Splunk Search

Community Activity

SPLUNK SPL on an scenario Have 2 DB connection and i want to compare the DB1 connection HRA field keeping as primary key say here in this examp... by naliniasb Explorer in Splunk Search 01-20-2020 0 4	0	4
Using latest timestamp in another search Good afternoon! I need to do the following: 1. Using a search result that finds the last timestamp in a certain time... by krylov Explorer in Splunk Search 01-20-2020 0 3	0	3
retrieving timechart values when there are no events I am running following query in Splunk index=appName build=xyz logLevel=ERROR \| timechart span=1d count As value. if... by ashish198511 Explorer in Splunk Search 01-20-2020 1 14	1	14
clarification with indexing time and trasforfms.conf needed Hello, I would like to reduce the license consumption and therefore think of installing HF and applying filtering th... by damucka Builder in Splunk Search 01-20-2020 0 2	0	2
Is it possible to create Time chart with search with base search? I have a dashboard with the following base search: <search id="CreatedDossierCount"> <query>index="customer1-clo... by fvegdom Path Finder in Splunk Search 01-20-2020 0 2	0	2
Regex match on "message" portion of event From the splunk windows_TA guide "The following keys are equivalent to the fields which appear in the text of the ac... by montydo Explorer in Splunk Search 01-20-2020 0 2	0	2
How to write regex for a multivalue field I have a multivalue field which is got from a stats function. using mvfind function, how to write regex for this. qu... by gndivya Explorer in Splunk Search 01-20-2020 0 4	0	4
Embedded report shrinks when printing I have a webpage with a few splunk reports embedded to it using the embed option from the Embed page of splunk. Works... by salmiakki New Member in Splunk Search 01-20-2020 0 3	0	3
Matching records from 2 different indexes with a look up I have 2 indexes and need to get only a records of field that exists in both indexes. One of the index has to filter ... by sherins New Member in Splunk Search 01-20-2020 0 3	0	3
default indexes to both target group How can we forward internal,_audit ,* indexes to both target groups? In outputs.conf, create stanzas for each receiv... by ansif Motivator in Splunk Search 01-20-2020 0 2	0	2
"Capability" attribute not working in restmap.conf in Splunk. The documentation for 'restmap.conf' can be obtained here: https://docs.splunk.com/Documentation/Splunk/8.0.1/Admin/R... by zahrasidhpuri Engager in Splunk Search 01-19-2020 0 0	0	0
How to return 0 when the search has no results in time chart I am trying to see how can we return 0 if no results are found using timechart for a span of 30minutes.i tried using ... by vrmandadi Builder in Splunk Search 01-19-2020 0 7	0	7
An error occurred while rendering the page template Hi all, I'm currently getting 'An error occurred while rendering the page template. See web_service.log for more deta... by tpeisley New Member in Splunk Search 01-19-2020 0 0	0	0
How to join 2 datamodels searches with different timeranges Hi everyone, I need to join two different searches using different time ranges in the alert search. Normally the e... by fernandopaixao New Member in Splunk Search 01-19-2020 0 2	0	2
Datamodel combine search Hi Splunkers, I want to use two datamodel search in same time. My problem ; My search return Filesystem.process_id ... by burakatabay Path Finder in Splunk Search 01-19-2020 0 4	0	4
How to write conditional regex to extract field A, but if field A does not exist, then extract field B? Hi I have a problem in Splunk's regex and I can't figure it out for the life of me. I'm going to simplify my probl... by philallen1 Path Finder in Splunk Search 01-19-2020 0 13	0	13
Splunk is not recognized as internal or external command Hi I am trying to control Splunk from windows Prompt but it shows me the above statement,” SPLUNK IS NOT RECOGNIZED A... by silwalsuraj New Member in Splunk Search 01-19-2020 0 2	0	2
How to get the count of the field whose value is greater than 0 ? I have logs in Splunk which has a field named Message as Highligthed below Date = 2019-04-09 11:43:20,946 \| Level =... by minaljain New Member in Splunk Search 01-19-2020 0 3	0	3
Fillnull in outer join Hi, I require a table containing count of specific service compared between 2 time ranges. table 1 (time - now) ser... by pjtbasu Explorer in Splunk Search 01-19-2020 0 13	0	13
Working with dynamic values in rex and multivalue fields Hello all, I have been banging my head on a problem for the past 24 hours and I am in great need of your help. I am... by moystard New Member in Splunk Search 01-19-2020 0 6	0	6
rex in sed mode to replace special chartacter Good morning I need to replace special characters with a line return command but I am having difficulty getting the r... by ChrisCLewis Communicator in Splunk Search 01-19-2020 0 6	0	6
Using Rex command to extract time duration in hh:mm:ss Hello, I am trying to extract data, specifically time data in hh:mm:ss:nn format and put it on a table. When I do, I... by harshparikhxlrd Path Finder in Splunk Search 01-19-2020 0 7	0	7
How to extract multivalue fields and assigning them to dynamically named fields from same extraction using configuration instead of search time query? I can extract multi value fields from a field in events like these: 079184/Query key: ((0008,0016)) SOP Class UID [1... by jmartens Path Finder in Splunk Search 01-19-2020 0 2	0	2
join two rex results from different host and query I have two query... index=xxx_prod host="foo.org" 5032 submit \| rex "id=PO:(?<PO>\d*)" \| dedup PO \| table PO _time ... by x_tivity Engager in Splunk Search 01-18-2020 0 2	0	2
Match by rex field in subsearch I have one log like: log1 tid=,"tid":"abcd"; And another log like: log2 userid=11 tid=abcd I want to get the count ... by infcl Explorer in Splunk Search 01-18-2020 0 8	0	8