Splunk Search

Community Activity

pass value of field from one search to another when using appendpipe I have a below search query: \| inputlookup splunk_report_test.csv \| where report_type="upcoming_offers" \| looku... by nagar57 Communicator in Splunk Search 01-15-2020 0 3	0	3
how to avoid breaking event order of multi value field Hi community, I am wondering, how can i keep the data of multi value field based in the order it happened, when show... by sharif_ahmmad Explorer in Splunk Search 01-14-2020 0 4	0	4
How to returns 0 or null if no results with tstats over time? First of all, I apologize if I missed the answer somewhere and for my bad english. I try to supervise my hosts, inde... by nrodrigues Engager in Splunk Search 01-14-2020 0 1	0	1
Filter multisearch results after matching on _time Definitely a noob, and I must be missing something simple... I have two log files reporting the same error at similar... by pholderness New Member in Splunk Search 01-14-2020 0 4	0	4
Search result Not consistent Hello Folks, I am new to splunk SDK and i am trying to write a code that search and return a search result from the ... by balesh New Member in Splunk Search 01-14-2020 0 0	0	0
There are a list of apps present on shcluster , how to check if any knowledge objects are associated/mapped to each apps? I have multiple apps on shcluster, "/application/splunk/etc/shcluster/apps" . I need to check if there are any Knowle... by Nilesh3110 Explorer in Splunk Search 01-14-2020 0 6	0	6
How to use rex to perform field extraction from the end of the field as opposed to the beginning I want to extract the top level domain from the CN field of a certificate in Splunk. The CN field may have multiple ... by thomas_porter Explorer in Splunk Search 01-14-2020 0 3	0	3
Index feed is having low throughput Dear All, I am a SplunkAdmin and we are facing significant data low throughput in some of the indexes. There are man... by EHariharan Explorer in Splunk Search 01-14-2020 0 2	0	2
Is it possible to run a search within an eval if statement? Hello, I am wondering if it possible to do a search within an "if" statement. I have tried what I have in the searc... by WoolarCJ New Member in Splunk Search 01-14-2020 0 6	0	6
Splunk Other category when group by Hi, I have saved search below Queryone and want to classify anything not falling under regx pattern for APIFamily in ... by msrama5 Explorer in Splunk Search 01-14-2020 0 4	0	4
Splunk group by value with pattern matching I have saved search below FirstQuery which group by values with pattern matching and want to classify anything not fa... by msrama5 Explorer in Splunk Search 01-14-2020 0 1	0	1
Search query: Unique values based on time Hi Community, I'm using the search query to search for the user activity and I get the results with duplicate rows wi... by siddharth1479 Path Finder in Splunk Search 01-14-2020 0 17	0	17
Create a query to compare Asset Inventory to see if an Asset exists between data pushes? I am trying to create a dashboard that will showcase, between data pulls, the assets that no longer exists in the ind... by dscott10 New Member in Splunk Search 01-14-2020 0 0	0	0
Convert a string in ISO 8601 to local time zone (accounting for DST) I have a string from a complex JSON event providing an ISO 8601 date/time in UTC. I want to convert it to the local t... by jkotula New Member in Splunk Search 01-14-2020 0 8	0	8
How to run a parameterized map command as a savedsearch report? Hi everyone, I have the following dummy search saved as a report: \| makeresults count=1 \| eval test="Hello" \| map ... by bojanjanisch New Member in Splunk Search 01-14-2020 0 1	0	1
Timechart mouse over Is it possible to have a mouse over hover in a dashboard with several timecharts that will highlight the exact time o... by ialahdal Path Finder in Splunk Search 01-14-2020 1 1	1	1
Return value based on missing field I want to make a search that will return a count of session_id based on the following fields logged_out, logged_in I ... by ialahdal Path Finder in Splunk Search 01-14-2020 0 4	0	4
regex field extraction I have an event that is in an HTML tag format, I'd like to extract data within it in a specific manner, as follows: <... by ialahdal Path Finder in Splunk Search 01-14-2020 0 2	0	2
[help]eval expression for dynamic field is invalid Hi Team, I have below appendpipe clause \| appendpipe [\| eventstats first(eval("step3".mvindex(list_behavio... by cheriemilk Path Finder in Splunk Search 01-14-2020 0 1	0	1
Query - SPlunk _internal Index Hi, I was trying to get amount of data getting indexed in particular index per day and analyze it as a trend. I used... by rupeshn Explorer in Splunk Search 01-13-2020 0 4	0	4
How to search any column and count if a search string is matched I have a saved search of the following format ServerName Metric1 Metric2 Metric3 Metric4 Server1 Error Erro... by mgbersales Loves-to-Learn in Splunk Search 01-13-2020 0 1	0	1
Working out % change of field value based on events logged 1 day apart Hi, Apologies for the unclear title. I could not think of a logical description for the problem statement. I have cr... by 373782073 Explorer in Splunk Search 01-13-2020 0 4	0	4
How to find missing values from a field Hi, My database has two data sources. Data source 1 sends a string with a list of expected values, so the field mig... by wkelsey Explorer in Splunk Search 01-13-2020 0 11	0	11
Combine stats count results Hello all, I feel kind of dumb even asking this question, but I've been up and down these forums looking for an answe... by myoung54 Explorer in Splunk Search 01-13-2020 0 2	0	2
Splunk not sorting Dates properly across year 1/5/2020 1/12/2020 6/16/2019 6/23/2019 6/30/2019 7/7/2019 7/14/2019 7/21/2019 7/28/2019 8/4/2019 8/11/2019 8/18/2019 ... by reverse Contributor in Splunk Search 01-13-2020 0 5	0	5