Splunk Search

Community Activity

How to show all the field values (including duplicates) in table Hi I have Splunk messages that gives the information on course and student enrolled. My sample message as follows ... by gravi Explorer in Splunk Search 12-10-2019 0 2	0	2
Lookups missing and receiving error message Getting the following error on many of my previously working searches, any ideas on how to fix it? 3 errors occurre... by bullbo Engager in Splunk Search 12-10-2019 0 1	0	1
Number of fields occurrence in json data I have below data ` { [-] context: { [+] } level: INFO logger: x.x.x.xxx.service.xxxService msg: Fi... by govindparashar1 New Member in Splunk Search 12-10-2019 0 2	0	2
Help with regular expression extract and match I have log file like this: 11:00:00 jon nginx: A[1234]B[56789] [0.1222] 11:00:00 dan service cloud: C[0078]D[12] F[... by indeed_2000 Motivator in Splunk Search 12-10-2019 0 10	0	10
Time difference during mid night is showing as more than a day Hi, I have two datetime stamps, both in same format ( %m-%d-%Y %H:%M:%S %p UTC ) and i am trying to get the differ... by gravi Explorer in Splunk Search 12-10-2019 0 8	0	8
Interesting fields count and percentage incorrect I have encountered a strange issue when clicking on an "interesting field" in the left side bar under the events tab,... by benwebsternucle Engager in Splunk Search 12-10-2019 1 1	1	1
How can I pass a list of parameters to a custom Generating command to iterate over and generate events? I have written my own custom generating command in Splunk which connects to our API and fetches threat details of a d... by umairahmad3985 Path Finder in Splunk Search 12-10-2019 0 0	0	0
Problem with Geospatial lookup and geom command Hi All, Posting this question, as I am new to Geospatial lookup and trying to configure it as per Michael Porath's b... by badrinath_itrs Communicator in Splunk Search 12-10-2019 1 2	1	2
Clarification about appendcols needed Hello, My alert looks as follows: \|inputcsv anomalies_ls5923.txt \| where like(ANOMALY_ID, "iA%")\| tail 1 \|rename co... by damucka Builder in Splunk Search 12-10-2019 0 1	0	1
struggle with RegEx field extraction on a Windows Event log Hey - I'm taking my first steps on extracting fields with RegEx and can't seem to get this one working .. any help wo... by feichinger Path Finder in Splunk Search 12-10-2019 0 5	0	5
Minutes and seconds formating I have a field that sends time in Min&sec in the format 3m7s I want it to be in the format 3.07 Tried using the bel... by gravi Explorer in Splunk Search 12-10-2019 0 5	0	5
Which events has been searching for Hi all! Need some help with a serach that showing which events has been searching for, last 90 days. by amirarsalan Explorer in Splunk Search 12-10-2019 0 1	0	1
Need to populate recent time value at the column left and oldest time towards right using chart command Hello Experts, We had created splunk dashboard for monitoring automation tests which is triggered at Jenkins. Below ... by arunrajamani New Member in Splunk Search 12-10-2019 0 7	0	7
merge a string in a list relatively to another string Hello everyone, I want to add a string in a list which is in a field compared to another string which also is in ano... by amir_bnp Explorer in Splunk Search 12-10-2019 0 13	0	13
Total Results With All Fields Showing I am trying to build an alert for when the total results for my search is greater than 9. I have it working, except t... by johann2017 Explorer in Splunk Search 12-10-2019 0 6	0	6
Lookup not working, it is generating a "NOT ()" query for some reason. lookup contains 3 columns DeviceId, host, and storeNumber splunk events contain a Properties.DeviceName field that m... by Cuyose Builder in Splunk Search 12-09-2019 0 4	0	4
correct TIME_FORMAT for time stamp Hello, I'm having trouble extracting the following timestamp for one source, is there someone here that can recommend... by Melstrathdee Path Finder in Splunk Search 12-09-2019 0 2	0	2
How to extract and create multiple fields for the same log line If I have the log line: WEB 1.1.1.1/2.2.2.2/3.3.3.3 and I want to use extract fields to map: WEB -> field1 1.1.1.1/2... by vnarapuram Explorer in Splunk Search 12-09-2019 0 8	0	8
count eval, error using AND Hello, I'd like to count events from Windows Logs in my search that include both EventCode="4624" as well as Account_... by nataliamur New Member in Splunk Search 12-09-2019 0 2	0	2
Conversion of epoch time in rex extracted field Hey All, Need some assistance with extracting/converting the epoch timestamps on index buckets from a search that I ... by adalbor Builder in Splunk Search 12-09-2019 0 5	0	5
Can stats be in the subject of an alert-generated e-mail? We have an alert, that checks for a particular condition (Oracle-errors) across multiple indexes: (index=HOP OR inde... by unitedmarsupial Path Finder in Splunk Search 12-09-2019 0 4	0	4
Error with eval expression using eventstats command in Splunk Datamodel Hi, I want to create below search using splunk DataModel: index="oqa_pub" sourcetype="idesk_db_inc" \|search RESOLVE... by mogoe2 New Member in Splunk Search 12-09-2019 0 5	0	5
Can we run the query for 100 or so hosts? We have the following that runs nicely for one host - index=<index name> host=<host name> source=<source name> sour... by danielbb Motivator in Splunk Search 12-09-2019 0 1	0	1
How to evaluate multiple fields and replace field output with new string I have an issue where events are displaying incorrect information for a particular field in my search. Example: ... by garciajbg Explorer in Splunk Search 12-09-2019 0 4	0	4
After obtaining the Time difference of two time/date fields, if the time greater than a hr create a alert. Im pretty new to splunk, so my approach may be incorrect. However, At this time my query is as below: search query \|... by dcephas Engager in Splunk Search 12-09-2019 0 2	0	2