Splunk Search

Community Activity

How to find records where a field's value doesn't exist in a subsearch? I have the following two searches: 1) earliest=-4h latest=now index="main" field1="somethingA" 2) earliest=-4h lates... by saqib99 New Member in Splunk Search 01-22-2020 0 4	0	4
Field extraction I'm trying to extract fields from this event using regular expressions, Multiple times I receive the following erro... by maxitroncoso Engager in Splunk Search 01-22-2020 0 9	0	9
Extract Second field from url AbsoluteUri=https://website.api.net/hch6348/relay/6bcb449b-7d85-4f71-a6f4-fae37808627f-udcc1.crp.hs.com/script/wnbr.d... by michaelrodr Engager in Splunk Search 01-22-2020 0 5	0	5
Combining 2 queries based on a common value 1st query ns=mynamespace* app_name=A-api API=GET_INITIAL_DATA NAME=* 2nd query ns=mynamespace* app_name=B-api API=G... by angersleek Path Finder in Splunk Search 01-22-2020 0 3	0	3
Switching to Python3 in Splunk 8 I am testing my custom app, which I have converted to be compatible with python2 and python3, on a Splunk 8.0.1 insta... by rwellum Explorer in Splunk Search 01-22-2020 1 2	1	2
What is the quickest way to see if a host was ever indexed in Splunk? Hi, What's the quickest way to see if a host was ever indexed in Splunk? I don't want to do an alltime search. Wou... by a212830 Champion in Splunk Search 01-22-2020 1 5	1	5
Build table based on multiple results Hi, I have an issue and have no idea how to solve. There is a large log index. In this index are application logs a... by j0k4b0 New Member in Splunk Search 01-22-2020 0 1	0	1
Impact of Increasing the limit of stats list() from 100 to say 1,00,000 I am using stats list() for a use case. But the data I am dealing is lot more, than the limit that is set to =100 in... by ahmadshakir1952 Explorer in Splunk Search 01-22-2020 0 2	0	2
Lookup Table vs. Summary Index Hello, I need to create a table(?) to use for populating 4 dashboard dropdowns: time picker, user, user-id, and IP ad... by genesiusj Builder in Splunk Search 01-22-2020 0 12	0	12
how to update table cell results based on another rows sharing common field. Hello, In search query results some cells populate empty results for specific field. I am looking to update those em... by AKG1_old1 Builder in Splunk Search 01-22-2020 0 6	0	6
Line breaking behavior questions My propfs.conf file for my app looks like the following : [bit_fuse_log] pulldown_type = true NO_BINARY_CHECK = true... by romainbouajila Path Finder in Splunk Search 01-22-2020 0 1	0	1
iplocation is not working Hello, iplocation is not working for some IP addresses (152.89.162.133 for example) But this IP location is in the Ge... by securiteinforma Explorer in Splunk Search 01-21-2020 0 2	0	2
Splunk management server backup and restore Hello Splunkers.... I am trying to upgrade our management server from 6.6.2 to 7.3.2. I am taking backup of /opt/spl... by suryaaruna New Member in Splunk Search 01-21-2020 0 3	0	3
snap to 10 minutes Hi , I want to snap to 10 minutes. I know how to snap to an hour for example: ... \| eval _time=relative_time(_time,"@... by dadi Path Finder in Splunk Search 01-21-2020 0 3	0	3
The "precision" and "recall" shown on GUI seems wrong in Machine Learning Toolkit I tried "Predict Categorical Fields" of showcase in Machine Learning Toolkit. I calculated the "precision" and "recal... by nchinen New Member in Splunk Search 01-21-2020 0 0	0	0
Issue with strftime time function. It always adds few minutes to actual results Hi Team, I have gone through the forum but couldnt find which suits my requirement. We are trying to calculate time d... by abochare New Member in Splunk Search 01-21-2020 0 3	0	3
how to configure new string for Linux servers CPU check,how to configure string to get logs of CPU usages of Linux hosts I have index=os-icon-rhel and there are many sourcetypes are confirmed except CPU check. how to add sourcetype=CPU fo... by shobhna744 New Member in Splunk Search 01-21-2020 0 2	0	2
How to create a table with several fields and totals by each value Imagine that I have a table of results like this: Field1 Field2 Field3 Field4 Field5 Field6 Field7 Field8 Field9 1 ... by splunk_exercice New Member in Splunk Search 01-21-2020 0 1	0	1
How to index perl hash data? I have a the output of a Perl script as a Perl hash. I'm not able to run the script directly from Splunk, but would l... by cblanton Communicator in Splunk Search 01-21-2020 0 2	0	2
Sum of total files with same date Hi, I've got a search that provides a table of 60 filenames. 30 filenames with a -3 days from today's date and 30 f... by 373782073 Explorer in Splunk Search 01-21-2020 0 2	0	2
Why does the map command shows results only when the second query have value? Hi Splunkers, I have first query which produces 50 results, am using map command to run different query for each 50 ... by SathyaNarayanan Path Finder in Splunk Search 01-21-2020 0 3	0	3
How to create eval statement to get percentage from 2 fields extracted with spath on JSON data? I have a field PP that I would like to use in eval statement to get a percentage from JSON data and using spath. Her... by bwindham Path Finder in Splunk Search 01-21-2020 0 5	0	5
How do I search by unicode value? Hi, I have the following example record: 30/08/2018 13:30:27.996;VM1;ASH;AccessModule;processPacketBuffer;MSISDN;xx... by yyossef Explorer in Splunk Search 01-21-2020 0 7	0	7
Custom Index I have one specific dashboard that I monitor with 7 tiles on it, there are times when the dashboard searches auto can... by mavilla Explorer in Splunk Search 01-21-2020 0 4	0	4
Unable to access splunk web - license warnings - trial version Hi, I just installed a trial version of splunk and I am unable to access web. I see the following messages : 01-20-... by capulauser Explorer in Splunk Search 01-21-2020 0 7	0	7