Splunk Search

Community Activity

Lookup not working, it is generating a "NOT ()" query for some reason. lookup contains 3 columns DeviceId, host, and storeNumber splunk events contain a Properties.DeviceName field that m... by Cuyose Builder in Splunk Search 12-09-2019 0 4	0	4
correct TIME_FORMAT for time stamp Hello, I'm having trouble extracting the following timestamp for one source, is there someone here that can recommend... by Melstrathdee Path Finder in Splunk Search 12-09-2019 0 2	0	2
How to extract and create multiple fields for the same log line If I have the log line: WEB 1.1.1.1/2.2.2.2/3.3.3.3 and I want to use extract fields to map: WEB -> field1 1.1.1.1/2... by vnarapuram Explorer in Splunk Search 12-09-2019 0 8	0	8
count eval, error using AND Hello, I'd like to count events from Windows Logs in my search that include both EventCode="4624" as well as Account_... by nataliamur New Member in Splunk Search 12-09-2019 0 2	0	2
Conversion of epoch time in rex extracted field Hey All, Need some assistance with extracting/converting the epoch timestamps on index buckets from a search that I ... by adalbor Builder in Splunk Search 12-09-2019 0 5	0	5
Can stats be in the subject of an alert-generated e-mail? We have an alert, that checks for a particular condition (Oracle-errors) across multiple indexes: (index=HOP OR inde... by unitedmarsupial Path Finder in Splunk Search 12-09-2019 0 4	0	4
Error with eval expression using eventstats command in Splunk Datamodel Hi, I want to create below search using splunk DataModel: index="oqa_pub" sourcetype="idesk_db_inc" \|search RESOLVE... by mogoe2 New Member in Splunk Search 12-09-2019 0 5	0	5
Can we run the query for 100 or so hosts? We have the following that runs nicely for one host - index=<index name> host=<host name> source=<source name> sour... by danielbb Motivator in Splunk Search 12-09-2019 0 1	0	1
How to evaluate multiple fields and replace field output with new string I have an issue where events are displaying incorrect information for a particular field in my search. Example: ... by garciajbg Explorer in Splunk Search 12-09-2019 0 4	0	4
After obtaining the Time difference of two time/date fields, if the time greater than a hr create a alert. Im pretty new to splunk, so my approach may be incorrect. However, At this time my query is as below: search query \|... by dcephas Engager in Splunk Search 12-09-2019 0 2	0	2
Cisco CDR: How to remove two columns in report extraction I need to remove these two columns in the report extraction, I already removed the values in the "search" for these c... by fiveitsplunk Explorer in Splunk Search 12-09-2019 0 6	0	6
help with regex needed Hello, I have the following content in the variable $result.LINE$ in my alert, coming as a DB SQL result: Below wor... by damucka Builder in Splunk Search 12-09-2019 0 3	0	3
Command to free disk space My instance of Splunk currently has 9.4 TB of disk for indexing. We have 360GB per day being indexed and I can't incr... by erlindemberg Explorer in Splunk Search 12-09-2019 0 4	0	4
Change time zone in log indexing Hi, I have a log that it has the format below, I need his GMT to be -3h. That is, in the log file the time is (2019... by leandromatperei Path Finder in Splunk Search 12-09-2019 0 2	0	2
Regular Expression to extract the below values Hi, One of my value in table is being passed as an Boolean expression as below (assignment_group = 1213App_Developme... by aswin_asok Explorer in Splunk Search 12-09-2019 1 5	1	5
Rex field to extract dot net module Hi i currently have the following line in my search that search for system.net.webclient: \|rex max_match=0 "(?<modul... by totaro Explorer in Splunk Search 12-08-2019 0 3	0	3
Anyone else having issues contacting Splunk support today? Is there anyone else having issues contacting Splunk support today where each time you call it either rings out or di... by nathant089 New Member in Splunk Search 12-08-2019 0 1	0	1
transaction query providing wrong log events in splunk Hi team, I have two log events as mentioned below, i am trying to find out response time difference based on timesta... by kanamarlapudive New Member in Splunk Search 12-08-2019 0 21	0	21
How to convert Unix format and compare it with _time for given values of `savedsearch_name` and have a clear visualization I am trying to visualize the deviation between a correlation rule's scheduled time and the time it was run. went thr... by mo_shahin Engager in Splunk Search 12-07-2019 0 1	0	1
Changing the order of displayed single field values in a timechart column Hello, fellow Splunkers. I am currently trying to create a stacked timechart column using a simple search query: tim... by sendijsd Engager in Splunk Search 12-07-2019 0 2	0	2
Determining bytes scanned during a search? Hey there Splunkers! Similar to the question "How is the Size value on the job page calculated and logged in Splunk?... by Beaker77 Explorer in Splunk Search 12-07-2019 0 3	0	3
Events are going to multiple indexes. I have an issue where events are indexed into multiple indexes partially. Now the problem is that Example: - Som... by sherrysafdar Explorer in Splunk Search 12-07-2019 0 1	0	1
Creating a detailed table to investigate user account logging into several servers Hello, I'm attempting to build a detailed table complete with timestamp, account name, eventcode, and host. We found... by rcastello Explorer in Splunk Search 12-07-2019 0 1	0	1
Same fields with different values in one event In the following Windows event log message field Account Name appears twice with different values. When I build a rep... by kkuminsky Path Finder in Splunk Search 12-06-2019 3 12	3	12
"NOT TERM" removes results When using NOT TERM, please keep in mind the following bug (see the answer for the workaround): index=myindex NOT TE... by landen99 Motivator in Splunk Search 12-06-2019 0 5	0	5