Splunk Search

Community Activity

Add additional events to transaction by field Hi, I need to group events where the first event begins with "Receive message" and grouped by thread id. But then nee... by idzjuba Engager in Splunk Search 12-11-2019 0 4	0	4
How to dynamically remove a field from search & how to dynamically use threshold from lookup file and change color based on it? Hi All, Hope you all are doing good. I am stuck with 2 questions may be due to my Splunk query knowledge, hope you ... by niks987 Explorer in Splunk Search 12-11-2019 0 0	0	0
How to find license usage based on the all the indexes When I run the below search I can see 94 indexes available. \| eventcount summarize=false index=* index=_*\| dedup ind... by whitewolf332512 New Member in Splunk Search 12-10-2019 0 3	0	3
Field extraction /data/scripts/esx/output_crc/dc1-ch1-esxi05.dca.com-vmnic0-20191211-10:40:40.txt I need to extract the field "dc1-ch... by Nadhiya_Dubai Explorer in Splunk Search 12-10-2019 0 1	0	1
field extraction /data/scripts/esx/outfile/dc1-ch1-esxi05.dca.com-vmnic0.txt I need to extract the dc1-ch1-esxi05.dca.com-vmnic0 fro... by Nadhiya_Dubai Explorer in Splunk Search 12-10-2019 0 3	0	3
How to change bar chart color and the legend label How do I change a bar chart color base on the syslog severity level. Example: Informational to blue color, warning to... by matoulas Path Finder in Splunk Search 12-10-2019 0 4	0	4
How to rename timechart legend static names with variable names Hello, I have a timechart search (search code snippet below), everything works great. The chart shows up and the le... by wti Engager in Splunk Search 12-10-2019 0 1	0	1
Field Extraction And Evaluation From the screenshot, i would like to achieve the below; LCU04 = 500 x 00000 LCU03 = 500 x 01985 LCU02 = 500 x 01985 ... by rhugo Observer in Splunk Search 12-10-2019 0 3	0	3
Track growth on new items within a time range using a timechart I've tried various attempts at this with no joy. I'm simply trying to create a chart where I can specify w/ the time ... by clintla Contributor in Splunk Search 12-10-2019 0 8	0	8
How to show all the field values (including duplicates) in table Hi I have Splunk messages that gives the information on course and student enrolled. My sample message as follows ... by gravi Explorer in Splunk Search 12-10-2019 0 2	0	2
Lookups missing and receiving error message Getting the following error on many of my previously working searches, any ideas on how to fix it? 3 errors occurre... by bullbo Engager in Splunk Search 12-10-2019 0 1	0	1
Number of fields occurrence in json data I have below data ` { [-] context: { [+] } level: INFO logger: x.x.x.xxx.service.xxxService msg: Fi... by govindparashar1 New Member in Splunk Search 12-10-2019 0 2	0	2
Help with regular expression extract and match I have log file like this: 11:00:00 jon nginx: A[1234]B[56789] [0.1222] 11:00:00 dan service cloud: C[0078]D[12] F[... by indeed_2000 Motivator in Splunk Search 12-10-2019 0 10	0	10
Time difference during mid night is showing as more than a day Hi, I have two datetime stamps, both in same format ( %m-%d-%Y %H:%M:%S %p UTC ) and i am trying to get the differ... by gravi Explorer in Splunk Search 12-10-2019 0 8	0	8
Interesting fields count and percentage incorrect I have encountered a strange issue when clicking on an "interesting field" in the left side bar under the events tab,... by benwebsternucle Engager in Splunk Search 12-10-2019 1 1	1	1
How can I pass a list of parameters to a custom Generating command to iterate over and generate events? I have written my own custom generating command in Splunk which connects to our API and fetches threat details of a d... by umairahmad3985 Path Finder in Splunk Search 12-10-2019 0 0	0	0
Problem with Geospatial lookup and geom command Hi All, Posting this question, as I am new to Geospatial lookup and trying to configure it as per Michael Porath's b... by badrinath_itrs Communicator in Splunk Search 12-10-2019 1 2	1	2
Clarification about appendcols needed Hello, My alert looks as follows: \|inputcsv anomalies_ls5923.txt \| where like(ANOMALY_ID, "iA%")\| tail 1 \|rename co... by damucka Builder in Splunk Search 12-10-2019 0 1	0	1
struggle with RegEx field extraction on a Windows Event log Hey - I'm taking my first steps on extracting fields with RegEx and can't seem to get this one working .. any help wo... by feichinger Path Finder in Splunk Search 12-10-2019 0 5	0	5
Minutes and seconds formating I have a field that sends time in Min&sec in the format 3m7s I want it to be in the format 3.07 Tried using the bel... by gravi Explorer in Splunk Search 12-10-2019 0 5	0	5
Which events has been searching for Hi all! Need some help with a serach that showing which events has been searching for, last 90 days. by amirarsalan Explorer in Splunk Search 12-10-2019 0 1	0	1
Need to populate recent time value at the column left and oldest time towards right using chart command Hello Experts, We had created splunk dashboard for monitoring automation tests which is triggered at Jenkins. Below ... by arunrajamani New Member in Splunk Search 12-10-2019 0 7	0	7
merge a string in a list relatively to another string Hello everyone, I want to add a string in a list which is in a field compared to another string which also is in ano... by amir_bnp Explorer in Splunk Search 12-10-2019 0 13	0	13
Total Results With All Fields Showing I am trying to build an alert for when the total results for my search is greater than 9. I have it working, except t... by johann2017 Explorer in Splunk Search 12-10-2019 0 6	0	6
Lookup not working, it is generating a "NOT ()" query for some reason. lookup contains 3 columns DeviceId, host, and storeNumber splunk events contain a Properties.DeviceName field that m... by Cuyose Builder in Splunk Search 12-09-2019 0 4	0	4