Splunk Search

Community Activity

Join result of two queries with common field ? Hi, I have a use case where i need to join result of two septate logs on the basis of common field(breadcrumbId). Be... by ayush8878 New Member in Splunk Search 12-04-2019 0 4	0	4
How to calculate duration between two events and plot this on a bar chart? HI All, I am hoping one of you can help me figure out how to calculate time duration between the below sample events... by saurabhkunte Path Finder in Splunk Search 12-04-2019 0 6	0	6
Sort the output of chart command I am trying to plot chart by ObjectName , Date by Duration. And wanted to sort them by Date desc and Duration desc. I... by dpatiladobe Explorer in Splunk Search 12-04-2019 0 6	0	6
Help counting, the field, pageName, when I'm trying to count two or more specific values. Using Splunk Cloud - 7.0.11 My goal is to create a search and generate a table that I can use with MLTK. I'm searchi... by rick4039 Explorer in Splunk Search 12-04-2019 0 8	0	8
How to get stats on a string and name the string as a column ProxyName=PLB and ("/policies" OR "/bills") stats count by ProxyName I want the string "/policies" or "/bills" to... by maddenm2 New Member in Splunk Search 12-04-2019 0 2	0	2
Results are not shown when a report is opened in pivot mode I have a pivot report built on data set. When i open the report, the results are coming clearly but when i opened the... by chinmayc469 Explorer in Splunk Search 12-04-2019 0 1	0	1
How to create an alert when a windows account is lockout and there is an unlock event within 5 mins of the being locked Good afternoon everyone, Can someone point me in the right direction to creating an alert when a windows account is ... by djreschke Communicator in Splunk Search 12-04-2019 0 3	0	3
subsearch not working I have an alert using a subsearch that was working a few weeks ago. Now all of a sudden i cannot get any subsearchs ... by benzmmrmnn86 New Member in Splunk Search 12-04-2019 0 3	0	3
Extract time from log Below is my data 2019-12-03 14:20:55,679 ------------------ Begin Request ----------------- How do I extract begin ... by shwetamis Explorer in Splunk Search 12-04-2019 0 7	0	7
how to chart over multiple fields? When I am using this : chart count over Created_Month by Status \|table Created_Month,year,Relevant,Missing,Non_Relev... by pavanraghav Explorer in Splunk Search 12-04-2019 0 19	0	19
'SearchParser': Missing a search command before '^' I am trying to extract fields Environment and Service with below search and receiving the error 'SearchParser': Missi... by maria_n Explorer in Splunk Search 12-04-2019 0 3	0	3
How to extract in Splunk at index time (with tstats) json field with same child-key from different father-key using regex? We have to model a regex in order to extract in Splunk (at index time) some fileds from our event. These fields will ... by piefragnisp Explorer in Splunk Search 12-04-2019 0 8	0	8
Can you highlight cells with dependency without js? Is it possible to highlight values in a row with condition by another value from another field without js/css? In the... by GDude New Member in Splunk Search 12-04-2019 0 7	0	7
How to exclude a field from one sourcetype when it appears in two joined searches I have a search that is joining two sourcetypes that has multiple fields that have the same name. I want to join on ... by markhvesta Path Finder in Splunk Search 12-03-2019 0 3	0	3
What is better for the conversion, eval or convert? We wonder what is better for this query - index=_audit action=alert_fired ss_app=<app name> \| stats count as Total... by danielbb Motivator in Splunk Search 12-03-2019 0 2	0	2
Format table field with a space in the column name I would like to use the Simple XML format rule to specify the formatting of table columns as documented here, e.g.: ... by helge Builder in Splunk Search 12-03-2019 0 7	0	7
Splunk HELP - How to stats based on each value in array field Hi Team, I have several fields which values are array. For example, event1: ktf2="[Background_Criteria,Profile_Cr... by cheriemilk Path Finder in Splunk Search 12-03-2019 1 1	1	1
Converting @d for eval command I am trying to use the token passed through the time input in a dashboard to a search query. In this specific example... by kunwarjit Engager in Splunk Search 12-03-2019 0 3	0	3
How to create an alert for a log that does not update for X amount of hours I have the following as my search but wanted to see if a log does not update for X hours then send an alert. If the l... by ryangillan Explorer in Splunk Search 12-03-2019 0 5	0	5
[7.3] Index Selection for roles does not show all indexes upgraded to 7.3 and they can no longer see all 208 indexes that we have when editing roles. When you edit a role and... by sylim_splunk Splunk Employee in Splunk Search 12-03-2019 0 4	0	4
How to extract a field from IBM Informix schema with Splunk? Hi, I have IBM Informix schema and want to extract data with Splunk from it like this: table name \| Index \| Trig... by indeed_2000 Motivator in Splunk Search 12-03-2019 0 16	0	16
Why are there errors when resolving missing lookup tables/fields? I'm having errors resolving several missing lookup tables. Any help to resolve these will be appreciated. The lookup... by afolabia Path Finder in Splunk Search 12-03-2019 0 2	0	2
Delay in search time field extractions on search head cluster I have a three-node search head cluster, when I create a field extraction through the GUI, it takes hours for it to b... by ehowardl3 Path Finder in Splunk Search 12-03-2019 1 4	1	4
Splunk 8 - TSTATS WHERE IN () does not work with CIDR Providing Splunk 8 the following: \| tstats allow_old_summaries=t count from datamodel=Network_Traffic.All_Traffic w... by samsonusmc New Member in Splunk Search 12-03-2019 0 1	0	1
Splunk Events Do Not Show for recent dates Hello, I am using the rex command to extra information on the automation and having it count the number of times a ho... by harshparikhxlrd Path Finder in Splunk Search 12-03-2019 0 4	0	4