Splunk Search

Community Activity

how to chart over multiple fields? When I am using this : chart count over Created_Month by Status \|table Created_Month,year,Relevant,Missing,Non_Relev... by pavanraghav Explorer in Splunk Search 12-04-2019 0 19	0	19
'SearchParser': Missing a search command before '^' I am trying to extract fields Environment and Service with below search and receiving the error 'SearchParser': Missi... by maria_n Explorer in Splunk Search 12-04-2019 0 3	0	3
How to extract in Splunk at index time (with tstats) json field with same child-key from different father-key using regex? We have to model a regex in order to extract in Splunk (at index time) some fileds from our event. These fields will ... by piefragnisp Explorer in Splunk Search 12-04-2019 0 8	0	8
Can you highlight cells with dependency without js? Is it possible to highlight values in a row with condition by another value from another field without js/css? In the... by GDude New Member in Splunk Search 12-04-2019 0 7	0	7
How to exclude a field from one sourcetype when it appears in two joined searches I have a search that is joining two sourcetypes that has multiple fields that have the same name. I want to join on ... by markhvesta Path Finder in Splunk Search 12-03-2019 0 3	0	3
What is better for the conversion, eval or convert? We wonder what is better for this query - index=_audit action=alert_fired ss_app=<app name> \| stats count as Total... by danielbb Motivator in Splunk Search 12-03-2019 0 2	0	2
Format table field with a space in the column name I would like to use the Simple XML format rule to specify the formatting of table columns as documented here, e.g.: ... by helge Builder in Splunk Search 12-03-2019 0 7	0	7
Splunk HELP - How to stats based on each value in array field Hi Team, I have several fields which values are array. For example, event1: ktf2="[Background_Criteria,Profile_Cr... by cheriemilk Path Finder in Splunk Search 12-03-2019 1 1	1	1
Converting @d for eval command I am trying to use the token passed through the time input in a dashboard to a search query. In this specific example... by kunwarjit Engager in Splunk Search 12-03-2019 0 3	0	3
How to create an alert for a log that does not update for X amount of hours I have the following as my search but wanted to see if a log does not update for X hours then send an alert. If the l... by ryangillan Explorer in Splunk Search 12-03-2019 0 5	0	5
[7.3] Index Selection for roles does not show all indexes upgraded to 7.3 and they can no longer see all 208 indexes that we have when editing roles. When you edit a role and... by sylim_splunk Splunk Employee in Splunk Search 12-03-2019 0 4	0	4
How to extract a field from IBM Informix schema with Splunk? Hi, I have IBM Informix schema and want to extract data with Splunk from it like this: table name \| Index \| Trig... by indeed_2000 Motivator in Splunk Search 12-03-2019 0 16	0	16
Why are there errors when resolving missing lookup tables/fields? I'm having errors resolving several missing lookup tables. Any help to resolve these will be appreciated. The lookup... by afolabia Path Finder in Splunk Search 12-03-2019 0 2	0	2
Delay in search time field extractions on search head cluster I have a three-node search head cluster, when I create a field extraction through the GUI, it takes hours for it to b... by ehowardl3 Path Finder in Splunk Search 12-03-2019 1 4	1	4
Splunk 8 - TSTATS WHERE IN () does not work with CIDR Providing Splunk 8 the following: \| tstats allow_old_summaries=t count from datamodel=Network_Traffic.All_Traffic w... by samsonusmc New Member in Splunk Search 12-03-2019 0 1	0	1
Splunk Events Do Not Show for recent dates Hello, I am using the rex command to extra information on the automation and having it count the number of times a ho... by harshparikhxlrd Path Finder in Splunk Search 12-03-2019 0 4	0	4
What is my best approach to creating a expand / collapse feature on my dashboard? I've only been "Splunking" for about a month now so I am pretty new to this. I want to add a button to expand certa... by bmendez0428 Explorer in Splunk Search 12-03-2019 0 0	0	0
how to get count numbers based on the values I have the following fields: x, value, I want to get number that count by value of x. for example : 267 is the small... by jenniferhao Explorer in Splunk Search 12-03-2019 0 4	0	4
Assemble many events into a particular visualization So I already have a set of data that I can access and on which I build a chart. Under, you will find my actual resul... by adrien_dereumau Path Finder in Splunk Search 12-03-2019 1 5	1	5
DHCP lookup to output fields for user, mac based on IP Address by lease time for all sourcetypes Hi, I was wondering if anyone could help with this problem. I have created a lookup for DHCP logs which consists of ... by nathanluke86 Communicator in Splunk Search 12-03-2019 0 5	0	5
Can we set API V2 custom_detail fields within a splunk query in enterprise? Hi Splunk enterprise. We currently have many event rules to manage from various sources in PagerDuty, the issue we ... by yimcam1980 New Member in Splunk Search 12-03-2019 0 0	0	0
can some one explain me the function of the below code in specific \| eval created_upper_token=if("$time_token.latest$"="" OR like("$time_token.latest$","%now%"),"@s","$time_token.lates... by pavanraghav Explorer in Splunk Search 12-03-2019 1 3	1	3
When main query return 0 results, how to stop subquery give error? In my subquery, I'm using results returned from main query, when main query have results it works. But when main quer... by xiaoyunwuxie Explorer in Splunk Search 12-02-2019 1 7	1	7
Help creating a table that shows unique events from last 24hrs, that have not occurred within the last 30days Hello, I have an index with ALPR (license plate) data. I'd like to create a table, that shows unique plates detected... by JAvnaim Explorer in Splunk Search 12-02-2019 0 2	0	2
Join 2 large tstats data sets I need to join two large tstats namespaces on multiple fields. For example, I have these two tstats: \| tstats count... by btorresgil Builder in Splunk Search 12-02-2019 2 10	2	10