Splunk Search

Community Activity

Construct map command query in eval statement I am having trouble constructing a search command in an Eval statement. I stripped it down to its most basic form to ... by drewg33 Engager in Splunk Search 12-19-2019 0 1	0	1
Search is waiting for input ERROR Hello, I'm having issues with some of my splunk dashboards having issues with loading. It was loading fine before, ... by harshparikhxlrd Path Finder in Splunk Search 12-19-2019 1 7	1	7
inputlookup in subsearch to filter by one column and to output back the corresponding values of another column to main search Okay so this question has never been asked or answered before so here goes...Hoping someone can assist. index="ironp... by yepyepyayyooo New Member in Splunk Search 12-19-2019 0 4	0	4
Extract fields out of plain text log file and assign it to a field name I want to extract the below values during index time 1. extract WDDZF4KB3JA469368 ,ABCDE4KB3JA469368 and so on and as... by Sujithkumarkb Observer in Splunk Search 12-19-2019 0 5	0	5
I have 6 panels on a dashboard, but can only run 3 concurrent searches. How can I overcome this limit? I have 6 panels on a dashboard, but only allow 3 concurrent searches for the user role. Using Splunk Enterprise 6.2, ... by moesaidi Path Finder in Splunk Search 12-19-2019 2 11	2	11
Left Outer join Hi, I am trying to do search based on field cardid between 2 queries and 2 different time durations, following query ... by msrama5 Explorer in Splunk Search 12-19-2019 0 1	0	1
Unknown search command 'dbquery' for non-admin users Hi, I'm getting "Unknown search command 'dbquery'" error when trying to use \| dbquery as non-admin user. I granted re... by michtek Explorer in Splunk Search 12-18-2019 0 4	0	4
String Value What search string would I use to find out what computers do NOT have a specific software. I have the Splunk TA Wind... by amorberg New Member in Splunk Search 12-18-2019 0 2	0	2
How to join events on an id and subtract values from same named field I've got two different events that have identical data points, including an id. I'd like to join the events on an id... by econstantin Engager in Splunk Search 12-18-2019 1 3	1	3
Convert HR:MIN:SEC format to 1hr:2min:3sec format Hello, I'm trying to convert my time format for the Duration seen below to a format such as 1hr 2min 30 sec display. by harshparikhxlrd Path Finder in Splunk Search 12-18-2019 0 4	0	4
Optimize rex command Hi all, I want to extract fields form log events. I have two errors patterns : EDICPP 4-1-1-0 exception: Mandator... by clementros Path Finder in Splunk Search 12-18-2019 0 5	0	5
How do I add a number to addColTotals? Here is my search query index=nonprod CFE_AppName=abc CFE_Environment=dev Appointment has been booked \| rex field=... by karunanaik Engager in Splunk Search 12-18-2019 1 2	1	2
How to combine two search results in a better way Hello, I am trying to create a query which will help me combine results from two search results by doing this: ind... by dibyaranjan3177 New Member in Splunk Search 12-18-2019 0 2	0	2
How to get the stats of multiple search string I am trying to get the stats for the search keywords. My query will list the errors by time but it wont tell me how m... by ibob0304 Communicator in Splunk Search 12-18-2019 1 2	1	2
Can anyone please help in finding percent_rank of a field Can anyone please help what could be the equivalent to SQL's "percent_Rank" command in splunk select host, count(*) ... by sahil237888 Path Finder in Splunk Search 12-18-2019 0 3	0	3
How to use docker Splunk forwarder image to forward logs to an external Splunk enterprise? I have splunk enterprise setup on a separate machine and I have an application running on another instance. Now I am... by cmittal New Member in Splunk Search 12-18-2019 0 1	0	1
Optimize rex command Hi all, I want to extract fields form log events. I have two errors patterns : * Can not convert FOO from here ... by clementros Path Finder in Splunk Search 12-18-2019 0 2	0	2
assigning repeating / rolling sequential field I am looking to have a new field that will assign a reference to each, this reference will be sequential and will rep... by ChrisCLewis Communicator in Splunk Search 12-18-2019 0 5	0	5
how to add just field name in the main result which have no result ,value just want to display the name . Hello all I want to display the field name(CNB) in the main result which has no result now but in future it ll. I ... by hrs2019 Path Finder in Splunk Search 12-18-2019 0 8	0	8
Extrapolation of data volumes after connection of new systems / predicted license costs with lookup The relevant data about the future development of CustID are read in via a lookup (new_custID.csv) based on the table... by mklhs Path Finder in Splunk Search 12-18-2019 0 3	0	3
Changing the color of comment macro We can add comments to a splunk search by using "comment" macro. However to distinguish between SPL and comment, is t... by juhisaxena28 Explorer in Splunk Search 12-18-2019 0 1	0	1
weirdness using max() and min() in eval, operating on numeric multivalue fields It seems like if you I have a numeric multivalued field, I should be able to use eval to take the max and min of the... by sideview SplunkTrust in Splunk Search 12-18-2019 2 5	2	5
How to modify a single row in a lookup file based on a particular row value? I have a CSV lookup present with 1000 rows as per the below query. sourcetype="snow:cmdb_ci_service" \| stats latest... by gndivya Explorer in Splunk Search 12-18-2019 0 1	0	1
help for calculating a trend in a table panel hello from the code below, i would like to be able to add a new colum in my table panel which calculate the percenta... by jip31 Motivator in Splunk Search 12-18-2019 0 11	0	11
Splunk Support for Active Directory: How to get results for multiple ldap host after running \|ldaptestconnection command Splunk Support for Active Directory: How to get results for multiple ldap host \| ldaptestconnection domain="my Domai... by splunk_rohitsha Engager in Splunk Search 12-17-2019 0 0	0	0