Splunk Search

Community Activity

Passing tokens dynamically to search query I have a drop down which I populate with the query and editing field values index="myindex"\|stats values(Category) as... by k_harini Communicator in Splunk Search 11-24-2019 0 6	0	6
Extracting fields for a specific text hi All, Am trying to extract the fields for only the text when it contains start or end as my test_status field that... by datamine Loves-to-Learn Lots in Splunk Search 11-24-2019 0 2	0	2
How to display column results in descending order? It shows the result in the below format uri 208 400 ... .... ... I want ... by prannoy93singh Engager in Splunk Search 11-24-2019 0 5	0	5
help on eval condition Hi I use the search below which works fine but I have an issue with my eval command why i can retrieve the "No SPLUNK... by jip31 Motivator in Splunk Search 11-24-2019 1 9	1	9
Is there a difference in efficiency between this sort and reverse? Delta cites an example using sort - _time. Is there a difference in efficiency between this sort and reverse? by yuanliu SplunkTrust in Splunk Search 11-23-2019 1 3	1	3
Event count from 2 dates How do we get event count from 2 dates. Something like this - 2/11/18 3/11/18 4/1... by ataunk Explorer in Splunk Search 11-23-2019 1 8	1	8
Why do some events display date fields and other don't? Hi, I noticed that one of my custom feeds has date fields (date_hour, date_mday...), but other ones, which are nativ... by a212830 Champion in Splunk Search 11-23-2019 2 4	2	4
One Value from one field should compare every other value from other field and return the 3rd field value. Query: index=data_core sourcetype=data_log is_scheduled=1 \| rex max_match=0 field=search "savedsearch\s{0,}\"{1}(?(... by nomadichunters Explorer in Splunk Search 11-23-2019 0 5	0	5
How to query a lookup table based on time HI All I have a lookup table which is populated by a scheduled search once everyday. The lookup table looks like bel... by nirmalya2006 Path Finder in Splunk Search 11-23-2019 0 7	0	7
How to separate a search by groups of hosts? Hello! If I run this query, I'll get a graph of the # of queries over time aggregated for all of my hosts. host=* \|... by meleschi Explorer in Splunk Search 11-22-2019 0 4	0	4
Why is CSV data with multiple values in one cell parsing incorrectly? I'm trying to upload a CSV file into Splunk, however, it doesn't seem to parse it correctly for the multiple values f... by kimle Engager in Splunk Search 11-22-2019 0 3	0	3
How to extract substring in a string for eval case? Hi All, I have a field "CATEGORY3," with strings for example:- Log 1.2 Bundle With 12 INC Log 1.2 Bundle With 3 INC... by Chandras11 Communicator in Splunk Search 11-22-2019 0 5	0	5
Field extraction receiving error message Any time I try using the Extract Field option in an event list the next page returns this error: Error in 'rex' comm... by atatistcheff Explorer in Splunk Search 11-22-2019 0 7	0	7
Help with regex for field extraction Hi, I have a field value as below. These are all fixed positions all across. /COMPANY LOCATIONS/PA/PHILADELPHIA/AB... by mbasharat Builder in Splunk Search 11-22-2019 0 4	0	4
Escape a period in transforms regex to drop log? I'm collecting DNS logs and I'm trying to drop all logs with sub.domain.com as the query. In my transforms.conf I ha... by reswob4 Builder in Splunk Search 11-22-2019 0 3	0	3
How to disable location clustering of results on a map generated by the geostats command in Splunk 6.1? I have a geostats map in version 6.1 and I want to force it to NOT use clustering. I want to see an indicator for eac... by jasongori Explorer in Splunk Search 11-22-2019 4 12	4	12
Splunk rex help: regex for windows and unix path Hi, I am a newbie to SPL. I am trying to write a regex that will extract the unix/windows path from the full_log fiel... by hbustam8063 New Member in Splunk Search 11-22-2019 0 5	0	5
How to create a timechart that makes same search run for a different date range in a single chart I have a search string that runs a SQL search and returns two columns (items and count) from DB. I run this search o... by nkumar6 Explorer in Splunk Search 11-22-2019 0 4	0	4
How to convert Day Mon Date HH:mm:ss UTC Year to YYYY-MM-DD HH:MM:SS:Q Hi, I have a Timestamp field as Fri Nov 22 03:37:15 UTC 2019 and I want to convert into YYYY-MM-DD HH:MM:SS:6Q form... by gravi Explorer in Splunk Search 11-22-2019 0 3	0	3
IT Audit in full network, servers ?? Need to perform the full audit of all the network and servers. by raja8220 New Member in Splunk Search 11-22-2019 0 2	0	2
How to make search efficient with spath and regex How can I make this search efficient? earliest=-1m source="/var/log/aws/opsworks/opsworks-agent.statistics.log" hos... by vjzone Path Finder in Splunk Search 11-22-2019 0 8	0	8
How to search for a specific field Here is the output of my log message: {"line":"2019-11-21T22:09:29.982Z LCS LCE [abc-75] INFO i.r.queue.poller.S... by balash1979 Path Finder in Splunk Search 11-22-2019 0 4	0	4
How to add up the number of IPs in a row and output the count into a field within the same table Good morning to all, I want to add up the IPs in each row under the Affected_IPs field and output the count into the... by majek81 New Member in Splunk Search 11-22-2019 0 8	0	8
How to search against multiple elements I'm trying to capture occurrences when multiple criteria are true in an event where elements can exist multiple times... by 47024 New Member in Splunk Search 11-22-2019 0 4	0	4
Inconsistent Count result Original Search sourcetype=xxx \| dedup user \| timechart span=1d count(user) I found that the results are different ... by kcchu01 Explorer in Splunk Search 11-22-2019 0 3	0	3