction group irrelevant events together with relevant ones? What am I doing wrong? Sample Postfix log ... by mitag Contributor in Splunk Search 01-22-2020 0 12	0	12
Virtual index causing metadata command to error out for other sourcetypes Without a virtual index enabled, running \| metadata type=sourcetypes index=* will return correctly.Adding a virtual i... by hortonew Builder in Splunk Search 01-22-2020 0 6	0	6
How to find records where a field's value doesn't exist in a subsearch? I have the following two searches: 1) earliest=-4h latest=now index="main" field1="somethingA" 2) earliest=-4h lates... by saqib99 New Member in Splunk Search 01-22-2020 0 4	0	4
Field extraction I'm trying to extract fields from this event using regular expressions, Multiple times I receive the following erro... by maxitroncoso Engager in Splunk Search 01-22-2020 0 9	0	9
Extract Second field from url AbsoluteUri=https://website.api.net/hch6348/relay/6bcb449b-7d85-4f71-a6f4-fae37808627f-udcc1.crp.hs.com/script/wnbr.d... by michaelrodr Engager in Splunk Search 01-22-2020 0 5	0	5
Combining 2 queries based on a common value 1st query ns=mynamespace* app_name=A-api API=GET_INITIAL_DATA NAME=* 2nd query ns=mynamespace* app_name=B-api API=G... by angersleek Path Finder in Splunk Search 01-22-2020 0 3	0	3
Switching to Python3 in Splunk 8 I am testing my custom app, which I have converted to be compatible with python2 and python3, on a Splunk 8.0.1 insta... by rwellum Explorer in Splunk Search 01-22-2020 1 2	1	2
What is the quickest way to see if a host was ever indexed in Splunk? Hi, What's the quickest way to see if a host was ever indexed in Splunk? I don't want to do an alltime search. Wou... by a212830 Champion in Splunk Search 01-22-2020 1 5	1	5
Build table based on multiple results Hi, I have an issue and have no idea how to solve. There is a large log index. In this index are application logs a... by j0k4b0 New Member in Splunk Search 01-22-2020 0 1	0	1
Impact of Increasing the limit of stats list() from 100 to say 1,00,000 I am using stats list() for a use case. But the data I am dealing is lot more, than the limit that is set to =100 in... by ahmadshakir1952 Explorer in Splunk Search 01-22-2020 0 2	0	2
Lookup Table vs. Summary Index Hello, I need to create a table(?) to use for populating 4 dashboard dropdowns: time picker, user, user-id, and IP ad... by genesiusj Builder in Splunk Search 01-22-2020 0 12	0	12