Splunk Search

Community Activity

Splunk help - query latest event based on a field and count value based on another field Hi Team, I have below events, want to find out the latest event for each kf7 value, and then stats count based on kt... by cheriemilk Path Finder in Splunk Search 12-05-2019 0 1	0	1
After updating an app, why am I getting search error "The limit has been reached for log messages in info.csv"? After I updated an app, why am I getting these search errors? The limit has been reached for log messages in info.cs... by danieldu Engager in Splunk Search 12-05-2019 10 4	10	4
How to update a global lookup file via REST API for a particular app in a search head cluster? Hi All, I have a Search Head Cluster and I am trying to update a global lookup file in a particular app, but am havi... by phoenixdigital Builder in Splunk Search 12-05-2019 2 4	2	4
How to extract the prefixed words from logs Hi All, I require help in extracting the words that appear right before the word. Example: Null.set.error Nullerror S... by prettysunshinez Explorer in Splunk Search 12-05-2019 0 8	0	8
Modify subsearch time starting with timerange picker token I have a situation where I want to run a main search of one index over a time period driven by the time picker on a d... by mstark31 Path Finder in Splunk Search 12-05-2019 0 7	0	7
Is it possible to download two tables into a single Excel file rather than appending to the right? I have got two different tables in my Splunk dashboard and both came from different searches. Is it possible to dow... by contactdipesh New Member in Splunk Search 12-05-2019 0 2	0	2
ports listen Can anyone tell me which ports should listen on Splunk server and on the Target server (Client)? From where to where... by chaga New Member in Splunk Search 12-05-2019 0 1	0	1
Searching 60 minutes prior to a time failing I'm trying to do the following query index=main earliest=-60m latest="12/4/2019:12:31:41" So 60 minutes before a s... by bmorgenthaler Path Finder in Splunk Search 12-05-2019 0 3	0	3
transaction event not updated in 20mins Hi, I have a transaction ,begin and complete like below with session id. Want to generate an alert if the event not ... by samtechy Engager in Splunk Search 12-05-2019 0 2	0	2
[Resolved]Splunk eval - Error in 'eval' command: The expression is malformed. Hi team, I got error 'Error in 'eval' command: The expression is malformed. ' when running below query. Guess it's b... by cheriemilk Path Finder in Splunk Search 12-05-2019 0 3	0	3
Searching nested JSON to create audit dashboard I have some test JSON data that I am having trouble searching for. I need to create some Audit dashboards around thi... by Tylerdygert Path Finder in Splunk Search 12-05-2019 0 16	0	16
Search in fast vs smart modes does not return same number of events We ran into a problem where a search in smart mode returns 6 events, while the same search in fast mode returns 2 eve... by tomasmoser Contributor in Splunk Search 12-05-2019 1 14	1	14
How is my `set diff` returning any difference if I'm using the same macro as both subsearches? I'm building a dashboard where a user selects a dropdown item that has the value of a search macro name and then a si... by mbrownoutside Path Finder in Splunk Search 12-05-2019 0 2	0	2
Join two lines in the same search Hi all, I'm currently monitoring log files. I have exctrated 2 fields end_collection_timestamp & starting_collecti... by clementros Path Finder in Splunk Search 12-05-2019 1 9	1	9
How to join a lookup value for comparison? The query below works, but i need to add a lookup value 'interval' to compare against the 'hours since last seen' val... by nahfam Path Finder in Splunk Search 12-05-2019 0 10	0	10
Requesting Assistance Writing a Search Request I am writing a search which I intend to use to create an alert from. I keep getting "No Results" from this search unl... by dharveynswccd Path Finder in Splunk Search 12-05-2019 1 11	1	11
Getting full result in join/append I have a index, where i store values of items and their count (pulled from SQL DB). I run a search to return me items... by nkumar6 Explorer in Splunk Search 12-05-2019 0 10	0	10
External Python Lookup not working with Splunk 8.0 with Python 3 Hi, I have setup Splunk v8.0 in a separate VM and configured it to run strictly Python 3. Both my environments (Spl... by blueelvis Engager in Splunk Search 12-05-2019 0 0	0	0
Splunk searching nested json Hello I use automatic translation because I am not good at English. sorry. I took NVD 's CVE list (Json Feed) into S... by blaku Explorer in Splunk Search 12-05-2019 0 5	0	5
Multistep transaction using stats Hi, I have following stats table key EventCode ... by knarinen3 New Member in Splunk Search 12-05-2019 0 2	0	2
Can I count lines in table cell? Hi, I have a search to show the number of times an IP address was trying to reach some Customer IDs. How can I cou... by yossefn Path Finder in Splunk Search 12-05-2019 0 2	0	2
count of a field, and then sort by day Im looking to count by a field and that works with first part of syntex , then sort it by date. both work independant... by barneser Engager in Splunk Search 12-05-2019 0 2	0	2
How to merge two different queries with the same columns together? Hi, I have different queries: Query 1: \|inputlookup myLokkup \| eval count=0 \| table myField, count For Example: ... by shayhibah Path Finder in Splunk Search 12-05-2019 0 7	0	7
Help to extract fields from the URL I need to extract "internal-blue-ocf" as namespace and "stress-b.aps.gc1-b.lle.ocf.xxx.com" as service using rex fro... by maria_n Explorer in Splunk Search 12-05-2019 0 5	0	5
Date type issue on extracted fields Hi all, I have two date fields extracted (with regex) from log files. starting_collection_timestamp = Thu Oct 17 ... by clementros Path Finder in Splunk Search 12-05-2019 0 3	0	3