Splunk Search

Community Activity

Optimize rex command Hi all, I want to extract fields form log events. I have two errors patterns : EDICPP 4-1-1-0 exception: Mandator... by clementros Path Finder in Splunk Search 12-18-2019 0 5	0	5
How do I add a number to addColTotals? Here is my search query index=nonprod CFE_AppName=abc CFE_Environment=dev Appointment has been booked \| rex field=... by karunanaik Engager in Splunk Search 12-18-2019 1 2	1	2
How to combine two search results in a better way Hello, I am trying to create a query which will help me combine results from two search results by doing this: ind... by dibyaranjan3177 New Member in Splunk Search 12-18-2019 0 2	0	2
How to get the stats of multiple search string I am trying to get the stats for the search keywords. My query will list the errors by time but it wont tell me how m... by ibob0304 Communicator in Splunk Search 12-18-2019 1 2	1	2
Can anyone please help in finding percent_rank of a field Can anyone please help what could be the equivalent to SQL's "percent_Rank" command in splunk select host, count(*) ... by sahil237888 Path Finder in Splunk Search 12-18-2019 0 3	0	3
How to use docker Splunk forwarder image to forward logs to an external Splunk enterprise? I have splunk enterprise setup on a separate machine and I have an application running on another instance. Now I am... by cmittal New Member in Splunk Search 12-18-2019 0 1	0	1
Optimize rex command Hi all, I want to extract fields form log events. I have two errors patterns : * Can not convert FOO from here ... by clementros Path Finder in Splunk Search 12-18-2019 0 2	0	2
assigning repeating / rolling sequential field I am looking to have a new field that will assign a reference to each, this reference will be sequential and will rep... by ChrisCLewis Communicator in Splunk Search 12-18-2019 0 5	0	5
how to add just field name in the main result which have no result ,value just want to display the name . Hello all I want to display the field name(CNB) in the main result which has no result now but in future it ll. I ... by hrs2019 Path Finder in Splunk Search 12-18-2019 0 8	0	8
Extrapolation of data volumes after connection of new systems / predicted license costs with lookup The relevant data about the future development of CustID are read in via a lookup (new_custID.csv) based on the table... by mklhs Path Finder in Splunk Search 12-18-2019 0 3	0	3
Changing the color of comment macro We can add comments to a splunk search by using "comment" macro. However to distinguish between SPL and comment, is t... by juhisaxena28 Explorer in Splunk Search 12-18-2019 0 1	0	1
weirdness using max() and min() in eval, operating on numeric multivalue fields It seems like if you I have a numeric multivalued field, I should be able to use eval to take the max and min of the... by sideview SplunkTrust in Splunk Search 12-18-2019 2 5	2	5
How to modify a single row in a lookup file based on a particular row value? I have a CSV lookup present with 1000 rows as per the below query. sourcetype="snow:cmdb_ci_service" \| stats latest... by gndivya Explorer in Splunk Search 12-18-2019 0 1	0	1
help for calculating a trend in a table panel hello from the code below, i would like to be able to add a new colum in my table panel which calculate the percenta... by jip31 Motivator in Splunk Search 12-18-2019 0 11	0	11
Splunk Support for Active Directory: How to get results for multiple ldap host after running \|ldaptestconnection command Splunk Support for Active Directory: How to get results for multiple ldap host \| ldaptestconnection domain="my Domai... by splunk_rohitsha Engager in Splunk Search 12-17-2019 0 0	0	0
Splunk service on indexer server gets killed by OOM killer when it should not. We operates splunk platform of 10+ SHC members & indexer cluster with 100+, version 7.2.9. From time to time we see ... by sylim_splunk Splunk Employee in Splunk Search 12-17-2019 2 2	2	2
How to properly display trend comparison of values over Hour by Day for multiple days? The following query will display a simple chart for trend comparison. This works well if you keep the days you're com... by ten_yard_fight Path Finder in Splunk Search 12-17-2019 0 2	0	2
Access Field for Value in Drop Down loaded by an input lookup file Hi, I have prepared an input lookup file which has the following contents: OperationCode,Meaning,Direction 1001,Cre... by mhornste Path Finder in Splunk Search 12-17-2019 0 6	0	6
how to exclude a holiday from search splunk using lookup csv Hi everyone , I would like to exclude a holiday list from my search using a lookup.csv . how to do ? thanks all of y... by ruben993 New Member in Splunk Search 12-17-2019 0 1	0	1
How to set specific options for certain fields in a chart I am trying to get one of the fields in my timechart to not connect points on null values, whilst still allowing the ... by jakethomso Explorer in Splunk Search 12-17-2019 0 6	0	6
filed extraction on specific path Hi I want to create "field extract" on all logs that exist in below address. /opt/logs/file1.log /opt/logs/file2.log... by indeed_2000 Motivator in Splunk Search 12-17-2019 0 11	0	11
help on complex dynamic pie chart Hello I use the search below in order to display datas in a pie chart As you can see in my eval command, I agregate ... by jip31 Motivator in Splunk Search 12-17-2019 0 5	0	5
LookUp Files Issues I have a lookup file called PriceFactot.csv. I have defined this lookup table and then in query I use \| inputlookup ... by zacksoft Contributor in Splunk Search 12-17-2019 0 5	0	5
Is there any way to decode an encoded html values saved in a log file? I want decode all the encoded html values present in an log file while indexing itself. Is there any way to do it ? by Boopalan New Member in Splunk Search 12-17-2019 0 8	0	8
how to reduce SQL connections from splunk to oracle DB for good performance? we are building various dashboards for monitoring purpose. Most of the dashboards need the data from database, which ... by sagar0907 Engager in Splunk Search 12-16-2019 0 4	0	4