Splunk Search

Community Activity

How can you clean up an entry in rest /services/search/jobs? How do you clean out an old dashboard search entry in rest /services/search/jobs ? There is not an entry on the Jobs ... by jaburke1 Path Finder in Splunk Search 01-10-2020 0 1	0	1
Strange Splunk Search Exclusion Results Hello. I am creating a search to see when the Account_Name called "helpdesk" logs in via EventCode 4624 with Logon_Ty... by johann2017 Explorer in Splunk Search 01-10-2020 0 5	0	5
LOOKUP errors Hello, I have been receiving a "could not load lookup=LOOKUP-minemeldfeeds_dest_lookup" error and I am not sure how... by rclifford New Member in Splunk Search 01-10-2020 0 2	0	2
How do I table the average KBps for all my indexers I am using the following command which gives me what I am looking for regarding a single indexer, but I would like a ... by rholm01 Explorer in Splunk Search 01-10-2020 0 1	0	1
Linux Indexer root partition 100% full I had a previous case open on this (#1591420) but cannot seem to find it anymore. In there Joe Love validated my ide... by johnklaiber New Member in Splunk Search 01-10-2020 0 2	0	2
Extracting values (with rex) out of the last two events and concat as one string? Hey everbody I have two different evens for the same file. I need to extract the latest values and concat it to one... by amatthes Observer in Splunk Search 01-10-2020 0 2	0	2
How can i extract keywords from my log as field values for field name API's How can i extract the below block letter keywords (OrderUpdateWithAccountInfoRequest ,VinValidationRequest,GetEntitle... by Sujithkumarkb Observer in Splunk Search 01-10-2020 0 9	0	9
Filter to last value for each day Hello, I have a query like this: action="dateAccuracy" OR action="updateDate->handleEvent[dateAccuracy]" \| reverse \|... by ruhtraeel Path Finder in Splunk Search 01-10-2020 0 3	0	3
Need help in getting the value in vizualization as 0 instead of no result. Need help in getting the value in vizualization as 0 instead of no result. index=nw_syslog "FPC" \|rex field=_raw "F... by jerinvarghese Communicator in Splunk Search 01-10-2020 0 4	0	4
unable to view the events with data lab input i have created a data lab input. the query is configured to fetch the data in batch manner which runs every 30 mins. ... by sagar0907 Engager in Splunk Search 01-09-2020 0 0	0	0
rounding decmials I've tried everthing I've found but for some reason cant round the value for "%_Committed_Bytes_In_Use". different va... by dbagdanoff Explorer in Splunk Search 01-09-2020 0 5	0	5
How to read White spaces in a Field i am trying to count the White space in a Field and extract the rest of the text after 5 white spaces Input string ... by hyn New Member in Splunk Search 01-09-2020 0 3	0	3
ITSI - Some Notables Are Missing intermittently. Intermittently some notables have been missing over time where ITSI runs in a SHC env, ITSI 4.2.1 + Splunk 7.2.8 in S... by sylim_splunk Splunk Employee in Splunk Search 01-09-2020 1 2	1	2
Is there a way to limit a scheduled search by its run time? The skipped searches we have are ones that run for over an hour. Is there a way to limit by configurations the run ti... by danielbb Motivator in Splunk Search 01-09-2020 0 4	0	4
Trying to map IP address from lookup table in search Hi, I am trying to map the ip address in my search to my lookup table, and it should return me the countries of the ... by wailoont Engager in Splunk Search 01-09-2020 0 3	0	3
Example of left outer join in Splunk without using join? Please help me with a good example of Left Outer Join in Splunk without using "Join." I've seen examples of Inner Jo... by anwarmian Communicator in Splunk Search 01-09-2020 0 5	0	5
Help with limits.conf What settings should we change to increase the number of concurrent searches running .Following is the setting that w... by vrmandadi Builder in Splunk Search 01-09-2020 0 1	0	1
a button to toggle dark/light mode Adding stylesheet=dark.css does make my dashboard dark. However , not all users like dark mode. Can we have a button ... by zacksoft Contributor in Splunk Search 01-09-2020 0 1	0	1
How to aggregate results based on a set of values Hello all, I have the following query: index=someIndex "attr1"=aConstant attr2="aValue" filterCriteria="Criteria1" ... by alejandrome New Member in Splunk Search 01-09-2020 0 2	0	2
How to combine messages in a log file that match an ID into a single event ? I am currently testing forwarding logs from a file I am monitoring, but the software that generates those logs create... by ricotries Communicator in Splunk Search 01-09-2020 0 1	0	1
Splunk search throwing Job Terminated Unexpectedly Hi Team, I have a simple search with index=test which is returning 2587 events with Timeframe of Week to Date. Same ... by poddraj Explorer in Splunk Search 01-09-2020 0 0	0	0
How to construct URL How to construct the URL from the following curl command /usr/bin/curl -s -k -u user1:passwd https://splunk.ce.c... by pratapa Explorer in Splunk Search 01-09-2020 0 1	0	1
Show column depends on the role Hi Team, I have table with 10 column, but want to show the column depends on the Splunk role. Sample xml for my req... by SathyaNarayanan Path Finder in Splunk Search 01-09-2020 0 4	0	4
Multi Value Fields Extraction using Props and Transform Hi, I have log in the following format: time=12345678\|hostname=shayh\|product=blade1<>blade2<>blade3\|username:sha@gm... by shayhibah Path Finder in Splunk Search 01-09-2020 0 7	0	7
sourcetype not applying eval and field alias Hello All, i am trying to customize a sophos TA and i have an issue with EVAL and field alias. My props are like bel... by ranjitbrhm1 Communicator in Splunk Search 01-09-2020 0 1	0	1