Splunk Search

Community Activity

makecontinuous and fillnull for selfmade date-hour column Hi, I'm trying to fill empty hours (without events) using makecontinuous. The time column created in the query/ \| t... by egur New Member in Splunk Search 12-19-2019 0 2	0	2
How can I extend the width of my drop down box in my dashboard? I'd like to extend the width of my drop down box in my dashboard because the source names are quite long and i'd like... by MichaelPriest Communicator in Splunk Search 12-19-2019 2 9	2	9
Extract multiple values when field is in the same log twice Hi all, I am working with a log that can sometimes have the same field in one log entry more than one time, but with... by bcarr12 Path Finder in Splunk Search 12-19-2019 0 5	0	5
How to concatenate a variable number of fields? I had the next events examples: 2019-09-16T13:27:10.169107+02:00 koopa.browser.local node= koopa.browser.local type... by rafadvega Path Finder in Splunk Search 12-19-2019 1 3	1	3
eval showing in btool props but does not appear in search Okay I'm pulling my hair out here. I'm playing around with Windows Defender Events, trying to capture them and get th... by bmorgenthaler Path Finder in Splunk Search 12-19-2019 0 4	0	4
Construct map command query in eval statement I am having trouble constructing a search command in an Eval statement. I stripped it down to its most basic form to ... by drewg33 Engager in Splunk Search 12-19-2019 0 1	0	1
Search is waiting for input ERROR Hello, I'm having issues with some of my splunk dashboards having issues with loading. It was loading fine before, ... by harshparikhxlrd Path Finder in Splunk Search 12-19-2019 1 7	1	7
inputlookup in subsearch to filter by one column and to output back the corresponding values of another column to main search Okay so this question has never been asked or answered before so here goes...Hoping someone can assist. index="ironp... by yepyepyayyooo New Member in Splunk Search 12-19-2019 0 4	0	4
Extract fields out of plain text log file and assign it to a field name I want to extract the below values during index time 1. extract WDDZF4KB3JA469368 ,ABCDE4KB3JA469368 and so on and as... by Sujithkumarkb Observer in Splunk Search 12-19-2019 0 5	0	5
I have 6 panels on a dashboard, but can only run 3 concurrent searches. How can I overcome this limit? I have 6 panels on a dashboard, but only allow 3 concurrent searches for the user role. Using Splunk Enterprise 6.2, ... by moesaidi Path Finder in Splunk Search 12-19-2019 2 11	2	11
Left Outer join Hi, I am trying to do search based on field cardid between 2 queries and 2 different time durations, following query ... by msrama5 Explorer in Splunk Search 12-19-2019 0 1	0	1
Unknown search command 'dbquery' for non-admin users Hi, I'm getting "Unknown search command 'dbquery'" error when trying to use \| dbquery as non-admin user. I granted re... by michtek Explorer in Splunk Search 12-18-2019 0 4	0	4
String Value What search string would I use to find out what computers do NOT have a specific software. I have the Splunk TA Wind... by amorberg New Member in Splunk Search 12-18-2019 0 2	0	2
How to join events on an id and subtract values from same named field I've got two different events that have identical data points, including an id. I'd like to join the events on an id... by econstantin Engager in Splunk Search 12-18-2019 1 3	1	3
Convert HR:MIN:SEC format to 1hr:2min:3sec format Hello, I'm trying to convert my time format for the Duration seen below to a format such as 1hr 2min 30 sec display. by harshparikhxlrd Path Finder in Splunk Search 12-18-2019 0 4	0	4
Optimize rex command Hi all, I want to extract fields form log events. I have two errors patterns : EDICPP 4-1-1-0 exception: Mandator... by clementros Path Finder in Splunk Search 12-18-2019 0 5	0	5
How do I add a number to addColTotals? Here is my search query index=nonprod CFE_AppName=abc CFE_Environment=dev Appointment has been booked \| rex field=... by karunanaik Engager in Splunk Search 12-18-2019 1 2	1	2
How to combine two search results in a better way Hello, I am trying to create a query which will help me combine results from two search results by doing this: ind... by dibyaranjan3177 New Member in Splunk Search 12-18-2019 0 2	0	2
How to get the stats of multiple search string I am trying to get the stats for the search keywords. My query will list the errors by time but it wont tell me how m... by ibob0304 Communicator in Splunk Search 12-18-2019 1 2	1	2
Can anyone please help in finding percent_rank of a field Can anyone please help what could be the equivalent to SQL's "percent_Rank" command in splunk select host, count(*) ... by sahil237888 Path Finder in Splunk Search 12-18-2019 0 3	0	3
How to use docker Splunk forwarder image to forward logs to an external Splunk enterprise? I have splunk enterprise setup on a separate machine and I have an application running on another instance. Now I am... by cmittal New Member in Splunk Search 12-18-2019 0 1	0	1
Optimize rex command Hi all, I want to extract fields form log events. I have two errors patterns : * Can not convert FOO from here ... by clementros Path Finder in Splunk Search 12-18-2019 0 2	0	2
assigning repeating / rolling sequential field I am looking to have a new field that will assign a reference to each, this reference will be sequential and will rep... by ChrisCLewis Communicator in Splunk Search 12-18-2019 0 5	0	5
how to add just field name in the main result which have no result ,value just want to display the name . Hello all I want to display the field name(CNB) in the main result which has no result now but in future it ll. I ... by hrs2019 Path Finder in Splunk Search 12-18-2019 0 8	0	8
Extrapolation of data volumes after connection of new systems / predicted license costs with lookup The relevant data about the future development of CustID are read in via a lookup (new_custID.csv) based on the table... by mklhs Path Finder in Splunk Search 12-18-2019 0 3	0	3