Splunk Search

Community Activity

Why are there errors when resolving missing lookup tables/fields? I'm having errors resolving several missing lookup tables. Any help to resolve these will be appreciated. The lookup... by afolabia Path Finder in Splunk Search 12-03-2019 0 2	0	2
Delay in search time field extractions on search head cluster I have a three-node search head cluster, when I create a field extraction through the GUI, it takes hours for it to b... by ehowardl3 Path Finder in Splunk Search 12-03-2019 1 4	1	4
Splunk 8 - TSTATS WHERE IN () does not work with CIDR Providing Splunk 8 the following: \| tstats allow_old_summaries=t count from datamodel=Network_Traffic.All_Traffic w... by samsonusmc New Member in Splunk Search 12-03-2019 0 1	0	1
Splunk Events Do Not Show for recent dates Hello, I am using the rex command to extra information on the automation and having it count the number of times a ho... by harshparikhxlrd Path Finder in Splunk Search 12-03-2019 0 4	0	4
What is my best approach to creating a expand / collapse feature on my dashboard? I've only been "Splunking" for about a month now so I am pretty new to this. I want to add a button to expand certa... by bmendez0428 Explorer in Splunk Search 12-03-2019 0 0	0	0
how to get count numbers based on the values I have the following fields: x, value, I want to get number that count by value of x. for example : 267 is the small... by jenniferhao Explorer in Splunk Search 12-03-2019 0 4	0	4
Assemble many events into a particular visualization So I already have a set of data that I can access and on which I build a chart. Under, you will find my actual resul... by adrien_dereumau Path Finder in Splunk Search 12-03-2019 1 5	1	5
DHCP lookup to output fields for user, mac based on IP Address by lease time for all sourcetypes Hi, I was wondering if anyone could help with this problem. I have created a lookup for DHCP logs which consists of ... by nathanluke86 Communicator in Splunk Search 12-03-2019 0 5	0	5
Can we set API V2 custom_detail fields within a splunk query in enterprise? Hi Splunk enterprise. We currently have many event rules to manage from various sources in PagerDuty, the issue we ... by yimcam1980 New Member in Splunk Search 12-03-2019 0 0	0	0
can some one explain me the function of the below code in specific \| eval created_upper_token=if("$time_token.latest$"="" OR like("$time_token.latest$","%now%"),"@s","$time_token.lates... by pavanraghav Explorer in Splunk Search 12-03-2019 1 3	1	3
When main query return 0 results, how to stop subquery give error? In my subquery, I'm using results returned from main query, when main query have results it works. But when main quer... by xiaoyunwuxie Explorer in Splunk Search 12-02-2019 1 7	1	7
Help creating a table that shows unique events from last 24hrs, that have not occurred within the last 30days Hello, I have an index with ALPR (license plate) data. I'd like to create a table, that shows unique plates detected... by JAvnaim Explorer in Splunk Search 12-02-2019 0 2	0	2
Join 2 large tstats data sets I need to join two large tstats namespaces on multiple fields. For example, I have these two tstats: \| tstats count... by btorresgil Builder in Splunk Search 12-02-2019 2 10	2	10
How to find a host which is missing a specific value? Hi all, My question is focused on open ports but the condition applies to a wide range of scenarios. My question is ... by galindimitrov Explorer in Splunk Search 12-02-2019 0 10	0	10
Limiting duration to 2 decimal places (without round function) Hello, I was using the round function in my search to limit the results to 2 decimal places. I have gotten it to wor... by harshparikhxlrd Path Finder in Splunk Search 12-02-2019 0 1	0	1
Can anyone suggest how I can create a join query using pattern Eg eg in fuse.log I have a entry like userId=abc while in access.log i have entry like sessionid-12232 \| abc \| xyz O... by ayush8878 New Member in Splunk Search 12-02-2019 0 5	0	5
Field extraction not working (props.conf) I have one props placed in location , opt splunk etc apps appname local props Below is the code [db_accounts] ... by pal_sumit1 Path Finder in Splunk Search 12-02-2019 0 1	0	1
How to remove a row in a table _time A B C D 6:05 1 1 5 8 6:10 0 3 2 2 6:15 5 0 6 2 6:20 8 9 2 7 6:25 9... by kishan2356 Explorer in Splunk Search 12-02-2019 0 4	0	4
InputLookup search query Hello everyone! My initial search give me events with the URLs that users clicked using the outlook client. After a... by dyrm1 New Member in Splunk Search 12-02-2019 0 8	0	8
single value visualization sorting issue Hi, i have a query which sorts the results, but when i change it to single value its not getting sorted can anyone h... by Puvi New Member in Splunk Search 12-01-2019 0 4	0	4
Visualizations: Why is there a dot in my time chart graph? Just want to ask why sometimes there is a dot in my time chart graph? and how to erase that? The dot looks like pictu... by everynameIwanti Explorer in Splunk Search 12-01-2019 0 3	0	3
Percentage chart Hi. I have a query that makes the difference of a query comparing today with last week. I would like to generate a g... by leandromatperei Path Finder in Splunk Search 12-01-2019 0 9	0	9
How to count until a specific number and go to next value in field Here is my current query: index=abc* \|stats count by user,date \|eval highcount=(if count >=1000,1000,count) This g... by rvalli Explorer in Splunk Search 12-01-2019 0 5	0	5
Searching and matching from two different indexes and retrieving values from one index I have two indexes that contain the same ip address but only one index contains hostnames for the ip addresses. How c... by cald0002 New Member in Splunk Search 12-01-2019 0 1	0	1
create table from database schema hi i have database schema, and want to extract a table like in picture. i try to use regular expression but it's not... by indeed_2000 Motivator in Splunk Search 12-01-2019 0 17	0	17